Hi,
On 06/06/18 15:00, Gert Doering wrote:
> For Data mode ("tun -> openvpn -> network -> openvpn -> tun"), we do
> error checking. As in "if the packet does not pass authentication,
> complain and drop it". (We *might* do a sequence number check to drop
> out of order packetsI think we only do replay attack checks (ssl.c:crypto_check_replay()) and dropped packets are logged with verb 6. However, JJ has shown that by adding latency with netem in a LAN he can emulate the throughput drop, therefore I hardly believe this is the result of re-ordering and consequent drops. Cheers, -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
