Oleg Tarasov wrote:
Hello,
I run FreeBSD 6.0 and installed latest ported version of ipsec-tools.
A had to create two IPSEC tunnels to two different hosts. On one host
runs FreeBSD too, on another host is located hardware router DI-804HV
(D-Link). That router is supposed to support IPSEC tunnelling and
seems to work fine.
When IPSEC tunnel is established two SAD entries are created - one per
direction. This is normal functioning.
In my case sometimes there are two more created. Some connection
problem occurs causing both sides to reestablish tunnel. Both sides
report that tunnel is established successfully but no packets can pass
through tunnel. Dumping SAD entries using
setkey -D
shows that there are two SAD entries for both address pairs.
How can this happen anyway?
Flushing SAD entries helps tunnel to return its functionality - after
this tunnel is established successfully and works properly.
There is a sysctl that can help this behaviour but I forget which
something to do with ipsec and oldSAD or newSAD or something..
==========
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
