From 0642f42bbeda7686f7e5691ced527a644996b330 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 18 Jul 2016 15:01:07 +0200 Subject: ike: Set default IKE fragment size to 1280 This is the minimum size an IPv6 implementation must support. This makes it the default for IPv4 too, which presumably is also generally routable (otherwise, setting this to 0 falls back to the minimum of 576 for IPv4). --- conf/options/charon.opt | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'conf') diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 3970012d2..04e099e12 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -100,11 +100,12 @@ charon.flush_auth_cfg = no charon.follow_redirects = yes Whether to follow IKEv2 redirects (RFC 5685). -charon.fragment_size = 0 +charon.fragment_size = 1280 Maximum size (complete IP datagram size in bytes) of a sent IKE fragment - when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for - address family specific default values). If specified this limit is used - for both IPv4 and IPv6. + when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults + to 1280 (use 0 for address family specific default values, which uses a + lower value for IPv4). If specified this limit is used for both IPv4 and + IPv6. charon.group Name of the group the daemon changes to after startup. -- cgit v1.2.3