-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Martin,
No, I don't see ESP packets for my local traffic leaving my host. /proc/net/xfrm_stat doesn't exist on this host, but the modules are all loaded. The kernel version is 3.10.45. (Sorry for the duplicate email. I only noticed my error when it was already too late) Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 02.07.2014 15:15, schrieb Martin Willi: > Hi Noel, > >> When my desktop is under high network load (everything over 50 Mbit), >> I can't initiate new TCP connections over the VPN, nor send UDP or ICMP >> packets. > > For the local traffic you generate, do you see corresponding ESP packets > leaving your host? Do you see associated ESP packets carrying reply > messages? > >> The errors shown in nstat (or netstat -s) increment dramatically when >> that happens. > > Do you see any errors in /proc/net/xfrm_stat? > > What is your kernel version? > >> I already tried incrementing the replay window to over 32, but >> strongSwan just sets it to 0, if I try that. > > To configure larger replay windows, charon uses the newer ESN replay > windows configuration Netlink attribute. AFAIK that is not supported in > the "ip" tool, hence it falsely reports 0 as replay window for such SAs. > > Regards > Martin > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTtB35AAoJEDg5KY9j7GZYnbMP/1U69qjo5DtkgdtcUCFIAGV0 rwpsmRZLg2v08HZIOGxBmdY+rrFV82XE6FiMoHU+RA9d2v9pzihB1h+1j+smIZmU fMgt3++o5s+2XHU643oTkSoWCxbKWGM8mgOcqfNTOiLiNsGGYrvDqSVxf0aVB4lY akoNnBll0WNp387G/7x0w1pzuo+sK47vUWGXmQ7vys99WklXWYKukyuLV3tgK49P ifmV8JcvkixWvBzyVdsAWhBmmbcQuLUoyAyuwF5gbbYg5P7s/gZPcfxsy+L0g70D ZY7pNs0TIUgGOtseE1H2ftcMMHHjJ6fJPQ9rAeB3gJDcs2+YwXquvi5QX1l9AJ8n LAbvRzqGfAZAQrAvejizHlbynwS0X124DTNHW2LvHiFmJ0vMDMUPmbjtT9Cjtqyh pxQDdroPUxu+TuTSWpjEdVPepX3M2O0YFd3tztjcMFsZF359ZpuNnDcq3xDLHtCZ qexfA6gkLwKKrbGBW7OODG1wH5sx8BOii5U+OrOtDVCUANmgFGkyTv8RpvNIpxqO hm/ahwsjs4rjK2tRLnIZZQHqbSd26sdyla3uoN+5WCRlPLGywRYs0wkehIjJPaij 1XjBEkvgx+TzbTSQ0CemBF0Q9hquBXxI1rWuCYXFs2W02ga+TKMqKbpYWASph1bX 3aVovpL/aj/YDy62ckVM =wZzh -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
