Re: ipsec/ipfilter interaction problem

To: tech-crypto%netbsd.org@localhost
Subject: Re: ipsec/ipfilter interaction problem
From: Daniel Carosone <dan%geek.com.au@localhost>
Date: Fri, 26 Sep 2003 18:20:44 +1000

On Fri, Sep 26, 2003 at 06:20:39AM +0200, Christoph Kaegi wrote:
> Hm, what does that mean? Can I do something about it, so the SA
> doesn't die? Who can it die anyway?

setkey -D, both while working and once failed.

there are lifetimes to SA's, both in terms of time and bytes.
Normally, the SA's would be renegotiated by an IKE agent like
racoon.  You may have to explicitly set yours to 0, though I'd
imagine that should be the default for manually-added SAD entries.

--
Dan.

Follow-Ups:
- Re: ipsec/ipfilter interaction problem
  - From: Christoph Kaegi

References:
- ipsec/ipfilter interaction problem
  - From: Christoph Kaegi
- Re: ipsec/ipfilter interaction problem
  - From: Daniel Carosone
- Re: ipsec/ipfilter interaction problem
  - From: Christoph Kaegi

Prev by Date: Re: ipsec/ipfilter interaction problem
Next by Date: Re: ipsec/ipfilter interaction problem
Previous by Thread: Re: ipsec/ipfilter interaction problem
Next by Thread: Re: ipsec/ipfilter interaction problem
Indexes:

Home | Main Index | Thread Index | Old Index