<div dir="ltr">Яка модель мікротіка ? </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 14 Dec 2020 at 19:02, Volodymyr Litovka <doka@xlit.one> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Поможет? -<br>
</p>
<p>-------- Forwarded Message --------</p>
<table cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">Subject: </th>
<td>Re: [strongSwan] Packet loss in ipsec tunnel</td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">Date: </th>
<td>Mon, 12 Oct 2020 16:44:30 +0200</td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">From: </th>
<td>Tobias Brunner <a href="mailto:tobias@strongswan.org" target="_blank"><tobias@strongswan.org></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">To: </th>
<td>wax g. <a href="mailto:waxitau@gmail.com" target="_blank"><waxitau@gmail.com></a>,
<a href="mailto:users@lists.strongswan.org" target="_blank">users@lists.strongswan.org</a></td>
</tr>
</tbody>
</table>
<br>
<br>
Hi,<br>
<br>
<blockquote type="cite">
<pre>* When is replay-window stats increased ?
</pre>
</blockquote>
<br>
Whenever a packet arrives with a sequence number that's lower than
the<br>
lower end of the replay window (i.e. with seq <
highest_received_seq -<br>
window). Could be an actually delayed packet but might also be
because<br>
the window is simply too small for your line speed and traffic
pattern,<br>
e.g. because packets arrive so fast and in quick succession that the<br>
window is moved constantly and too quickly so slightly delayed (or<br>
perhaps larger) packets have to be dropped.<br>
<br>
<blockquote type="cite">
<pre>* I've noticed that on devices not experiencing packet losses over the
ipsec tunnel all the stats = 0 (replay-window, replay & fail).
</pre>
</blockquote>
<br>
Yes, those stats indicate errors, so it's good if everything is 0
there.<br>
<br>
<blockquote type="cite">
<pre>* I'm suspecting a replay window issue for received ipsec packets that
are dropped..
</pre>
</blockquote>
<br>
Did you configure a replay window size<br>
(connections.<conn>.children.<child>.replay_window in
swanctl.conf)?<br>
The default is 32, which is pretty low.<br>
<br>
Regards,<br>
<p>Tobias</p>
<p><br>
</p>
<div>On 14.12.2020 15:41, Gregory Edigarov
wrote:<br>
</div>
<blockquote type="cite">
<pre>Всем привет,
при копировании большого файла обнаружилась проблема.
mss/mtu - вроде все сделали, но все равно медленно.
1Mбит на 100Mбит канале....
что может быть причиной?
_______________________________________________
uanog mailing list
<a href="mailto:uanog@uanog.kiev.ua" target="_blank">uanog@uanog.kiev.ua</a>
<a href="https://mailman.uanog.kiev.ua/mailman/listinfo/uanog" target="_blank">https://mailman.uanog.kiev.ua/mailman/listinfo/uanog</a></pre>
</blockquote>
<pre cols="72">--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison</pre>
</div>
_______________________________________________<br>
uanog mailing list<br>
<a href="mailto:uanog@uanog.kiev.ua" target="_blank">uanog@uanog.kiev.ua</a><br>
<a href="https://mailman.uanog.kiev.ua/mailman/listinfo/uanog" rel="noreferrer" target="_blank">https://mailman.uanog.kiev.ua/mailman/listinfo/uanog</a></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">Regards,<br>Igor Levchuk</div>