FYI ... On 1 February 2018 at 11:37, Paul Wouters <[email protected]> wrote: > On Thu, 1 Feb 2018, D. Hugh Redelmeier wrote: > >> - several failures that were only IKE retransmissions. Just ignore them. >> But a bit weird when IMPAIR_RETRANSMITS is set. > > > can happen in IKEv1 were both ends retransmit?
There seems to be two reasons for suppressing re-transmits: - the connection is expected to fail, so speed things up with a quick timeout. --impair retransmits does this by aborting the connection when the first re-transmit timeout expires - the connection is expected to succeed but crypto might make it slow; hence wait the full timeout but don't send intervening re-transmits. --impair send-no-retransmits (new) does this (up until now we've used 'retransmit-interval=15000 # slow retransmits') Tests often use the former when the intent seems to be the latter. Andrew _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
