Re: ipsec-tools-current, -4 and Cisco VPN

To: netbsd-users%NetBSD.org@localhost
Subject: Re: ipsec-tools-current, -4 and Cisco VPN
From: Jason Lingohr <jason%lucid.net.au@localhost>
Date: Fri, 20 Jun 2008 17:12:35 +1000

On 19/06/2008 9:46 PM, Petar Bogdanovic wrote:

On Fri, Jun 06, 2008 at 02:41:00PM +1000, Jason Lingohr wrote:

Is anyone here using -4 and ipsec-tools-current?
I'm having a few problems with it -- notably, SPI's don't get deletedwhen a VPN is torn down, and re-keying doesn't seem to work anymore.


If you are talking about stale SAs after a peer reboot -- I had similar
problems with racoon and it seems that the only workaround is some kind
of a ping script which restarts racoon (or does a setkey -F) as soon as
the other peer goes down.

You should also consider racoon2 with ikev2. I replaced racoon with
racoon2 on all our peers and had no stale SAs / rekeying problems since
then.


Petar


Thanks for that advice.

I've looked at it, and seems promising. Can't seem to find if anyonehas successfully used it with the Cisco VPN client though.

References:
- ipsec-tools-current, -4 and Cisco VPN
  - From: Jason Lingohr
- Re: ipsec-tools-current, -4 and Cisco VPN
  - From: Petar Bogdanovic

Prev by Date: Re: Totally confused by Install Network Settings
Next by Date: Re: Totally confused by Install Network Settings
Previous by Thread: Re: ipsec-tools-current, -4 and Cisco VPN
Next by Thread: raidctl query
Indexes:

Home | Main Index | Thread Index | Old Index