Hi Noel, > When my desktop is under high network load (everything over 50 Mbit), > I can't initiate new TCP connections over the VPN, nor send UDP or ICMP > packets.
For the local traffic you generate, do you see corresponding ESP packets leaving your host? Do you see associated ESP packets carrying reply messages? > The errors shown in nstat (or netstat -s) increment dramatically when > that happens. Do you see any errors in /proc/net/xfrm_stat? What is your kernel version? > I already tried incrementing the replay window to over 32, but > strongSwan just sets it to 0, if I try that. To configure larger replay windows, charon uses the newer ESN replay windows configuration Netlink attribute. AFAIK that is not supported in the "ip" tool, hence it falsely reports 0 as replay window for such SAs. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
