[Swan-dev] Comment about commit c82b17e839bfcb547ba53b91397eafb193bef5e2

Antony Antony antony at phenome.org
Wed Jun 3 05:51:56 EEST 2015


On Tue, Jun 02, 2015 at 12:45:29AM +0300, Tuomo Soini wrote:
> I agree that 10s is too short a time when older Libreswan and openswan
> default to 20s first retry. But 60s sounds like a very long a time for
> me.
> 
> Should that be something like 30 to 40 seconds instead?

the reason I choose 60 is, it is on responder. You can be more accommodating on responder. If the fear is DDOS, the difference between 60 and 40 is probably more like a bandaid. You may need more sophisticated knobs fight a real DDOS.

It can be changed later too. However, if there is a strong feeling it should less, lets go for 42:)
-antony


More information about the Swan-dev mailing list