From: Justin Pettit <jpettit@nicira.com>
Date: Wed, 27 Apr 2011 15:46:38 +0000 (-0700)
Subject: ovs-monitor-ipsec: Allow IKE fragmentation
X-Git-Tag: v1.1.1~11
X-Git-Url: http://git.onelab.eu/?p=sliver-openvswitch.git;a=commitdiff_plain;h=fcbd99e69cb74ba1775ab5dc2f62988ba5194e5c

ovs-monitor-ipsec: Allow IKE fragmentation

Some (broken) firewalls do not properly pass UDP fragments, which will
prevent IKE from completing.  This commit enables the racoon option to
allow application-level fragmenting and allow security associations to
be created.
---

diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
index febd5691d..0a97c88dc 100755
--- a/debian/ovs-monitor-ipsec
+++ b/debian/ovs-monitor-ipsec
@@ -83,6 +83,7 @@ path certificate "%s";
     cert_entry = """remote %s {
         exchange_mode main;
         nat_traversal on;
+        ike_frag on;
         certificate_type x509 "%s" "%s";
         my_identifier asn1dn;
         peers_identifier asn1dn;