Racoon site-to site
Julian Elischer
julian at elischer.org
Fri Dec 11 14:33:31 PST 2009
Mike Tancsa wrote:
> At 04:43 PM 12/11/2009, Jon Otterholm wrote:
>> > Also, what does
>> > sysctl net.key.preferred_oldsa
>> >
>> > show ?
>>
>> It has not jamed up yet but here is output from sysctl:
>>
>> net.key.preferred_oldsa: 1
>>
>> Would it help setting it to 0 to force renewal of keys at reconnection?
>
> I think it should allow your end to honor the other side's new SA should
> it want one ahead of schedule
yes this sysctl allows the other side to negotiate a new key at
any time. (for example after it reboots).
If you have the old SA prefered, then after your peer reboots and
comes up again. You can't communicate with it until the SA
you negotiated with him originally times out (which may be
some minutes or even hours later).
>
> ---Mike
>
>
>
> --------------------------------------------------------------------
> Mike Tancsa, tel +1 519 651 3400
> Sentex Communications, mike at sentex.net
> Providing Internet since 1994 www.sentex.net
> Cambridge, Ontario Canada www.sentex.net/mike
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list