Felipe Polanco wrote: > > Does this not cause excessive SAs piling up? I've seen a similar > > problem with Strongswan on my side and a MikroTik on the remote side: > > too many excessive SAs in "ipsec status" output and in MikroTik's > > management console. > > > > My theory was that each trapped packet causes a new SA to be > > attempted/generated until some limit is hit or some resource is > > exhausted. > Haven't seen that issue. > > But you should use reuse_ike SA and reuse_child SA, that avoids duplicates > SA for phase one and phase two. >
What's their equivalent in the old (ipsec.conf) syntax? I could not find them in ipsec.conf(5) -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
