On Tue, Jun 02, 2015 at 12:45:29AM +0300, Tuomo Soini wrote: > I agree that 10s is too short a time when older Libreswan and openswan > default to 20s first retry. But 60s sounds like a very long a time for > me. > > Should that be something like 30 to 40 seconds instead?
the reason I choose 60 is, it is on responder. You can be more accommodating on responder. If the fear is DDOS, the difference between 60 and 40 is probably more like a bandaid. You may need more sophisticated knobs fight a real DDOS. It can be changed later too. However, if there is a strong feeling it should less, lets go for 42:) -antony _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
