Re: Duplicate SAD entries lead to ESP tunnel malfunction
- From: VANHULLEBUS Yvan <vanhu_bsd@xxxxxxxxxx>
- Date: Fri, 27 Jan 2006 09:44:58 +0100
On Thu, Jan 26, 2006 at 11:51:36AM -0800, Julian Elischer wrote:
> Oleg Tarasov wrote:
> There is a sysctl that can help this behaviour but I forget which
>
> something to do with ipsec and oldSAD or newSAD or something..
net.key.prefered_oldsa, or net.key.preferred_oldsa (changed since
4.X).
It is 1 by default, and it should be set to 0 to help better
interoperability with lots of peers.....
Yvan.
--
NETASQ - Secure Internet Connectivity
http://www.netasq.com
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Duplicate SAD entries lead to ESP tunnel malfunction
- From: Oleg Tarasov
- Re: Duplicate SAD entries lead to ESP tunnel malfunction
- References:
- Duplicate SAD entries lead to ESP tunnel malfunction
- From: Oleg Tarasov
- Re: Duplicate SAD entries lead to ESP tunnel malfunction
- From: Julian Elischer
- Duplicate SAD entries lead to ESP tunnel malfunction
- Prev by Date: Re: Race condition in ip6_getpmtu (actually gif)?
- Next by Date: Re: Duplicate SAD entries lead to ESP tunnel malfunction
- Previous by thread: Re: Duplicate SAD entries lead to ESP tunnel malfunction
- Next by thread: Re: Duplicate SAD entries lead to ESP tunnel malfunction
- Index(es):
