Subject: Re: bin/28922: racoon leaves old SA's in kernel
To: Kimmo Suominen <email@example.com>
From: =?ISO-2022-JP?B?GyRCJF8kTiQmJGkbKEIgGyRCJF4bKEI=?= =?ISO-2022-JP?B?GyRCJDMkSBsoQg==?= <makoto@hauN.org>
Date: 01/10/2005 15:39:03
|> In <20050110035604.GT12963@kimmo.suominen.com>
|> Kimmo Suominen <firstname.lastname@example.org> wrote:
> This seems to result in traffic being discarded by the receiver, which
> no longer has the old keys used by the sender.
I had this problem when I was using IPsec between NetBSD and Windows.
> even when an new SA was established. The KAME stack has
> the switch in the system wide value, net.key.pre-
> ferred_oldsa. when the value is zero, the stack always
> use an new SA.
Apperently KAME-based NetBSD stack != KAME stack here...
(FAST_IPSEC seems to have this though...)
Minoura Makoto <makoto@hauN.org>