On Thu, 20 Jul 2017, Craig Marker wrote:
Subject: Re: [Swan] TX/RX Errors on IPsec VTI
I’ve yet to catch the TX errors in the wild, but the RX errors happen when
large amounts of TCP traffic are going across the tunnel. They don’t
appear to be aligned with restart/rekey.
XfrmInNoStates 1
XfrmInStateSeqError 3337
XfrmOutNoStates 1757
Have you tried replay-window=64 or replay-window=0 ?
Zero disables replay protection, but would prevent packet drops for out
of order packets, 64 would increase the number of packets stored for
reordering before giving up.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
