Date: Wed, 3 Oct 2001 13:00:15 +0200 From: Guido van Rooij <guido@gvr.org> To: freebsd-net@freebsd.org Subject: IPsec rekey question (bug in racoon?) Message-ID: <20011003130015.A68282@gvr.gvr.org>
next in thread | raw e-mail | index | archive | help
I am using Ipsec in tunnel mode. Everything works okay. Then I decide
to flush my SAD entries, on _one_ side of the tunnel.
Naturally, I see a key exchange going on.
Afterwards I see that the system on which I flushed the SAD entries does
have new ones. However the other side of the tunnel is still using
the old one for its tunnel to me. I would guess that that SAD would be replaced
as well?
Is there a config ite I overlooked?
Tcpdump showing what I just said:
12:33:31.189986 aaa.bbb.ccc.198 > aaa.bbb.ccc.193: ESP(spi=0x00169b89,seq=0x35) [tos 0x10]
12:33:31.322963 aaa.bbb.ccc.193 > aaa.bbb.ccc.198: ESP(spi=0x05c83a78,seq=0x35) [tos 0x10]
12:33:54.695274 aaa.bbb.ccc.198.500 > aaa.bbb.ccc.193.500: isakmp: phase 1 I agg: [|sa]
12:33:55.433767 aaa.bbb.ccc.193.500 > aaa.bbb.ccc.198.500: isakmp: phase 1 R agg: [|sa]
12:33:55.494034 aaa.bbb.ccc.198.500 > aaa.bbb.ccc.193.500: isakmp: phase 1 I agg:
(hash: len=20)
12:33:55.524092 aaa.bbb.ccc.198.500 > aaa.bbb.ccc.193.500: isakmp: phase 2/others I oakley-quick[E]: [|hash]
12:33:55.731783 aaa.bbb.ccc.193.500 > aaa.bbb.ccc.198.500: isakmp: phase 2/others R oakley-quick[E]: [|hash]
12:33:55.733311 aaa.bbb.ccc.198.500 > aaa.bbb.ccc.193.500: isakmp: phase 2/others I oakley-quick[E]: [|hash]
12:33:59.650507 aaa.bbb.ccc.198 > aaa.bbb.ccc.193: ESP(spi=0x0aff2f79,seq=0x1)
12:33:59.659407 aaa.bbb.ccc.193 > aaa.bbb.ccc.198: ESP(spi=0x05c83a78,seq=0x36)
12:34:04.660544 aaa.bbb.ccc.198 > aaa.bbb.ccc.193: ESP(spi=0x0aff2f79,seq=0x2)
12:34:04.669431 aaa.bbb.ccc.193 > aaa.bbb.ccc.198: ESP(spi=0x05c83a78,seq=0x37)
-Guido
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011003130015.A68282>