|
|
--- James Yonan <jim@xxxxxxxxx> wrote: > > > On Thu, 2 Sep 2004, Sean Patrick wrote: > > > Hello, > > > > Thanks for making a product which works so well in > > many diverse environments. It's amazing how much > time > > can be saved just by not having to modify a lot of > > config files for different platforms. > > > > Using the suggested verb 4 setting, my > > /var/log/messages log is showing "Replay-window > > backtrack occurred [x]" warnings. > > > > One has [9], and another has [18]. > > That number is printed any time the maximum > backtrack seen so far > increases. > > For example suppose the sender sends packets #1, 2, > 3, 4, 5, 6, 7 > > Suppose the receiver receives them out of order: #1, > 2, 7, 4, 5, 6, 3 > > The maximum backtrack seen in this sequence is 4, > because we got #7 and > then we backtracked down to #3 before presumably > moving on to #8. > > In this case, OpenVPN would print "Replay-window > backtrack occurred [4]". > Future backtracks would not be logged unless they > exceeded the previous > "high water mark" of 4. > > > I understand the man page states "n" means the > sliding > > window of size n, but does that mean my logs are > > showing the replayed packet is 9 and 18 bytes > long? Is > > it the number of replay packets which occured in > time > > "t" (default 15 seconds)? > > The default window size is 64. That means that if > OpenVPN sees a > backtrack larger than 64, it will drop the packet. > > > What does the "x" mean, and how is that used in > > relation to calibrating the "replay-window n [t]" > > setting in place of the "n", as the man page > states? > > > > Can anyone help explain the backtracking and > > calibration? > > If you see a message like this: > > Replay-window backtrack occurred [63] > > followed by packet loss, you might want to increase > the n parameter to something more than 64. > > The t parameter usually doesn't need to be changed. > > While the default replay parameters are sufficient > for most networks, I > did notice a message on an IPSec list a while back > from someone who > claimed that he needed a window size of 2048 when > dealing with satellite > links. > > The occasion where you might need to increase the > replay parameters would > be a case where you have a high bandwidth, high > latency network link. > > James > Perfect. Thanks for the clear explanation! Looks like I will have to look to another paramater to debug the system when it drops file (2gb files...). Brian ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca |