[ previous ] [ next ] [ threads ]
 From:  "Marek Läll" <marek dot lall at neti dot ee>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  VPN; 1.3b2; supported RSA key size?
 Date:  Tue, 27 Feb 2007 23:20:39 +0200

Does anybody know (max) supported key size for certificates/keys to use VPN?

I tried (1.3b2) certificates/keys with size 1024 bit and 2048 bit.
They worked. At least vpn started and ping to remote site worked.

certificate/key with size 3072 bit and 4096 bit did not work.
Even channel did not go up.
It was strange that firewall (monowall) started to drop UDP packets:

ipmon[93]: 13:52:34.099331 ng0 @0:21 b 84.xx.30.xx -> 213.xx.251.xx PR udp
len 20 (756) (frag 1260:736@744+) IN

I also tried to check:
    "Allow fragmented IPsec packets"

but it did not change the behaviour.

Any comments. Is the limit 2048 bit keys/certificates OR there is anything I

thank you,