[Openswan Users] Connection not coming up automatically
Andy
fs at globalnetit.com
Tue Jun 27 17:27:22 CEST 2006
On Tue, 2006-06-27 at 21:59 +0200, Paul Wouters wrote:
> On Tue, 27 Jun 2006, Andy wrote:
>
> > > Is this safe to set nhelpers=0 on all osw boxes?
> > IMO, yes.
> > I run all mine that way.
>
> Yes it is indeed.
>
> > I'm really not sure how the separate helper process is useful.
>
> It prevents your box from going down with a trivial DDOS attack when
> Aggressive Mode is used.
I believe you mentioned that before. Is that so hard to fix in the
nhelpers=0 case?
> It is also used for async hardware offloading.
>
> There are definately issues with nhelpers being non-zero.
Indeed. Perhaps nhelpers=0 should be default?
>
> Paul
--
Andy <fs at globalnetit.com>
More information about the Users
mailing list