[strongSwan-dev] Patch proposal: set the replay window only on inbound SA
Emeric POUPON
emeric.poupon at stormshield.eu
Fri Jun 17 17:07:06 CEST 2016
Hello,
Do you known why exactly it is rejected?
Maybe another simple way would be to set the default replay window on outbound SA?
Emeric
----- Original Message -----
From: "Tobias Brunner" <tobias at strongswan.org>
To: dev at lists.strongswan.org
Sent: Friday, 17 June, 2016 15:50:18
Subject: Re: [strongSwan-dev] Patch proposal: set the replay window only on inbound SA
Hi Emeric,
> Seems like [1] would fix this for all kernel
> backends that don't know if an SA is inbound or not equally.
It's actually problematic on Linux if extended sequence numbers are
used. The kernel rejects the SA if the window is 0 in that case. So I
guess it's easier to disable the replay window for outbound SAs in the
individual kernel plugins.
Regards,
Tobias
_______________________________________________
Dev mailing list
Dev at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
More information about the Dev
mailing list