Hi,

I am trying to tune racoon to react faster when bringing up an interface with a virtual ip address. When the interface is down, setkey -D command shows a phase 2 sa in the larval state with a spi of 0 and a hard lifetime of 30 seconds. It appears that racoon waits until this sa expires (30 sec) before attempting phase 1 negotiation.

There are no timer specification in the racoon.conf file for this one. I searched but failed to find the 30 second timer in the ipsec-tools sources.  Where is this implemented?

I made a modification in the session.c main loop that appears to work. Will this cause any problems?


               for (p = lcconf->myaddrs; p; p = p->next) {
                        if (!p->addr)
                                continue;
                        if (FD_ISSET(p->sock, &rfds))
                                isakmp_handler(p->sock);
                }

                if (FD_ISSET(lcconf->sock_pfkey, &rfds)){
                        check_rtsock(NULL);    <==== NEW LINE
                        pfkey_handler();
                }
 
                if (lcconf->rtsock >= 0 && FD_ISSET(lcconf->rtsock, &rfds)) {
                        if (update_myaddrs() && lcconf->autograbaddr)
                                sched_new(5, check_rtsock, NULL);  <==== why wait 5 ticks here?
                        initfds();
                }
Thanks,

Pat