[strongSwan] Replay window upper limit
Emeric POUPON
emeric.poupon at stormshield.eu
Thu Sep 1 10:09:44 CEST 2016
Hello,
Indeed the upper limit depends on the API used to manipulate the SA in the kernel.
With pfkey, the field is stored on a 8 bits field.
On FreeBSD, the maximum value is actually 255*8 = 2040 packets
We have made a patch to change the field to 32bits.
This allows very huge replay windows (you need a lot of RAM though), but this patch has not been submitted yet.
Emeric
----- Original Message -----
From: "Tobias Brunner" <tobias at strongswan.org>
To: "Kapil Adhikesavalu" <kapil20084 at gmail.com>, users at lists.strongswan.org, "Andreas Steffen" <andreas.steffen at strongswan.org>
Sent: Wednesday, 31 August, 2016 18:46:27
Subject: Re: [strongSwan] Replay window upper limit
Hi Kapil,
> What is the upper limit on replay window size ? i didn't find any
> documentation on upper limit. is it dependent on Hardware, if so how to
> find the limit
There is no hard limit. But since storing the window requires a certain
amount of memory per SA there is definitely some upper limit on any
given system. Maintaining the window also imposes some overhead
(probably only relevant if the window is huge).
> After a certain limit, i am having some problem with IPsec connection.
What number are we talking about here? And what problem are you having?
Regards,
Tobias
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list