|
|
On Thu, 2 Sep 2004, Sean Patrick wrote: > Hello, > > Thanks for making a product which works so well in > many diverse environments. It's amazing how much time > can be saved just by not having to modify a lot of > config files for different platforms. > > Using the suggested verb 4 setting, my > /var/log/messages log is showing "Replay-window > backtrack occurred [x]" warnings. > > One has [9], and another has [18]. That number is printed any time the maximum backtrack seen so far increases. For example suppose the sender sends packets #1, 2, 3, 4, 5, 6, 7 Suppose the receiver receives them out of order: #1, 2, 7, 4, 5, 6, 3 The maximum backtrack seen in this sequence is 4, because we got #7 and then we backtracked down to #3 before presumably moving on to #8. In this case, OpenVPN would print "Replay-window backtrack occurred [4]". Future backtracks would not be logged unless they exceeded the previous "high water mark" of 4. > I understand the man page states "n" means the sliding > window of size n, but does that mean my logs are > showing the replayed packet is 9 and 18 bytes long? Is > it the number of replay packets which occured in time > "t" (default 15 seconds)? The default window size is 64. That means that if OpenVPN sees a backtrack larger than 64, it will drop the packet. > What does the "x" mean, and how is that used in > relation to calibrating the "replay-window n [t]" > setting in place of the "n", as the man page states? > > Can anyone help explain the backtracking and > calibration? If you see a message like this: Replay-window backtrack occurred [63] followed by packet loss, you might want to increase the n parameter to something more than 64. The t parameter usually doesn't need to be changed. While the default replay parameters are sufficient for most networks, I did notice a message on an IPSec list a while back from someone who claimed that he needed a window size of 2048 when dealing with satellite links. The occasion where you might need to increase the replay parameters would be a case where you have a high bandwidth, high latency network link. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-09/msg00068.html on line 239 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-09/msg00068.html on line 239 |