From owner-freebsd-security Wed Dec 5 21:54:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from mine.kame.net (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 9107E37B41A for ; Wed, 5 Dec 2001 21:54:33 -0800 (PST) Received: from localhost ([3ffe:501:41c:2000:4178:16a7:e2d4:1394]) by mine.kame.net (8.11.1/3.7W) with ESMTP id fB65lYL01202; Thu, 6 Dec 2001 14:47:34 +0900 (JST) To: jack_xiao99@hotmail.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: SA regenerated problems In-Reply-To: Your message of "Sun, 2 Dec 2001 21:32:54 -0500" References: X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20011206145443E.sakane@kame.net> Date: Thu, 06 Dec 2001 14:54:43 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I am setting up ipsec tunnels between two FreeBSD4.2 RELEASE servers and met the > SA regenerated problem. It seems the new SA can not be generated in time and pr > operly some time when the SA life time is over. at least, you should show us your SPD and SA configuration, your network topology, your routing table and your system log. also if you use racoon or isakmpd, you should show us the configuration of them, and the log file. otherwise we cannot get what happened to you. no one can answer your problem. by the way, when you check them carefully, you can get the answer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message