I'm having hard time to set up ipsec between xp pro
and linux 2.6.11 box. The problem is sometimes the
phase1 SA between the two would stuck in larval
state, and once that happens, the communication
between the two is unsecured, although both sides
have ipsec enabled.
Also, when they are talking in ipsec, after a few
minutes, if I disable ipsec on the xp box, they will
not be able to communicate. I believe the reason is
the linux side still has the SAs in the mature
state. Is there a way to nullify the SAs (or to
force it to expire)?
Here is my configuration files:
spdadd 10.10.87.59 0.0.0.0/0 any -P out ipsec
spdadd 0.0.0.0/0 10.10.87.59 any -P in ipsec
path pre_shared_key "psk.txt";
exchange_mode main, base;
lifetime time 8 hours;
lifetime time 12 hour;
encryption_algorithm 3des, des;
authentication_algorithm hmac_sha1, hmac_md5;
Log in to post a comment.