Martin Willi martin at strongswan.org
Fri May 3 10:11:28 CEST 2013


> But I couldn't see any parameter to achieve this in the 4306/5996 as
> part of INIT, auth or create_child_SA messages. Could you please put
> more light on this topic ?

There is no mechanism in IKEv2 to negotiate anti-replay window options.

> How do we enable/disable anti replay on strongswan?
> How to set the "anti-replay" window ?

The kernel-netlink plugin can configure the size of the anti-replay
window using the strongswan.conf "charon.replay_window" option. A value
of zero should disable anti-replay detection completely, but I have
never tried it.


