Hello SS team,
Does strongswan 5.x provide esp replay protection with IKEv1? I can pass packets with seq number 1, 2, 3 , ..., 31, 1, 2,3, ..., 31. Basically packets with duplicate sequence number are not dropped. I tried a couple of things to resolve this issue with no success. 1) I set replay windows to 128 in strongswan.conf: charon.replay_window = 128. This did not fix the issue. 2) Then I enabled the extended sequence number in ipsec.conf : esp=aes128-sha1-modp1024-esn-noesn! It did not make any difference. It still passes packets with duplicate sequence numbers. My kernel includes the ESN and replay window support for larger than 32 packets that was added to Kernel 2.6.39. I appreciate any help. Thanks! Jordan.
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
