From: <ma...@ne...> - 2005-04-02 10:11:50
|
> Hm... yesterday, I downgraded racoon on both sides to the 0.5=20 > version and now racoon properly expires & deletes ISAKMP-SAs: >=20 > Mar 31 14:18:07 gate-ksap racoon: INFO: ISAKMP-SA established > Mar 31 XX.XX.XX.XXX[500]-YYY.YYY.YYY.Y[500] > Mar 31 spi:49d17b3064b97331:f80c22c6519d4e29 22:18:07 gate-ksap racoon: > Mar 31 INFO: ISAKMP-SA expired XX.XX.XX.XXX[500]-YYY.YYY.YYY.Y[500] > Mar 31 spi:49d17b3064b97331:f80c22c6519d4e29 22:18:08 gate-ksap racoon: > Mar 31 INFO: ISAKMP-SA deleted XX.XX.XX.XXX[500]-YYY.YYY.YYY.Y[500] > Mar 31 spi:49d17b3064b97331:f80c22c6519d4e29 >=20 > So, it seems that something is broken in 0.5.1 & 0.6beta1 relases. I did a cvs rdiff -r ipsec-tools_0_5 -r ipsec-tools_0_5_1, the most suspect is this change: > 2005-02-18 Yvan Vanhullebus <va...@fr...> >=20 > * src/racoon/isakmp_inf.c: Purge generated SPDs when getting a > related DELETE_SA > * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire =20 Yvan, what's your opinion on that topic?=20 --=20 Emmanuel Dreyfus Un bouquin en fran=E7ais sur BSD: http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php ma...@ne... |