From 73976ebdb054d1a5a2fedb925304b5e0956c20d1 Mon Sep 17 00:00:00 2001 From: Justin Pettit Date: Wed, 27 Apr 2011 08:46:38 -0700 Subject: [PATCH] ovs-monitor-ipsec: Allow IKE fragmentation Some (broken) firewalls do not properly pass UDP fragments, which will prevent IKE from completing. This commit enables the racoon option to allow application-level fragmenting and allow security associations to be created. --- debian/ovs-monitor-ipsec | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec index febd5691..0a97c88d 100755 --- a/debian/ovs-monitor-ipsec +++ b/debian/ovs-monitor-ipsec @@ -83,6 +83,7 @@ path certificate "%s"; cert_entry = """remote %s { exchange_mode main; nat_traversal on; + ike_frag on; certificate_type x509 "%s" "%s"; my_identifier asn1dn; peers_identifier asn1dn; -- 2.30.2