Date: Mon, 27 May 2002 14:46:07 +0200 From: Barry Irwin <bvi@itouchlabs.com> To: Jerry Murdock <jerry_murdock@yahoo.com> Cc: Shoichi Sakane <sakane@kame.net>, FreeBSD-Security@FreeBSD.ORG Subject: Re: Racoon SA Hard/Soft Lifetimes Message-ID: <20020527144607.R38967@itouchlabs.com> In-Reply-To: <20020525133315.86705.qmail@web14603.mail.yahoo.com>; from jerry_murdock@yahoo.com on Sat, May 25, 2002 at 06:33:15AM -0700 References: <20020525122004P.sakane@kame.net> <20020525133315.86705.qmail@web14603.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi All I have tracked this down as being available in 4.5< However I can find mo mention of any of the net.key.* sysctls in the man pages, anyone aware of a description, or is it a case of read the source ? Barry On Sat 2002-05-25 (06:33), Jerry Murdock wrote: > > > > try like the following, > > # sysctl -w net.key.preferred_oldsa=0 > > Sounds like exactly what I was looking for, unfortunately it doesn't seem to > have any effect. > > I still see the counters for the old SA incrementing, and nothing going out the > new SA until the old one expires completely. > > For now, I've modified racoon to set the soft lifetime to "hard lifetime - 10 > seconds." The value seems to work quite well for the connection in question > with no apparent key-renegotiation packet loss. > -- Barry Irwin bvi@itouchlabs.com +27214875177 Systems Administrator: Networks And Security Itouch Labs http://www.itouchlabs.com South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020527144607.R38967>