From: Justin Pettit Date: Wed, 27 Apr 2011 15:46:38 +0000 (-0700) Subject: ovs-monitor-ipsec: Allow IKE fragmentation X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73976ebdb054d1a5a2fedb925304b5e0956c20d1;p=openvswitch ovs-monitor-ipsec: Allow IKE fragmentation Some (broken) firewalls do not properly pass UDP fragments, which will prevent IKE from completing. This commit enables the racoon option to allow application-level fragmenting and allow security associations to be created. --- diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec index febd5691..0a97c88d 100755 --- a/debian/ovs-monitor-ipsec +++ b/debian/ovs-monitor-ipsec @@ -83,6 +83,7 @@ path certificate "%s"; cert_entry = """remote %s { exchange_mode main; nat_traversal on; + ike_frag on; certificate_type x509 "%s" "%s"; my_identifier asn1dn; peers_identifier asn1dn;