[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 6) ignore RESPONDER-LIFETIME notification

To: racoon@kame.net
Subject: (racoon 6) ignore RESPONDER-LIFETIME notification
From: Thomas Fritz <tf@slash10.com>
Date: Wed, 13 Nov 2002 16:18:34 +0100
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon@kame.net
Organization: slash10 network consulting
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530

Hi there!

I already posted this mail to the snap-users list....

I am trying to get a FreeBSD <-> Cisco IPsec tunnel running. Well it works so far, but the tunnels is torn down for a few seconds, every 6 min (= the SA lifetime)!

I think I found the reason why: The cisco wants to negotiate a SA delete notify, but racoon doesn't want to: 2002-11-08 16:05:17: WARNING: isakmp_inf.c:1273:isakmp_check_notify(): ignore RESPONDER-LIFETIME notification. 2002-11-08 16:05:17: WARNING: ipsec_doi.c:919:cmp_aproppair_i(): attribute has been modified.

So racoon seems not to be capable of handling delete notifications.

If racoon is capable of that:
what is the proper configuration command in racoon.conf?
(I looked for it, but didn't find anything like that...)

If it is not: The cisco box seems to rely on that message, cause it seems that the 2 peers have troubles to switch from the old to the new SA, wich was negotiated before. Is this a known problem? Is there a workaround, or even a solution?

Thanks in advance

Thomas

Follow-Ups:
- (racoon 8) Re: ignore RESPONDER-LIFETIME notification
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: (racoon 5) racoon work resumes?
Next by Date: (racoon 7) racoon source address selection
Previous by thread: (racoon 5) racoon work resumes?
Next by thread: (racoon 8) Re: ignore RESPONDER-LIFETIME notification
Index(es):
- Date
- Thread