On 24 nov 2006, at 22.44, Brian Candler wrote:
Is this 60 second timeout a tunable? Or can you point me to where it's defined in the kernel? I'd like to try increasing it.
sysctl net.inet.ip.ipsec-invalid-life=60(If you're curious, look at reserve_spi() in /usr/src/sys/netinet/ ip_ipsp.c)
/H