On Wed, Jan 25, 2006 at 06:16:04PM -0500, Buddy Vernon wrote:
> I have built a network/network tunnel using racoon.
> On one end of the tunnel I have servers and the other end I have clients.
> Only clients initiate connections, so IKE negotiations are only started from
> the client end.
> Periodically, I need to flush the SA's on the gateway at the server end.
Why do you need to flush your SAs ???
> How do I ensure that the SA's on the client end are also flushed so that old
> aren't still used and new SA's are negotiated after a flush on the server
Send some DELETE_SA IKE message from server side racoon to client side
I guess flushing SAs from racoonctl will also do that (well, at least,
I think it should).
Or put a DPD configuration on client side racoon.....
NETASQ - Secure Internet Connectivity