[strongSwan] Setting of NATTKeepaliveTimer and IPsecWindowSize.

Tobias Brunner tobias at strongswan.org
Thu Oct 7 18:15:26 CEST 2010


Hi Jessie,

the keep-alive interval can actually be configured, although, not on a
per-connection basis, by setting the charon.keep_alive option in
strongswan.conf.  Regarding the IPsecWindowSize option, keep in mind
that the maximum window size currently supported by the Linux kernel is
32, which is what strongSwan configures, by default.

As for adding options to ipsec.conf, you would have to change quite a
lot of code.  First there is the parsing in starter, then you would have
to add the options to stroke and to one of the config objects in
libcharon and then finally use them wherever appropriate, which would
probably require additional changes (e.g. additional parameters in the
kernel interface).  Therefore, for daemon wide options it's a lot easier
to just add them to strongswan.conf, which basically means you read the
options wherever you actually need them.  As an example, you can see how
charon.keep_alive is read and used in src/libcharon/sa/ike_sa.c.

Regards,
Tobias

Jessie Liu wrote:
> Hi all,
>       I'd like to add setting the two parameters NATTKeepaliveTimer and
> IPsecWindowSize in ipsec.conf. Which section should I add the two
> parameters, such as "conn" part of ipsec.conf ? I want to modify source
> codes to fit the configurations, but I have no idea which section I
> should add.
> The two parameters could be different with each connection? Thanks very
> much.
>  
>  
>  
> B.R.
> Jessie




More information about the Users mailing list