From: Timo Teräs <timo.teras@ik...> - 2008-10-27 07:14:15
Matthew Schumacher wrote:
> I have a host using kernel 18.104.22.168 with a tunnel to a netscreen.
> For whatever reason racoon is creating a new spi which causes there to
> be a dying and mature spi for each direction, only the one that is dying
> is the newer one so the other side keeps logging errors that say that
> it's getting packets with the wrong spi effectively killing the tunnel.
> Anyone know why this is or how to fix it?
SA changes from mature -> dying when the soft lifetime has expired. It
is perfectly normal to have both, dying and mature SA:s at the same
Your symptoms sound like there's something wrong in the system clocks.
Are they synchronized? And not being adjusted by ntpd?