From owner-freebsd-net Thu Apr 25 1:40:28 2002 Delivered-To: freebsd-net@freebsd.org Received: from papa.tanu.org (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 64EF337B41B for ; Thu, 25 Apr 2002 01:40:13 -0700 (PDT) Received: from localhost ([3ffe:501:4819:1000:260:1dff:fe21:f766]) by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g3P8Wjw09800; Thu, 25 Apr 2002 17:32:45 +0900 (JST) (envelope-from sakane@kame.net) To: vctw@yahoo.com Cc: freebsd-net@FreeBSD.ORG Subject: Re: why prefer old SA in KAME's IPSec? In-Reply-To: Your message of "Sat, 20 Apr 2002 22:12:05 -0700 (PDT)" <20020421051205.33101.qmail@web20004.mail.yahoo.com> References: <20020421051205.33101.qmail@web20004.mail.yahoo.com> X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20020426024239G.sakane@kame.net> Date: Fri, 26 Apr 2002 02:42:39 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 10 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > but freebsd use old SA. After searching maillist, I > found that net.key.prefered_oldsa=0 will solve that > problem. But why prefer old one? the reason is for backword compatibility. you can use new one by the system wide default as you know. early kame implementation always used old one according to draft-jenkins-ipsec-rekeying-06.txt. it merged to freebsd. then net.key.prefered_oldsa was added to be able to use new one. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message