ovs-monitor-ipsec: Allow IKE fragmentation

Some (broken) firewalls do not properly pass UDP fragments, which will prevent IKE from completing. This commit enables the racoon option to allow application-level fragmenting and allow security associations to be created.
author: Justin Pettit <jpettit@nicira.com> 2011-04-27 08:46:38 -0700
committer: Ben Pfaff <blp@nicira.com> 2011-04-29 14:32:01 -0700
commit: fcbd99e69cb74ba1775ab5dc2f62988ba5194e5c (patch)
tree: 905f186b24ebc8db2763c1ddde34748af3cb2fd0
parent: deb69d98fc6039114d07db9488bdc497365b1c7d (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
index febd5691..0a97c88d 100755
--- a/debian/ovs-monitor-ipsec
+++ b/debian/ovs-monitor-ipsec
@@ -83,6 +83,7 @@ path certificate "%s";
     cert_entry = """remote %s {
         exchange_mode main;
         nat_traversal on;
+        ike_frag on;
         certificate_type x509 "%s" "%s";
         my_identifier asn1dn;
         peers_identifier asn1dn;
author	Justin Pettit <jpettit@nicira.com>	2011-04-27 08:46:38 -0700
committer	Ben Pfaff <blp@nicira.com>	2011-04-29 14:32:01 -0700
commit	fcbd99e69cb74ba1775ab5dc2f62988ba5194e5c (patch)
tree	905f186b24ebc8db2763c1ddde34748af3cb2fd0
parent	deb69d98fc6039114d07db9488bdc497365b1c7d (diff)