FYI ...

On 1 February 2018 at 11:37, Paul Wouters <> wrote:
> On Thu, 1 Feb 2018, D. Hugh Redelmeier wrote:
>> - several failures that were only IKE retransmissions.  Just ignore them.
>>  But a bit weird when IMPAIR_RETRANSMITS is set.
> can happen in IKEv1 were both ends retransmit?

There seems to be two reasons for suppressing re-transmits:

- the connection is expected to fail, so speed things up with a quick
timeout.   --impair retransmits does this by aborting the connection
when the first re-transmit timeout expires

- the connection is expected to succeed but crypto might make it slow;
hence wait the full timeout but don't send intervening re-transmits.
--impair send-no-retransmits (new) does this (up until now we've used
'retransmit-interval=15000 # slow retransmits')

Tests often use the former when the intent seems to be the latter.

Swan-dev mailing list

Reply via email to