[strongSwan-dev] Patch proposal: set the replay window only on inbound SA

[Tobias Brunner]

Hi Emeric,

> Seems like [1] would fix this for all kernel
> backends that don't know if an SA is inbound or not equally.

It's actually problematic on Linux if extended sequence numbers are
used.  The kernel rejects the SA if the window is 0 in that case.  So I
guess it's easier to disable the replay window for outbound SAs in the
individual kernel plugins.

Regards,
Tobias