On 24 nov 2006, at 22.44, Brian Candler wrote:
Is this 60 second timeout a tunable? Or can you point me to where it's
defined in the kernel? I'd like to try increasing it.

sysctl net.inet.ip.ipsec-invalid-life=60

(If you're curious, look at reserve_spi() in /usr/src/sys/netinet/ ip_ipsp.c)

/H

Reply via email to