From owner-freebsd-net@FreeBSD.ORG Fri Dec 11 22:33:31 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 042781065670 for ; Fri, 11 Dec 2009 22:33:31 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outX.internet-mail-service.net (outx.internet-mail-service.net [216.240.47.247]) by mx1.freebsd.org (Postfix) with ESMTP id DED448FC0C for ; Fri, 11 Dec 2009 22:33:30 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 744B6961CA; Fri, 11 Dec 2009 14:33:30 -0800 (PST) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 1D8822D6010; Fri, 11 Dec 2009 14:33:30 -0800 (PST) Message-ID: <4B22C8C7.4060209@elischer.org> Date: Fri, 11 Dec 2009 14:33:43 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Mike Tancsa References: <200912111923.nBBJNLk3072715@lava.sentex.ca> <200912112202.nBBM2Fli073479@lava.sentex.ca> In-Reply-To: <200912112202.nBBM2Fli073479@lava.sentex.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Jon Otterholm Subject: Re: Racoon site-to site X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2009 22:33:31 -0000 Mike Tancsa wrote: > At 04:43 PM 12/11/2009, Jon Otterholm wrote: >> > Also, what does >> > sysctl net.key.preferred_oldsa >> > >> > show ? >> >> It has not jamed up yet but here is output from sysctl: >> >> net.key.preferred_oldsa: 1 >> >> Would it help setting it to 0 to force renewal of keys at reconnection? > > I think it should allow your end to honor the other side's new SA should > it want one ahead of schedule yes this sysctl allows the other side to negotiate a new key at any time. (for example after it reboots). If you have the old SA prefered, then after your peer reboots and comes up again. You can't communicate with it until the SA you negotiated with him originally times out (which may be some minutes or even hours later). > > ---Mike > > > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"