Menu
▾
▴
[Ipsec-tools-devel] Racoon and IKE Fragmentation
|
From: Matthew G. <mg...@sh...> - 2006-03-09 17:14:34
|
All,
I have a few quick questions about inter-operating with racoons
IKE fragmentation option. First of all, does anyone know of an paper
that describes this as a draft or a standard? I can't seem to google it.
Anyhow, when racoon uses a Fragmentation vendor id that includes
the 4 byte capabilities value appended, I get this in the log output ...
received broken Microsoft ID: FRAGMENTATION
... and racoon _will_ perform fragmentation.
But when only the vendor hash itself is received without the capability
value, I get this in the log output ...
received Vendor ID: FRAGMENTATION
... and racoon _will_not_ perform fragmentation nor will it reply with a
"FRAGMENTATION" vendor id of its own.
The first log message looks a lot more like an error to me than
the second one does. Is this the desired effect? Should fragmentation
work in both cases? Is there a non "broken-microsoft-id" method to coax
racoon into performing ike fragmentation? Is this just really confusing
log output?
Thanks in advance,
-Matthew
|