Duplicate SAD entries lead to ESP tunnel malfunction

[VANHULLEBUS Yvan]

On Thu, Jan 26, 2006 at 11:51:36AM -0800, Julian Elischer wrote:
> Oleg Tarasov wrote:

> There is a sysctl that can help this behaviour but I forget which
> 
> something to do with ipsec and oldSAD or newSAD or something..

net.key.prefered_oldsa, or net.key.preferred_oldsa (changed since
4.X).

It is 1 by default, and it should be set to 0 to help better
interoperability with lots of peers.....


Yvan.

-- 
NETASQ - Secure Internet Connectivity
http://www.netasq.com