from debian bug #224967
From: Jochen Friedrich <email@example.com>
If racoon is set up to accept road warriors (passive
on; generate_policy on),
racoon doesn't remove its owm SPD entries when being
stopped. So if
racoon is restarted, it no longer maintains these
entries so they will
eventually time out and ipsec stops working for those
- set up a gateway 1 to accept road warriors. Second
- start ipsec connection from gateway 2 -> ping works.
- stop racoon on gateway 1. -> ping stops. Note that on
gateway 1, the
SPD entries are still there.
- start racoon on gateway 1. -> ping resumes.
- after the SA timeout, the SPD entry will time out as
well and won't be
regenerated. -> ping stops again.
Log in to post a comment.