Date: Fri, 27 Jan 2006 09:44:58 +0100 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-net@freebsd.org Subject: Re: Duplicate SAD entries lead to ESP tunnel malfunction Message-ID: <20060127084457.GA21360@zen.inc> In-Reply-To: <43D92848.2050005@elischer.org> References: <83462512.20060126181018@osk.com.ua> <43D92848.2050005@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 26, 2006 at 11:51:36AM -0800, Julian Elischer wrote: > Oleg Tarasov wrote: > There is a sysctl that can help this behaviour but I forget which > > something to do with ipsec and oldSAD or newSAD or something.. net.key.prefered_oldsa, or net.key.preferred_oldsa (changed since 4.X). It is 1 by default, and it should be set to 0 to help better interoperability with lots of peers..... Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060127084457.GA21360>