From owner-freebsd-security Wed May 15 21: 2:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from web14606.mail.yahoo.com (web14606.mail.yahoo.com [216.136.224.86]) by hub.freebsd.org (Postfix) with SMTP id 7DDE537B400 for ; Wed, 15 May 2002 21:02:14 -0700 (PDT) Message-ID: <20020516040214.97098.qmail@web14606.mail.yahoo.com> Received: from [66.156.9.133] by web14606.mail.yahoo.com via HTTP; Wed, 15 May 2002 21:02:14 PDT Date: Wed, 15 May 2002 21:02:14 -0700 (PDT) From: Jerry Murdock Subject: Racoon SA Hard/Soft Lifetimes To: FreeBSD-Security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is the Soft lifetime limit configurable for Racoon generated SA's? I've googled around, but can't find anything on this. I've successfully got a 2day old -Stable build to talk IPSEC/IKE with a Sonicwall, but things fall apart when the SAs hit the soft lifetime limit. A new SA is successfully negotiated with the Sonicwall when the soft lifetime runs out, but the Sonicwall then ignores anything coming into it on the "old" SA(which FBSD uses until the hard lifetime runs out). The result that no traffic passes for 20% of the SA's lifetime. I need FBSD to either switch immediately to the new SA, or bump the Soft lifetime limit up to the hard lifetime. A few seconds of dropped packets every 4 hours of so can be tolerated. I hope I'm being dense and someone will tell me what I'm missing. Thanks, Jerry __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message