On Thu, Oct 04, 2001 at 05:47:48PM +0900, Shoichi Sakane wrote: > the freebsd's ipsec stack always uses old SA when there are some SAs for > the communication. so the other side system used old SA even when the one > had new SA. > latest KAME has the flag, net.key.prefered_oldsa, which makes the kernel > to be used new SA or old one. if the flag is not 0, the kernel uses > new one.
With that I can fix my case. Is there a special reason to default to the old one, because that breaks rebooting systems, doesn't it? -Guido To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
