NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ipsec-tools-current, -4 and Cisco VPN

On 19/06/2008 9:46 PM, Petar Bogdanovic wrote:
On Fri, Jun 06, 2008 at 02:41:00PM +1000, Jason Lingohr wrote:
Is anyone here using -4 and ipsec-tools-current?

I'm having a few problems with it -- notably, SPI's don't get deleted when a VPN is torn down, and re-keying doesn't seem to work anymore.

If you are talking about stale SAs after a peer reboot -- I had similar
problems with racoon and it seems that the only workaround is some kind
of a ping script which restarts racoon (or does a setkey -F) as soon as
the other peer goes down.

You should also consider racoon2 with ikev2. I replaced racoon with
racoon2 on all our peers and had no stale SAs / rekeying problems since


Thanks for that advice.

I've looked at it, and seems promising. Can't seem to find if anyone has successfully used it with the Cisco VPN client though.

Home | Main Index | Thread Index | Old Index