Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Florian_Schneid
Participant

could someone advice me how to determine the value for "ipsec.replay_counter_window_size"

Hi,
could someone direct me how I can adjust the setting to avoid VPN Tunnel termination due to "possible replay attack".

I do have the issue described in sk94984. The issue exists only for one Tunnel. The issue is gone when I disable the replay check. Now I wanted to turn it back on and adjust the window size. In the SK they only say to adjust it to the relevant value.

In the logs I do have the message:

Warning: possible replay attack. Sequence Number 1490945 (Expected 1491179)

Currently I used 1200 as window size but the tunnel is still being terminated.

 

How can I determine / calculate the value? Seem that it isn’t just 1491179-1490945

Thanks

R80.40 T94

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend

Better use the information found in sk94984: VPN traffic is dropped with "Encryption failure: Warning: possible replay attack" log and involve TAC if this does not help. 

0 Kudos
Florian_Schneid
Participant

Hi Günter,

as mentioned above I followed the SK94984. But i didn't want to have the reply check disabled in general. So i decided to do the route descibed in the additional part of the SK and adjust the window size. I did adjust it to 1200 the log shows it triggered even it was only 234 as from the logs.

regards

Florian

0 Kudos
G_W_Albrecht
Legend
Legend

So i would suggest to involve TAC !

0 Kudos