Date: Thu, 4 Oct 2001 12:39:05 +0200 From: Guido van Rooij <guido@gvr.org> To: Shoichi Sakane <sakane@kame.net> Cc: freebsd-net@freebsd.org Subject: Re: IPsec rekey question (bug in racoon?) Message-ID: <20011004123905.C74306@gvr.gvr.org> In-Reply-To: <20011004174748J.sakane@kame.net>; from sakane@kame.net on Thu, Oct 04, 2001 at 05:47:48PM %2B0900 References: <20011003130015.A68282@gvr.gvr.org> <20011004174748J.sakane@kame.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 04, 2001 at 05:47:48PM +0900, Shoichi Sakane wrote: > the freebsd's ipsec stack always uses old SA when there are some SAs for > the communication. so the other side system used old SA even when the one > had new SA. > latest KAME has the flag, net.key.prefered_oldsa, which makes the kernel > to be used new SA or old one. if the flag is not 0, the kernel uses > new one. With that I can fix my case. Is there a special reason to default to the old one, because that breaks rebooting systems, doesn't it? -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004123905.C74306>