Date: Fri, 11 Dec 2009 14:33:43 -0800 From: Julian Elischer <julian@elischer.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-net@freebsd.org, Jon Otterholm <jon.otterholm@ide.resurscentrum.se> Subject: Re: Racoon site-to site Message-ID: <4B22C8C7.4060209@elischer.org> In-Reply-To: <200912112202.nBBM2Fli073479@lava.sentex.ca> References: <200912111923.nBBJNLk3072715@lava.sentex.ca> <C7487BA6.31D78%jon.otterholm@ide.resurscentrum.se> <200912112202.nBBM2Fli073479@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote: > At 04:43 PM 12/11/2009, Jon Otterholm wrote: >> > Also, what does >> > sysctl net.key.preferred_oldsa >> > >> > show ? >> >> It has not jamed up yet but here is output from sysctl: >> >> net.key.preferred_oldsa: 1 >> >> Would it help setting it to 0 to force renewal of keys at reconnection? > > I think it should allow your end to honor the other side's new SA should > it want one ahead of schedule yes this sysctl allows the other side to negotiate a new key at any time. (for example after it reboots). If you have the old SA prefered, then after your peer reboots and comes up again. You can't communicate with it until the SA you negotiated with him originally times out (which may be some minutes or even hours later). > > ---Mike > > > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B22C8C7.4060209>