Date: Thu, 17 Dec 2009 17:43:52 +0100 From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-net@freebsd.org, Jon Otterholm <jon.otterholm@ide.resurscentrum.se> Subject: Re: Racoon site-to site Message-ID: <20091217164351.GA66492@zeninc.net> In-Reply-To: <200912171634.nBHGY69O019300@lava.sentex.ca> References: <200912111923.nBBJNLk3072715@lava.sentex.ca> <C74CFE50.31FA9%jon.otterholm@ide.resurscentrum.se> <200912171634.nBHGY69O019300@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all. On Thu, Dec 17, 2009 at 11:01:00AM -0500, Mike Tancsa wrote: [...] > Another thing to try is > sysctl -w net.key.preferred_oldsa=0 Yep, this is how most IPsec devices works and expects peers to work. > Also, check and make sure you have dpd compiled into > ipsectools and make sure enabled. Yes .... or no: misconfigured, or used in situations with important loss, DPD can be worst than nothing.... The best would be to first understand the issue, then fix it, and only after that consider finding useful DPD configuration regarding the setup.... Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091217164351.GA66492>