Date: Tue, 13 Aug 2002 11:51:25 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Mike Burgett <mburgett@awen.com> Cc: Julian Elischer <julian@vicor.com>, net@FreeBSD.ORG Subject: Re: Racoon question Message-ID: <20020813185125.GB5009@blossom.cjclark.org> In-Reply-To: <200208131150.g7DBoC4h030141@dragon.awen.com> References: <20020813052619.GD1675@blossom.cjclark.org> <200208131150.g7DBoC4h030141@dragon.awen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 13, 2002 at 04:50:12AM -0700, Mike Burgett wrote:
> On Mon, 12 Aug 2002 22:26:19 -0700, Crist J. Clark wrote:
>
> >On Mon, Aug 12, 2002 at 03:48:56PM -0700, Julian Elischer wrote:
> [ ... ]
> >> However I notice that if I have a problem on one system it sometimes
> >> needs to wait until the running SA has expired until things can be
> >> restarted.. For example if one system is rebooted, I need to reset the
> >> racoon on the
> >> other system and clear SAs etc. before things can resync.
> >
> >Yeah, known issue which comes up from time to time. It is a common
> >headache in IPsec. 'Coulda sworn there was a sysctl(8) to change this
> >behavior, but I can't find it.
>
> Hello,
>
> Try : net.key.prefered_oldsa=0
>
> This worked for me on a -stable box, awhile back.
There it is. Silly me looking for it above net.inet.ipsec.
forces me to wonder, "Why _aren't_ this and the other net.key
sysctl(8)s actually net.inet.ipsec.key (or something like that)?" I
see the code lives in src/sys/netkey, but isn't all of this purely
IPsec related? And all of the net.inet.ipsec code actually lives in
netinet6, so things are already inconsistent in making sysctl(8) names
reflect where something lies in the tree.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020813185125.GB5009>