[ovs-dev] [PATCH] ovs-monitor-ipsec: Allow IKE fragmentation

Justin Pettit jpettit at nicira.com
Thu Apr 28 04:18:59 UTC 2011


Thanks for the quick review!  Pushed.

--Justin


On Apr 27, 2011, at 7:31 PM, Andrew Evans wrote:

> Looks good to me.
> 
> On Apr 27, 2011 7:14 PM, "Justin Pettit" <jpettit at nicira.com> wrote:
> > Some (broken) firewalls do not properly pass UDP fragments, which will
> > prevent IKE from completing. This commit enables the racoon option to
> > allow application-level fragmenting and allow security associations to
> > be created.
> > ---
> > debian/ovs-monitor-ipsec | 1 +
> > 1 files changed, 1 insertions(+), 0 deletions(-)
> > 
> > diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
> > index febd569..0a97c88 100755
> > --- a/debian/ovs-monitor-ipsec
> > +++ b/debian/ovs-monitor-ipsec
> > @@ -83,6 +83,7 @@ path certificate "%s";
> > cert_entry = """remote %s {
> > exchange_mode main;
> > nat_traversal on;
> > + ike_frag on;
> > certificate_type x509 "%s" "%s";
> > my_identifier asn1dn;
> > peers_identifier asn1dn;
> > -- 
> > 1.7.1
> > 
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org
> > http://openvswitch.org/mailman/listinfo/dev




More information about the dev mailing list