[strongSwan] Replay window weirdness with charon
Guru Shetty
gurushettylists at gmail.com
Thu Sep 27 18:36:55 CEST 2012
On 27 September 2012 04:04, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Guru,
>
>> My primary goal is to disable the replay protection. In
>> strongswan.conf, if I set the "replay_window = 0" (or any value <=
>> 32), I see the replay window to be stuck at 32 (when seen with setkey
>> -D).
>
> You couldn't configure the replay window to be below the default of 32
> via strongswan.conf until now (see the patch at [1] for a fix).
>
> [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=a79af394
Thank you. I have tested this in 4.5.2 and it works (atleast setkey
-D, gives the right values for replay_window <= 32).
I suppose there is no way with popular tools to cross-verify that
replay_window is being set fine for values greater than 32 (It is not
a use case for me, so doesn't matter).
Thanks,
Guru
More information about the Users
mailing list