Hello,
I think this is not related to the SPD generation, but to the usage of old SA. Look at this thread: http://www.mail-archive.com/[email protected]/msg00650.html and also at my posts to ipsec-tools-devel mailing list: http://sourceforge.net/mailarchive/forum.php?thread_id=7969146&forum_id=32000 which propose a workaround (but not good for inclusion into package). So far, the fix is neither in kernel, nor in racoon (it can be at both places, racoon could flush old SAs, kernel could use the newest one). Juraj. -- Juraj Bednar http://www.jurajbednar.com/ http://sk.jurajbednar.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
