vici: Enable IKE fragmentation by default

diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 224a51923b50949eceed96198d543c586067c70c..2110fd31d0cd1ca60673dcbe550a69276a03cb34 100644 (file)
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -1980,7 +1980,7 @@ CALLBACK(config_sn, bool,
                .send_cert = CERT_SEND_IF_ASKED,
                .version = IKE_ANY,
                .remote_port = IKEV2_UDP_PORT,
-               .fragmentation = FRAGMENTATION_NO,
+               .fragmentation = FRAGMENTATION_YES,
                .unique = UNIQUE_NO,
                .keyingtries = 1,
                .rekey_time = LFT_UNDEFINED,

diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index 2a4f5a789add5a44a700eeb2d966c1126f23d23b..c4d9f86d6806a80505f56cbdc9e730fc71ad1bf1 100644 (file)
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -139,12 +139,12 @@ connections.<conn>.dpd_timeout = 0s
        checking. For compatibility reasons, with IKEv1 a custom interval may be
        specified; this option has no effect on connections using IKE2.
 
-connections.<conn>.fragmentation = no
+connections.<conn>.fragmentation = yes
        Use IKE UDP datagram fragmentation.  (_yes_, _no_ or _force_).
 
        Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
-       fragmentation).  Acceptable  values  are _yes_, _force_ and _no_ (the
-       default). Fragmented IKE messages sent by a peer are always accepted
+       fragmentation).  Acceptable  values  are _yes_ (the     default), _force_ and
+       _no_. Fragmented IKE messages sent by a peer are always accepted
        irrespective of  the  value  of  this option. If set to _yes_, and the peer
        supports it, oversized IKE messages will be sent in fragments.  If set  to
        _force_  (only  supported  for IKEv1) the initial IKE message will already