Victor Sudakov wrote: > > However, FreeBSD+racoon and Windows 7 with its builtin IPsec > PolicyAgent service work more or less (E: 3des-cbc, A: hmac-sha1) on > pre-shared secret. > > The only problem I have encountered is that after Windows reboot, > traffic stops flowing between FreeBSD and Windows until racoon is > restarted. > > I wonder if it has anything to do with the net.key.preferred_oldsa > setting.
The two sysctls: net.key.preferred_oldsa=0 net.key.blockacq_count=0 seem to fix the reboot problem. Could anyone explain the mechanism? I have never had to tweak them to get IPsec working between FreeBSD hosts. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
