[Swan-dev] Disable Anti-Replay Detection
Paul Wouters
paul at nohats.ca
Fri Mar 11 19:47:39 UTC 2016
Not that I know. Normally ip xfrm output can also be used as input, but for esn and replay-protection this might not work as expected because of the bogus output in ip xfrm for these features and its use of a different xfrm struct.
Sent from my iPhone
> On Mar 11, 2016, at 19:17, FortyCloud <amir at fortycloud.com> wrote:
>
> Is there a way to hake it using "ip xfrm state" command (I'm assuming it's not the best idea but we need to test disabling it in an existing deployment before makes any changes to the deployment itself)?
>
> Sent from my iPhone
>
>> On Mar 11, 2016, at 16:46, Paul Wouters <paul at nohats.ca> wrote:
>>
>> it's a new option. Try 3.17rc2 with replay-protection=0
>>
>> Sent from my iPhone
>>
>>> On Mar 11, 2016, at 14:03, Amir Naftali <amir at fortycloud.com> wrote:
>>>
>>> Hi All
>>>
>>> Is there a way one can disable "Disable Anti-Replay Detection" in libreswan?
>>>
>>> Amir
>>>
>>>
>>> Amir Naftali | CTO and Co-Founder | +972 54 497 2622
>>>
>>>
>>> _______________________________________________
>>> Swan-dev mailing list
>>> Swan-dev at lists.libreswan.org
>>> https://lists.libreswan.org/mailman/listinfo/swan-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20160311/79b0e16c/attachment-0001.html>
More information about the Swan-dev
mailing list