Is IKE Fragmentation (https://tools.ietf.org/html/rfc7383) on the roadmap for ROS?
Sending 2-4K sized IKE_AUTH messages in both directions without IKE Fragmentation can be tricky:
- IP Fragments must work
- sometimes PMTUD is also required
- setting custom tunnel MTUs has no effect at this early stage
StrongSwan support: https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
Windows support: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/d8a25c6b-a726-4ebe-8b33-c5c486647247