Duplicate SAD entries lead to ESP tunnel malfunction
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Fri Jan 27 00:45:25 PST 2006
On Thu, Jan 26, 2006 at 11:51:36AM -0800, Julian Elischer wrote:
> Oleg Tarasov wrote:
> There is a sysctl that can help this behaviour but I forget which
>
> something to do with ipsec and oldSAD or newSAD or something..
net.key.prefered_oldsa, or net.key.preferred_oldsa (changed since
4.X).
It is 1 by default, and it should be set to 0 to help better
interoperability with lots of peers.....
Yvan.
--
NETASQ - Secure Internet Connectivity
http://www.netasq.com
More information about the freebsd-net
mailing list