Date: Fri, 05 Oct 2001 09:23:37 +0900 From: Shoichi Sakane <sakane@kame.net> To: freebsd-net@freebsd.org Subject: Re: IPsec rekey question (bug in racoon?) Message-ID: <20011005092337B.sakane@kame.net> In-Reply-To: Your message of "Thu, 4 Oct 2001 12:39:05 %2B0200" <20011004123905.C74306@gvr.gvr.org> References: <20011004123905.C74306@gvr.gvr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > the freebsd's ipsec stack always uses old SA when there are some SAs for > > the communication. so the other side system used old SA even when the one > > had new SA. > With that I can fix my case. Is there a special reason to > default to the old one, because that breaks rebooting systems, doesn't it? if new SA was used, when the system installed SA, but the other system hadn't installed SA yet, some packet would be lost. when the system rebooted, it would caused the problem as you said. you can get more information from draft-jenkins-ipsec-rekeying-06.txt. although this draft has expired already, you can get from the Internet somewhere. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011005092337B.sakane>