Configurable ReplayWindow size, zero disables
This commit is contained in:
Brandon L Black
Guus Sliepen
parent
8dfe1b374e
commit
23acc19bc0
7 changed files with 43 additions and 18 deletions
|
|
@ -344,6 +344,16 @@ specified in the configuration file.
|
|||
When this option is used the priority of the tincd process will be adjusted.
|
||||
Increasing the priority may help to reduce latency and packet loss on the VPN.
|
||||
|
||||
.It Va ReplayWindow Li = Ar bytes Pq 16
|
||||
This is the size of the replay tracking window for each remote node, in bytes.
|
||||
The window is a bitfield which tracks 1 packet per bit, so for example
|
||||
the default setting of 16 will track up to 128 packets in the window. In high
|
||||
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
||||
the interaction of replay tracking with underlying real packet loss and/or
|
||||
reordering. Setting this to zero will disable replay tracking completely and
|
||||
pass all traffic, but leaves tinc vulnerable to replay-based attacks on your
|
||||
traffic.
|
||||
|
||||
.It Va StrictSubnets Li = yes | no Po no Pc Bq experimental
|
||||
When this option is enabled tinc will only use Subnet statements which are
|
||||
present in the host config files in the local
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue