<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p><font size="-1"><font face="Arial">Paul</font></font></p>
    <p><font size="-1"><font face="Arial">you might want to update the
          manuals if you say that 128 is possible:<br>
          In <a class="moz-txt-link-freetext" href="https://libreswan.org/man/spi.8.html">https://libreswan.org/man/spi.8.html</a> it is written:<br>
        </font></font></p>
    <p class="level1"><span class="bold">  --replay_window</span>
      replayw<br>
        sets the replay window size; valid values are decimal, 1 to 64 </p>
    <p><font size="-1"><font face="Arial"><br>
        </font></font></p>
    <p><font size="-1"><font face="Arial">Jobst</font></font></p>
    <p><font size="-1"><font face="Arial"><br>
        </font></font></p>
    <p><font size="-1"><font face="Arial"></font></font><br>
    </p>
    <div class="moz-signature">
      <title></title>
      <div class="moz-signature">
        <table
          style="background-color:white;border:0;font-family:Arial,Helvetica;"
          border="0" cellpadding="4" cellspacing="0">
          <tbody>
            <tr>
              <td colspan="2" style="text-align:left;
                color:black;font-size:12px;font-weight:bold;">Helping
                people and businesses sell better</td>
            </tr>
            <tr>
              <td
style="margin:0;padding:0;width:280px;font-size:10px;vertical-align:top;">
                <a href="http://www.barrett.com.au/"
                  style="color:black;" title="Click to go to our
                  Barrett.com.au"><img alt="BARRETT Everybody Lives By
                    Selling Something"
                    src="cid:part1.B7399D5D.F1AF39BB@barrett.com.au"
                    style="margin:0;padding:0;border:0;width:280px;"></a><br>
              </td>
              <td
style="margin:0;padding:0;padding-left:8px;width:270px;vertical-align:top;font-size:12px;">
                <table
                  style="background-color:white;border:0;font-family:Arial,Helvetica;"
                  border="0" cellpadding="0" cellspacing="0">
                  <tbody>
                    <tr>
                      <td colspan="2"
                        style="margin:0;padding:0;width:270px;vertical-align:top;">
                        <b style="font-size:12px;color:#000;">Jobst
                          Schmalenbach</b> </td>
                    </tr>
                    <tr>
                      <td colspan="2"
style="margin:0;padding:0;padding-bottom:3px;padding-top:3px;width:270px;vertical-align:top;">
                        <span style="font-size:11px;color:#555;">
                          General Manager and Geek </span> </td>
                    </tr>
                    <tr>
                      <td style="width:15px;"><span
                          style="font-size:11px;color:#555;"> <b>P</b></span></td>
                      <td><span style="font-size:11px;color:#555;">+61 3
                          9533 0000</span> </td>
                    </tr>
                    <tr>
                      <td style="width:15px;"><span
                          style="font-size:11px;color:#555;"> <b>M</b></span>
                      </td>
                      <td> <span style="font-size:11px;color:#555;">+61
                          411 611 855</span> </td>
                    </tr>
                    <tr>
                      <td style="width:15px;"> <span
                          style="font-size:11px;color:#555;"><b>E</b></span>
                      </td>
                      <td> <span style="font-size:11px;color:#555;"><a
                            href="mailto:jobst@barrett.com.au"
                            style="color:#555;text-decortion:underline;">jobst@barrett.com.au</a></span>
                      </td>
                    </tr>
                    <tr>
                      <td style="width:15px;"> <span
                          style="font-size:11px;color:#555;"><b>W</b></span>
                      </td>
                      <td> <span style="font-size:11px;color:#555;"><a
                            href="http://www.barrett.com.au"
                            style="color:#555;text-decortion:underline;"
                            title="Go to our Website">www.barrett.com.au</a></span>
                      </td>
                    </tr>
                  </tbody>
                </table>
              </td>
            </tr>
            <tr>
              <td
style="height:50px;margin:0;padding:0;padding-left:3px;width:280px;vertical-aligin:middle;font-size:10px;">
                <a style="color:#555;text-decoration:underline;"
                  href="http://www.barrett.com.au/sales-training.html"
                  title="Go to our Sales Training Pages">Sales Training</a>, 
                <a style="color:#555;text-decoration:underline;"
                  href="http://www.barrett.com.au/sales-consulting.html"
                  title="Go to our Sales Consulting Pages">Sales Consulting</a>, 
                <a style="color:#555;text-decoration:underline;"
                  href="http://www.barrett.com.au/coaching.html"
                  title="Go to our Coaching Pages">Coaching</a>,  <a
                  style="color:#555;text-decoration:underline;"
                  href="http://www.barrett.com.au/assessments.html"
                  title="Go to our Assessments Pages">Assessments</a> </td>
              <td
style="height:50px;margin:0;padding:0;padding-left:8px;width:270px;vertical-align:middle;font-size:10px;">
                <a href="http://salesblog.barrett.com.au/"
                  style="color:black;"><img alt="Barrett Sales Blog"
                    src="cid:part9.73455CF8.D6C11A97@barrett.com.au"
style="width:30px;height:30px;border:0;vertical-align:middle;margin-right:5px;"></a>
                <a
                  href="http://www.linkedin.com/groups?mostPopular=&gid=3672003"
                  style="color:black;"><img alt="Linkedin"
                    src="cid:part11.B5B09341.C7B25B8D@barrett.com.au"
style="width:30px;height:30px;border:0;vertical-align:middle;margin-right:5px;"></a>
                <a href="https://twitter.com/#%21/barrettconsult"
                  style="color:black;"><img alt="Sue Barrett Twitter"
                    src="cid:part13.26F85985.4B4769FE@barrett.com.au"
style="width:30px;height:30px;border:0;vertical-align:middle;margin-right:5px;"></a>
                <a
href="https://www.facebook.com/pages/Barrett-Consulting-Group/217319694964184"
                  style="color:black;"><img
                    alt="Barrett-Consulting-Facebook"
                    src="cid:part15.5B36009E.196BAB53@barrett.com.au"
style="width:30px;height:30px;border:0;vertical-align:middle;margin-right:5px;"></a>
              </td>
            </tr>
            <tr>
              <td colspan="2" style="text-align:left;
                color:green;font-size:9px;">Consider the environment
                before printing this email, please.</td>
            </tr>
          </tbody>
        </table>
      </div>
    </div>
    <div class="moz-cite-prefix">On 01/08/2016 02:12, Paul Wouters
      wrote:<br>
    </div>
    <blockquote
      cite="mid:72AC69D4-B5B9-423B-ABE0-84378B789B7D@nohats.ca"
      type="cite">
      <pre wrap="">Try libreswan-3.18 with replay-window=64 (or 128)

Paul

Sent from my iPhone

</pre>
      <blockquote type="cite">
        <pre wrap="">On Jul 27, 2016, at 11:09, Renzo Dani <a class="moz-txt-link-rfc2396E" href="mailto:arons7@gmail.com"><arons7@gmail.com></a> wrote:

Hi,
we have a vpn tunnel between two offices, both have an internet connection of 100Mbps.
Time to time we have serious issue with very poor bandwidth, the problem is not always present, some time we are experience a good bandwidth on the vpn too.
So we are currently not able to identify the problem, we already contact the two Internet service providers but they simply reply they cannot identify any issue on their network.

Iperf  between the two vpn gateways using the tunnel (during problem occurs)
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.00   sec   215 KBytes  1.76 Mbits/sec
[  5]   1.00-2.00   sec   195 KBytes  1.60 Mbits/sec
[  5]   2.00-3.00   sec   112 KBytes   920 Kbits/sec
[  5]   3.00-4.00   sec   115 KBytes   942 Kbits/sec
[  5]   4.00-5.00   sec  55.5 KBytes   454 Kbits/sec
[  5]   5.00-6.00   sec  44.7 KBytes   366 Kbits/sec
[  5]   6.00-7.00   sec   134 KBytes  1.10 Mbits/sec
[  5]   7.00-8.00   sec   108 KBytes   887 Kbits/sec
[  5]   8.00-9.00   sec  83.9 KBytes   687 Kbits/sec
[  5]   9.00-10.00  sec   100 KBytes   821 Kbits/sec
[  5]  10.00-10.03  sec  8.12 KBytes  2.02 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-10.03  sec  0.00 Bytes  0.00 bits/sec sender
[  5]   0.00-10.03  sec  1.14 MBytes   957 Kbits/sec                  receiver

Iperf  between the two vpn gateways using public internet ips at the same time as before
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.00   sec  9.50 MBytes  79.7 Mbits/sec
[  5]   1.00-2.00   sec  11.2 MBytes  93.6 Mbits/sec
[  5]   2.00-3.00   sec  11.0 MBytes  92.5 Mbits/sec
[  5]   3.00-4.00   sec  11.1 MBytes  93.5 Mbits/sec
[  5]   4.00-5.00   sec  11.2 MBytes  93.6 Mbits/sec
[  5]   5.00-6.00   sec  11.2 MBytes  93.7 Mbits/sec
[  5]   6.00-7.00   sec  11.2 MBytes  93.7 Mbits/sec
[  5]   7.00-8.00   sec  11.2 MBytes  94.0 Mbits/sec
[  5]   8.00-9.00   sec  11.2 MBytes  93.9 Mbits/sec
[  5]   9.00-10.00  sec  11.2 MBytes  93.8 Mbits/sec
[  5]  10.00-10.04  sec   510 KBytes  93.6 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-10.04  sec  0.00 Bytes  0.00 bits/sec sender
[  5]   0.00-10.04  sec   110 MBytes  92.2 Mbits/sec                  receiver



Our config:

config setup
       nat_traversal=yes
       oe=off
       protostack=netkey
       uniqueids=no

conn our_vpn
       authby=secret
       disablearrivalcheck=no
       ....
       # PHASE 1
       aggrmode=no
       ike=aes256-sha2_256;modp3072
       ikelifetime=8h
       # PHASE 2
       type=tunnel
       phase2=esp
       phase2alg=aes-256-sha2_256;modp3072
       salifetime=2h
       pfs=yes
       auto=start


Thanks for any help/suggestion

Renzo

_______________________________________________
Swan mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
</pre>
      </blockquote>
      <pre wrap="">
_______________________________________________
Swan mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>