Thanks. This was a change that came into the KAME code after I'd branched.
I need to diff all of the KAME code since that time and merge the relevant
bug fixes.
Sam
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd
-Original Message-
> From: Gabor [mailto:[EMAIL PROTECTED]
> Sent: Thursday, 11. September 2003 20:32
> To: [EMAIL PROTECTED]
> Cc: Sam Leffler
> Subject: FAST_IPSEC doesn't seem to honor net.key.prefered_oldsa=0
>
>
> When using the FAST_IPSEC option
When using the FAST_IPSEC option in the kernel build, the sysctl
variable net.key.prefered_oldsa seems to make no difference. The
kernel always chooses an old SA. This problem can be easily
reproduced. Just wait till the soft limit of the SA is expired and do
a setkey -F on the remote and then pi
