aboutsummaryrefslogtreecommitdiffstats
path: root/conf
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2017-05-19 16:14:40 +0200
committerTobias Brunner <tobias@strongswan.org>2017-05-23 18:02:15 +0200
commit389e4b8e673fe679c3074f5563c3581b3271ef2a (patch)
treeed16eaf0bf0bc7a42f405478eff9924cc33cc6ea /conf
parentd140b3bd3f7ff6f6b7bdc5202bd0dee7f39fa699 (diff)
downloadstrongswan-389e4b8e673fe679c3074f5563c3581b3271ef2a.tar.bz2
strongswan-389e4b8e673fe679c3074f5563c3581b3271ef2a.tar.xz
ike: Use optional jitter to calculate retransmission timeouts
Also adds an optional limit to avoid very high retransmission timeouts with high numbers of retries.
Diffstat (limited to 'conf')
-rw-r--r--conf/options/charon.opt7
-rw-r--r--conf/strongswan.conf.5.tail.in12
2 files changed, 18 insertions, 1 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 4c4311e81..a5f03f272 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -311,6 +311,13 @@ charon.retransmit_timeout = 4.0
charon.retransmit_tries = 5
Number of times to retransmit a packet before giving up.
+charon.retransmit_jitter = 0
+ Maximum jitter in percent to apply randomly to calculated retransmission
+ timeout (0 to disable).
+
+charon.retransmit_limit = 0
+ Upper limit in seconds for calculated retransmission timeout (0 to disable).
+
charon.retry_initiate_interval = 0
Interval in seconds to use when retrying to initiate an IKE_SA (e.g. if DNS
resolution failed), 0 to disable retries.
diff --git a/conf/strongswan.conf.5.tail.in b/conf/strongswan.conf.5.tail.in
index 72aa7f856..f428fc323 100644
--- a/conf/strongswan.conf.5.tail.in
+++ b/conf/strongswan.conf.5.tail.in
@@ -408,6 +408,8 @@ using the three keys listed below:
.BR charon.retransmit_base " [1.8]"
.BR charon.retransmit_timeout " [4.0]"
.BR charon.retransmit_tries " [5]"
+.BR charon.retransmit_jitter " [0]"
+.BR charon.retransmit_limit " [0]"
.fi
.RE
.PP
@@ -419,7 +421,15 @@ The following algorithm is used to calculate the timeout:
.PP
Where
.I n
-is the current retransmission count.
+is the current retransmission count. The calculated timeout can't exceed the
+configured retransmit_limit (if any), which is useful if the number of retries
+is high.
+.PP
+If a jitter in percent is configured, the timeout is modified as follows:
+.PP
+.EX
+ relative timeout -= random(0, retransmit_jitter * relative timeout)
+.EE
.PP
Using the default values, packets are retransmitted in: