[EMAIL PROTECTED] (Matthew Dillon) writes:
> The question is: What am I forgetting to do? Or is this a bug in our
> IPSEC implementation?
AFAIK this is more or less how it's supposed to work. IPsec is a
mess. Security associations are not stateless, ESP provides replay
protection using a sequence number. Replay-prevention is, however,
optional, and the setkey manual page claims it to be off by default,
so it could be a bug...you might want to try specifying -r 0
explicitly.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
