During connection attempts of a Windows 7 client by IKEv1 in transport mode, I see the following:
... [NET] <L2TP/IPsec-PSK|1> received packet: from Y.Y.Y.Y[4500] to X.X.X.X[4500] (284 bytes) [ENC] <L2TP/IPsec-PSK|1> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ] [IKE] <L2TP/IPsec-PSK|1> received 250000000 lifebytes, configured 0 [ENC] <L2TP/IPsec-PSK|1> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ] ... It takes about 1 or 2 seconds up to the 250 Million lifebytes message. Doesn't sound quite reasonable, 1-2 GiBit/s over a 100 Mbit line, does it? Does "configured 0" mean that all these lifebytes were useless? A same connection attempt using Mac OS X gives in this phase: [NET] <L2TP/IPsec-PSK|1> received packet: from Y.Y.Y.Y[4500] to X.X.X.X[4500] (316 bytes) [ENC] <L2TP/IPsec-PSK|1> parsed QUICK_MODE request 2983414279 [ HASH SA No ID ID NAT-OA NAT-OA ] [ENC] <L2TP/IPsec-PSK|1> generating QUICK_MODE response 2983414279 [ HASH SA No ID ID NAT-OA NAT-OA ] The Mac doesn't seem to send any useless lifebytes, and this turns out to work much better. Is it possible to teach Windows 7 somehow to send its useless lifebytes to somewhere else, or perhaps send at least 1 useful lifebyte and let charon dump only 2499999999 useless bytes? Best regards Rolf _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
