Date: Fri, 26 Apr 2002 02:42:39 +0900 From: Shoichi Sakane <sakane@kame.net> To: vctw@yahoo.com Cc: freebsd-net@FreeBSD.ORG Subject: Re: why prefer old SA in KAME's IPSec? Message-ID: <20020426024239G.sakane@kame.net> In-Reply-To: Your message of "Sat, 20 Apr 2002 22:12:05 -0700 (PDT)" <20020421051205.33101.qmail@web20004.mail.yahoo.com> References: <20020421051205.33101.qmail@web20004.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> but freebsd use old SA. After searching maillist, I > found that net.key.prefered_oldsa=0 will solve that > problem. But why prefer old one? the reason is for backword compatibility. you can use new one by the system wide default as you know. early kame implementation always used old one according to draft-jenkins-ipsec-rekeying-06.txt. it merged to freebsd. then net.key.prefered_oldsa was added to be able to use new one. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020426024239G.sakane>