From: Wilfried B. (PERSO) <wba...@on...> - 2006-11-26 22:30:50
|
Aarh also : When I do=20 "echo delete A.B.C.D I.F.G.H esp 124571628 | setkey -c " I get that in the logs: racoon: INFO: unsupported PF_KEY message REGISTER And the SA does not end, so what ? Wilfried Wilfried Barnavon (PERSO) a =E9crit : > Hello Yvan > > VANHULLEBUS Yvan a =E9crit : > =20 >> What do you mean exactly by "drop" ? >> Just removing SAs, or completly disable the tunnel ? >> >> In the first case, you can just try to delete the SAs directly by >> using setkey, but that won't send DELETE-SAs to the peer. >> >> =20 >> =20 > Well. I can set the SA down with the "delete" command of setkey. I just= =20 > need to get the SPI. That's true ? > > =20 >> In the second case, you can use the config reload function, but you'll >> need to use HEAD version to have it, or wait for the 0.7 branch. >> =20 >> =20 > Arrh ... what is HEAD version ? how to get it ? > > =20 >> Are you talking about the conf reload mode, or about the "purge SAs" >> in the monitor ? >> >> =20 >> =20 > I can have to purge a SA from a freezed peer, in this case I need to=20 > purge the SA. But if I have to test a config, I can need to reload=20 > config of racoon without dropping any other tunnel. > =20 >> I reported the first one to HEAD (so it will be included in 0.7.x), >> but the second uses a custom PFKey message, which is not (yet ?) >> public (as I didn't expect other people would need it), which is >> mainly a kernel patch. >> >> =20 >> =20 > Where can I get such a kernel patch ? > Do you know when the 0.7 mainline stream will be out ? > Thanks for your answers > > Wilfried > =20 >> Yvan. >> >> =20 >> =20 > > > -----------------------------------------------------------------------= -- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share= your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D= DEVDEV > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel > =20 |