diff options
author | Justin Pettit <jpettit@nicira.com> | 2011-04-27 08:46:38 -0700 |
---|---|---|
committer | Ben Pfaff <blp@nicira.com> | 2011-04-29 14:32:01 -0700 |
commit | fcbd99e69cb74ba1775ab5dc2f62988ba5194e5c (patch) | |
tree | 905f186b24ebc8db2763c1ddde34748af3cb2fd0 | |
parent | deb69d98fc6039114d07db9488bdc497365b1c7d (diff) |
ovs-monitor-ipsec: Allow IKE fragmentation
Some (broken) firewalls do not properly pass UDP fragments, which will
prevent IKE from completing. This commit enables the racoon option to
allow application-level fragmenting and allow security associations to
be created.
-rwxr-xr-x | debian/ovs-monitor-ipsec | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec index febd5691..0a97c88d 100755 --- a/debian/ovs-monitor-ipsec +++ b/debian/ovs-monitor-ipsec @@ -83,6 +83,7 @@ path certificate "%s"; cert_entry = """remote %s { exchange_mode main; nat_traversal on; + ike_frag on; certificate_type x509 "%s" "%s"; my_identifier asn1dn; peers_identifier asn1dn; |