I will double check the kernel sources and update the man page if needed. Thanks,
Paul Sent from my iPhone > On Jul 31, 2016, at 9:28 PM, Jobst Schmalenbach <[email protected]> wrote: > > Paul > > you might want to update the manuals if you say that 128 is possible: > In https://libreswan.org/man/spi.8.html it is written: > > --replay_window replayw > sets the replay window size; valid values are decimal, 1 to 64 > > > > Jobst > > > > > Helping people and businesses sell better > <barrett_everybodylives_black.png> > Jobst Schmalenbach > General Manager and Geek > P +61 3 9533 0000 > M +61 411 611 855 > E [email protected] > W www.barrett.com.au > Sales Training, Sales Consulting, Coaching, Assessments <blog.png> > <linkedin.png> <twitter.png> <facebook.png> > Consider the environment before printing this email, please. >> On 01/08/2016 02:12, Paul Wouters wrote: >> Try libreswan-3.18 with replay-window=64 (or 128) >> >> Paul >> >> Sent from my iPhone >> >>> On Jul 27, 2016, at 11:09, Renzo Dani <[email protected]> wrote: >>> >>> Hi, >>> we have a vpn tunnel between two offices, both have an internet connection >>> of 100Mbps. >>> Time to time we have serious issue with very poor bandwidth, the problem is >>> not always present, some time we are experience a good bandwidth on the vpn >>> too. >>> So we are currently not able to identify the problem, we already contact >>> the two Internet service providers but they simply reply they cannot >>> identify any issue on their network. >>> >>> Iperf between the two vpn gateways using the tunnel (during problem occurs) >>> [ ID] Interval Transfer Bandwidth >>> [ 5] 0.00-1.00 sec 215 KBytes 1.76 Mbits/sec >>> [ 5] 1.00-2.00 sec 195 KBytes 1.60 Mbits/sec >>> [ 5] 2.00-3.00 sec 112 KBytes 920 Kbits/sec >>> [ 5] 3.00-4.00 sec 115 KBytes 942 Kbits/sec >>> [ 5] 4.00-5.00 sec 55.5 KBytes 454 Kbits/sec >>> [ 5] 5.00-6.00 sec 44.7 KBytes 366 Kbits/sec >>> [ 5] 6.00-7.00 sec 134 KBytes 1.10 Mbits/sec >>> [ 5] 7.00-8.00 sec 108 KBytes 887 Kbits/sec >>> [ 5] 8.00-9.00 sec 83.9 KBytes 687 Kbits/sec >>> [ 5] 9.00-10.00 sec 100 KBytes 821 Kbits/sec >>> [ 5] 10.00-10.03 sec 8.12 KBytes 2.02 Mbits/sec >>> - - - - - - - - - - - - - - - - - - - - - - - - - >>> [ ID] Interval Transfer Bandwidth >>> [ 5] 0.00-10.03 sec 0.00 Bytes 0.00 bits/sec sender >>> [ 5] 0.00-10.03 sec 1.14 MBytes 957 Kbits/sec >>> receiver >>> >>> Iperf between the two vpn gateways using public internet ips at the same >>> time as before >>> [ ID] Interval Transfer Bandwidth >>> [ 5] 0.00-1.00 sec 9.50 MBytes 79.7 Mbits/sec >>> [ 5] 1.00-2.00 sec 11.2 MBytes 93.6 Mbits/sec >>> [ 5] 2.00-3.00 sec 11.0 MBytes 92.5 Mbits/sec >>> [ 5] 3.00-4.00 sec 11.1 MBytes 93.5 Mbits/sec >>> [ 5] 4.00-5.00 sec 11.2 MBytes 93.6 Mbits/sec >>> [ 5] 5.00-6.00 sec 11.2 MBytes 93.7 Mbits/sec >>> [ 5] 6.00-7.00 sec 11.2 MBytes 93.7 Mbits/sec >>> [ 5] 7.00-8.00 sec 11.2 MBytes 94.0 Mbits/sec >>> [ 5] 8.00-9.00 sec 11.2 MBytes 93.9 Mbits/sec >>> [ 5] 9.00-10.00 sec 11.2 MBytes 93.8 Mbits/sec >>> [ 5] 10.00-10.04 sec 510 KBytes 93.6 Mbits/sec >>> - - - - - - - - - - - - - - - - - - - - - - - - - >>> [ ID] Interval Transfer Bandwidth >>> [ 5] 0.00-10.04 sec 0.00 Bytes 0.00 bits/sec sender >>> [ 5] 0.00-10.04 sec 110 MBytes 92.2 Mbits/sec >>> receiver >>> >>> >>> >>> Our config: >>> >>> config setup >>> nat_traversal=yes >>> oe=off >>> protostack=netkey >>> uniqueids=no >>> >>> conn our_vpn >>> authby=secret >>> disablearrivalcheck=no >>> .... >>> # PHASE 1 >>> aggrmode=no >>> ike=aes256-sha2_256;modp3072 >>> ikelifetime=8h >>> # PHASE 2 >>> type=tunnel >>> phase2=esp >>> phase2alg=aes-256-sha2_256;modp3072 >>> salifetime=2h >>> pfs=yes >>> auto=start >>> >>> >>> Thanks for any help/suggestion >>> >>> Renzo >>> >>> _______________________________________________ >>> Swan mailing list >>> [email protected] >>> https://lists.libreswan.org/mailman/listinfo/swan >> _______________________________________________ >> Swan mailing list >> [email protected] >> https://lists.libreswan.org/mailman/listinfo/swan >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
