[strongSwan] received 250000000 lifebytes, configured 0

Dr. Rolf Jansen rj at obsigna.com
Tue Nov 4 02:29:51 CET 2014


During connection attempts of a Windows 7 client by IKEv1 in transport mode, I see the following:

...
[NET] <L2TP/IPsec-PSK|1> received packet: from Y.Y.Y.Y[4500] to X.X.X.X[4500] (284 bytes)
[ENC] <L2TP/IPsec-PSK|1> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
[IKE] <L2TP/IPsec-PSK|1> received 250000000 lifebytes, configured 0
[ENC] <L2TP/IPsec-PSK|1> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
...

It takes about 1 or 2 seconds up to the 250 Million lifebytes message. Doesn't sound quite reasonable, 1-2 GiBit/s over a 100 Mbit line, does it?

Does "configured 0" mean that all these lifebytes were useless?


A same connection attempt using Mac OS X gives in this phase:

[NET] <L2TP/IPsec-PSK|1> received packet: from Y.Y.Y.Y[4500] to X.X.X.X[4500] (316 bytes)
[ENC] <L2TP/IPsec-PSK|1> parsed QUICK_MODE request 2983414279 [ HASH SA No ID ID NAT-OA NAT-OA ]
[ENC] <L2TP/IPsec-PSK|1> generating QUICK_MODE response 2983414279 [ HASH SA No ID ID NAT-OA NAT-OA ]

The Mac doesn't seem to send any useless lifebytes, and this turns out to work much better.


Is it possible to teach Windows 7 somehow to send its useless lifebytes to somewhere else, or perhaps send at least 1 useful lifebyte and let charon dump only 2499999999 useless bytes?

Best regards

Rolf


More information about the Users mailing list