[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 918) Re: SPD Expires (problem using generate_policy on)

To: racoon@kame.net
Subject: (racoon 918) Re: SPD Expires (problem using generate_policy on)
From: VANHULLEBUS Yvan <vanhu@free.fr>
Date: Fri, 11 Mar 2005 09:46:48 +0100
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgo@kame.net
Delivered-to: racoon@kame.net
In-reply-to: <20050310075102.518BDB712@xprdmailfe18.nwk.excite.com>
References: <20050310075102.518BDB712@xprdmailfe18.nwk.excite.com>
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net
User-agent: Mutt/1.3.28i

On Thu, Mar 10, 2005 at 02:51:02AM -0500, John Doe wrote:
> 
> Hi,
> 
> I seem to have all the luck and have come across another problem
> using  the racoon IPSEC that comes with FreeBSD5.3.
> 
> The problem goes like this: I have two machines communicating
> through a tunnel between a FreeBSD server and a WindowsXP
> machine. Everything works properly and renegotiation of SA's occurs
> without a problem. When using the option "generate_policy on"
> however, after some time racoon notifies that the SPD has expired
> and deletes the entry in the database. 

I guess your problem is that SPD entries are not regenerated/refreshed
when rekeying, so they expire at the end of the first SA's life.

I fixed that problem a couple of months ago, patch has been reported
to ipsec-tools version of racoon, but it seems it hasn't been included
in KAME's version (you should find it on racoon-ml's archives).

Yvan.

References:
- (racoon 917) SPD Expires (problem using generate_policy on)
  - From: "John Doe" <rekcut11@excite.com>

Prev by Date: (racoon 917) SPD Expires (problem using generate_policy on)
Next by Date: (racoon 919) Problems talking with Checkpoint-NG
Previous by thread: (racoon 917) SPD Expires (problem using generate_policy on)
Next by thread: (racoon 919) Problems talking with Checkpoint-NG
Index(es):
- Date
- Thread