Large certificates or UDP fragmentation can cause IKE negotiation to fail on RHEL 6

Solution Verified - Updated -

Issue

IPsec connections can not be established if the client is behind a device that rejects fragmented UDP packets and large X.509 certificates (>1024 bits) are used for authentication. This issue can also be seen when using very poor quality, lossy connections.

Environment

Red Hat Enterprise Linux (RHEL) 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.