Subject: Re: bin/28922: racoon leaves old SA's in kernel
To: Kimmo Suominen <>
From: =?ISO-2022-JP?B?GyRCJF8kTiQmJGkbKEIgGyRCJF4bKEI=?= =?ISO-2022-JP?B?GyRCJDMkSBsoQg==?= <>
List: netbsd-bugs
Date: 01/10/2005 15:39:03
|> In <>
|>   Kimmo Suominen <> wrote:

> This seems to result in traffic being discarded by the receiver, which
> no longer has the old keys used by the sender.

I had this problem when I was using IPsec between NetBSD and Windows.

In racoon.conf(5)
>                     even when an new SA was established.  The KAME stack has
>                     the switch in the system wide value, net.key.pre-
>                     ferred_oldsa.  when the value is zero, the stack always
>                     use an new SA.

Apperently KAME-based NetBSD stack != KAME stack here...
(FAST_IPSEC seems to have this though...)

Minoura Makoto <>