> but freebsd use old SA. After searching maillist, I > found that net.key.prefered_oldsa=0 will solve that > problem. But why prefer old one?
the reason is for backword compatibility. you can use new one by the system wide default as you know. early kame implementation always used old one according to draft-jenkins-ipsec-rekeying-06.txt. it merged to freebsd. then net.key.prefered_oldsa was added to be able to use new one. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
