Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] fragmentation

From: Stephen J Bevan (stephen_at_etunnels.com)
Date: Tue Jul 16 2002 - 18:53:24 CEST

Next message: Sam Sgro: "Re: [Users] invalid section name "setup""
Previous message: Stephen J Bevan: "[Users] IPSEC routing trouble"
In reply to: Shishir Mondal: "[Users] fragmentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Shishir Mondal writes:
> I got one inter-operatibility issue with FreeSwan IPSec and my
> IPSec. I saw, if I ping larger packets fragmented across multiple
> ethernet packets, it gives authentication error. (last few bytes
> changed in the signature). Well, I will debug my code, :-P, but if any
> info on the freeswan setting which can lead to this problem ?

What gives an authentication error, FreeS/WAN or your IPsec?
During the course of some work I've tested 1600 byte pings over an
IPsec tunnel mode connection to FreeS/WAN from OpenBSD, FreeBSD,
Solaris, Windows and FreeS/WAN. In all cases the (FreeS/WAN) receiver
correctly re-assembled and decrypted the packets. I haven't tried
with larger packets which would require more than two fragments so
perhaps that explains the difference in our results?
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Sam Sgro: "Re: [Users] invalid section name "setup""
Previous message: Stephen J Bevan: "[Users] IPSEC routing trouble"
In reply to: Shishir Mondal: "[Users] fragmentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:23 CEST