diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-07-18 15:01:07 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-10-04 10:08:21 +0200 |
| commit | 0642f42bbeda7686f7e5691ced527a644996b330 (patch) | |
| tree | bc9519d8ade7de1ece6f6338e3a5f0cb41cbd64d /conf | |
| parent | 6b2814ab0e254c88a1816c1690e35bda505a0f34 (diff) | |
| download | strongswan-0642f42bbeda7686f7e5691ced527a644996b330.tar.bz2 strongswan-0642f42bbeda7686f7e5691ced527a644996b330.tar.xz | |
ike: Set default IKE fragment size to 1280
This is the minimum size an IPv6 implementation must support. This makes
it the default for IPv4 too, which presumably is also generally routable
(otherwise, setting this to 0 falls back to the minimum of 576 for IPv4).
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/options/charon.opt | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 3970012d2..04e099e12 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -100,11 +100,12 @@ charon.flush_auth_cfg = no charon.follow_redirects = yes Whether to follow IKEv2 redirects (RFC 5685). -charon.fragment_size = 0 +charon.fragment_size = 1280 Maximum size (complete IP datagram size in bytes) of a sent IKE fragment - when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for - address family specific default values). If specified this limit is used - for both IPv4 and IPv6. + when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults + to 1280 (use 0 for address family specific default values, which uses a + lower value for IPv4). If specified this limit is used for both IPv4 and + IPv6. charon.group Name of the group the daemon changes to after startup. |