[Swan] IKEv1 and a lost UDP packet
Kevin Wilson
wkevils at gmail.com
Sun Oct 20 21:25:24 EEST 2013
Hi,
Thanks, Paul!
Now I get to the point which try to understand and I am not sure about
it at all.
I saw in many places on the web that they say that IKEv2 is more
reliable than IKEv1;
For example, in http://eprint.iacr.org/2006/097.pdf:
"IKEv1 and IKEv2 both run over the unreliable UDP protocol, but IKEv2
adds retransmission and acknowledgement functions, so it is more
reliable than IKEv1."
Is it true to say so ?
Is using the backoff algorithm as you described with trying forever
at 40 is less reliable and less robust than waiting for ACK in IKEv2?
Best Regards,
Kevin
Kevin
On Sun, Oct 20, 2013 at 9:01 PM, Paul Wouters <paul at nohats.ca> wrote:
> On Sun, 20 Oct 2013, Kevin Wilson wrote:
>
>> Does it mean that after 3 trials the session it terminated in case not
>> getting response ?
>> (to be more specific: first trying after 20, then second again at 20,
>> and third at 40 seconds, and not receiving a response will entail
>> session termination ?
>
>
> The default is to try forever at 40second. See 'man ipsec.conf' and the
> keyingtries= parameter to modify the default behaviour.
>
> Paul
>
More information about the Swan
mailing list