Mike Tancsa wrote:
At 04:43 PM 12/11/2009, Jon Otterholm wrote:
> Also, what does
> sysctl net.key.preferred_oldsa
>
> show ?
It has not jamed up yet but here is output from sysctl:
net.key.preferred_oldsa: 1
Would it help setting it to 0 to force renewal of keys at reconnection?
I think it should allow your end to honor the other side's new SA should
it want one ahead of schedule
yes this sysctl allows the other side to negotiate a new key at
any time. (for example after it reboots).
If you have the old SA prefered, then after your peer reboots and
comes up again. You can't communicate with it until the SA
you negotiated with him originally times out (which may be
some minutes or even hours later).
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
