[ovs-dev] [PATCH] ovs-monitor-ipsec: Allow IKE fragmentation
Andrew Evans
aevans at nicira.com
Thu Apr 28 02:31:27 UTC 2011
Looks good to me.
On Apr 27, 2011 7:14 PM, "Justin Pettit" <jpettit at nicira.com> wrote:
> Some (broken) firewalls do not properly pass UDP fragments, which will
> prevent IKE from completing. This commit enables the racoon option to
> allow application-level fragmenting and allow security associations to
> be created.
> ---
> debian/ovs-monitor-ipsec | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
> index febd569..0a97c88 100755
> --- a/debian/ovs-monitor-ipsec
> +++ b/debian/ovs-monitor-ipsec
> @@ -83,6 +83,7 @@ path certificate "%s";
> cert_entry = """remote %s {
> exchange_mode main;
> nat_traversal on;
> + ike_frag on;
> certificate_type x509 "%s" "%s";
> my_identifier asn1dn;
> peers_identifier asn1dn;
> --
> 1.7.1
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-dev/attachments/20110427/5abab4de/attachment-0003.html>
More information about the dev
mailing list