services.strongswan-swanctl.swanctl.connections.<name>.fragmentation
Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation). Acceptable values are yes (the default
since 5.5.1), accept (since versions:5.5.3),
force and no.
- If set to
yes, and the peer supports it, oversized IKE messages will be sent in fragments. - If set to
accept, support for fragmentation is announced to the peer but the daemon does not send its own messages in fragments. - If set to
force(only supported for IKEv1) the initial IKE message will already be fragmented if required. - Finally, setting the option to
nowill disable announcing support for this feature.
Note that fragmented IKE messages sent by a peer are always processed irrespective of the value of this option (even when set to no).
StrongSwan default: "yes"
- Type
null or one of "yes", "accept", "force", "no"- Default
null- Declared
- <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>