Il gio, 2002-07-04 alle 21:06, Andreas Steffen ha scritto:
> How large is your UDP datagram containing the certificate?
> Larger than 1500 bytes so that you experience IP fragmenting?
Yes, there's fragmentation.
> The only difference between working with raw RSA keys and
> X.509 certificates is to my knowledge the fact that the
> certificate is transmitted during IKE Main Mode, resulting
> in large packets.
>
> Can you send me a complete tcpdump of the IKE negotiation
> with X.509 certificates?
>
You can find them attached. They're in raw format, the file named
"tcpdump_ipsec_open_filters.raw" is the log of a successfully connection
obtained bringing down the udp filters. The other is the log of an
unsuccessfully connection, with udp filters up.
> Regards
>
> Andreas
>
> ======================================================================
> Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
> strongSec GmbH phone: +41 76 340 25 56
> Alter Zürichweg 20 home: http://www.strongsec.com
> CH-8952 Schlieren (Switzerland)
> ==========================================[strong internet security]==
-- Andrea Dell'Amico - Link s.r.l. <http://www.link.it>
_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:18 CEST