Re: FAST_IPSEC bug fix
From: Helge Oldach (helge.oldach_at_atosorigin.com)
Date: 03/31/04
- Previous message: Greg 'groggy' Lehey: "Re: Serious bug in vinum?"
- In reply to: Mike Tancsa: "FAST_IPSEC bug fix"
- Next in thread: Julian Elischer: "Re: FAST_IPSEC bug fix"
- Reply: Julian Elischer: "Re: FAST_IPSEC bug fix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: mike@sentex.net (Mike Tancsa) Date: Wed, 31 Mar 2004 11:55:53 +0200 (MET DST)
Mike Tancsa:
>Well, its not totally a bug, but missing functionality that looks
>like is there but is not and is pretty important to keep lossy
>links functioning with IPSEC. My colleague gabor@sentex.net created
>the patch below that implements net.key.prefered_oldsa when using
>FAST_IPSEC.
Yep, this is particularly important when running IPSec against other
vendors' IPSec implementation. Many appear to prefer the new SA over the
old one.
Actually this is the only issue that stopped me from going to
FAST_IPSEC.
Please also note that the nam of the sysctl has been changed in -CURRENT
about six weeks ago to net.key.preferred_oldsa (double "r"). I would
suggest to change it for RELENG_4 also, but *only* for FAST_IPSEC.
Helge
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: Greg 'groggy' Lehey: "Re: Serious bug in vinum?"
- In reply to: Mike Tancsa: "FAST_IPSEC bug fix"
- Next in thread: Julian Elischer: "Re: FAST_IPSEC bug fix"
- Reply: Julian Elischer: "Re: FAST_IPSEC bug fix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
