Paul
you might want to update the manuals if you say that 128 is possible:
In https://libreswan.org/man/spi.8.html it is written:
--replay_window replayw
sets the replay window size; valid values are decimal, 1 to 64
Jobst
Helping people and businesses sell better
BARRETT Everybody Lives By Selling Something <http://www.barrett.com.au/>
*Jobst Schmalenbach*
General Manager and Geek
*P* +61 3 9533 0000
*M* +61 411 611 855
*E* [email protected] <mailto:[email protected]>
*W* www.barrett.com.au <http://www.barrett.com.au>
Sales Training <http://www.barrett.com.au/sales-training.html>,
Sales Consulting <http://www.barrett.com.au/sales-consulting.html>, Coaching
<http://www.barrett.com.au/coaching.html>, Assessments
<http://www.barrett.com.au/assessments.html> Barrett Sales Blog
<http://salesblog.barrett.com.au/> Linkedin
<http://www.linkedin.com/groups?mostPopular=&gid=3672003> Sue Barrett Twitter
<https://twitter.com/#%21/barrettconsult> Barrett-Consulting-Facebook
<https://www.facebook.com/pages/Barrett-Consulting-Group/217319694964184>
Consider the environment before printing this email, please.
On 01/08/2016 02:12, Paul Wouters wrote:
Try libreswan-3.18 with replay-window=64 (or 128)
Paul
Sent from my iPhone
On Jul 27, 2016, at 11:09, Renzo Dani <[email protected]> wrote:
Hi,
we have a vpn tunnel between two offices, both have an internet connection of
100Mbps.
Time to time we have serious issue with very poor bandwidth, the problem is not
always present, some time we are experience a good bandwidth on the vpn too.
So we are currently not able to identify the problem, we already contact the
two Internet service providers but they simply reply they cannot identify any
issue on their network.
Iperf between the two vpn gateways using the tunnel (during problem occurs)
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-1.00 sec 215 KBytes 1.76 Mbits/sec
[ 5] 1.00-2.00 sec 195 KBytes 1.60 Mbits/sec
[ 5] 2.00-3.00 sec 112 KBytes 920 Kbits/sec
[ 5] 3.00-4.00 sec 115 KBytes 942 Kbits/sec
[ 5] 4.00-5.00 sec 55.5 KBytes 454 Kbits/sec
[ 5] 5.00-6.00 sec 44.7 KBytes 366 Kbits/sec
[ 5] 6.00-7.00 sec 134 KBytes 1.10 Mbits/sec
[ 5] 7.00-8.00 sec 108 KBytes 887 Kbits/sec
[ 5] 8.00-9.00 sec 83.9 KBytes 687 Kbits/sec
[ 5] 9.00-10.00 sec 100 KBytes 821 Kbits/sec
[ 5] 10.00-10.03 sec 8.12 KBytes 2.02 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-10.03 sec 0.00 Bytes 0.00 bits/sec sender
[ 5] 0.00-10.03 sec 1.14 MBytes 957 Kbits/sec receiver
Iperf between the two vpn gateways using public internet ips at the same time
as before
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-1.00 sec 9.50 MBytes 79.7 Mbits/sec
[ 5] 1.00-2.00 sec 11.2 MBytes 93.6 Mbits/sec
[ 5] 2.00-3.00 sec 11.0 MBytes 92.5 Mbits/sec
[ 5] 3.00-4.00 sec 11.1 MBytes 93.5 Mbits/sec
[ 5] 4.00-5.00 sec 11.2 MBytes 93.6 Mbits/sec
[ 5] 5.00-6.00 sec 11.2 MBytes 93.7 Mbits/sec
[ 5] 6.00-7.00 sec 11.2 MBytes 93.7 Mbits/sec
[ 5] 7.00-8.00 sec 11.2 MBytes 94.0 Mbits/sec
[ 5] 8.00-9.00 sec 11.2 MBytes 93.9 Mbits/sec
[ 5] 9.00-10.00 sec 11.2 MBytes 93.8 Mbits/sec
[ 5] 10.00-10.04 sec 510 KBytes 93.6 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-10.04 sec 0.00 Bytes 0.00 bits/sec sender
[ 5] 0.00-10.04 sec 110 MBytes 92.2 Mbits/sec receiver
Our config:
config setup
nat_traversal=yes
oe=off
protostack=netkey
uniqueids=no
conn our_vpn
authby=secret
disablearrivalcheck=no
....
# PHASE 1
aggrmode=no
ike=aes256-sha2_256;modp3072
ikelifetime=8h
# PHASE 2
type=tunnel
phase2=esp
phase2alg=aes-256-sha2_256;modp3072
salifetime=2h
pfs=yes
auto=start
Thanks for any help/suggestion
Renzo
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
