On 2/20/06, John Cianfarani <[EMAIL PROTECTED]> wrote: > Holy crap Batman! This might have fixed it. > Did a little bit of testing only with the pix as the remote client it > comes up after simulated power outages and builds the tunnel again > without issue. > Tested with long/short SA see how it reacts if SAs are expired and it > still comes up. > It actually seems pretty stable actually and pretty tough to make the > tunnel fail now.
Good to hear. I just did a little research on that option...surprisingly it does the opposite of what I'd expect it to do. Setting preferred old sa in the web gui, sets the kernel sysctl net.key.preferred_oldsa=0, which means it prefers NEW SA's (which is a good thing). We'll kick it around and see what the best thing to do here is. > Will continue doing some testing to confirm. > > Thanks for the tip! No problem, glad that helped. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
