Herbert Xu wrote:
> Patrick McHardy <[EMAIL PROTECTED]> wrote:
>
>>Linux does use the new SA when looking it up again, but it caches the
>>resolved bundles until an SA expires or is deleted. You could change
>>racoon to remove the old SA and thus behave similar to Cisco, but this
>>is wrong for mu
Patrick McHardy <[EMAIL PROTECTED]> wrote:
>
> Linux does use the new SA when looking it up again, but it caches the
> resolved bundles until an SA expires or is deleted. You could change
> racoon to remove the old SA and thus behave similar to Cisco, but this
> is wrong for multiple reasons. The
On Sat, 09 Jul 2005 16:49:01 +0200, you wrote:
>Arkadiusz Patyk wrote:
>> Racoon calculates soft lifetime as 80% of lifetime.
>> Cisco always uses 30s.
>> When lifetime is 600s soft is 480s.
>>
>> In 480s racoon initiates new phase 2 negotiation.
>> New IPsec-SA is established, but old exists an
Arkadiusz Patyk wrote:
Racoon calculates soft lifetime as 80% of lifetime.
Cisco always uses 30s.
When lifetime is 600s soft is 480s.
In 480s racoon initiates new phase 2 negotiation.
New IPsec-SA is established, but old exists and will
be used for next 120s.
After 30s cisco switches to new SA
Hi,
Linux 2.6.11.10
ipsec-tools 0.6
Racoon calculates soft lifetime as 80% of lifetime.
Cisco always uses 30s.
When lifetime is 600s soft is 480s.
In 480s racoon initiates new phase 2 negotiation.
New IPsec-SA is established, but old exists and will
be used for next 120s.
After 30s cisco switc