Re: [Ipsec-tools-devel] CMPSADDR problem

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> NetBSD does more things on kernel about ports, and it probably solves
> at least some of the problems.
>=20
> I'll have to make a test configuration between all three
> implementations to see exactly how they deal with such problems.

Yvan, thanks. That would be great.=20

I just checked the code of NetBSD. The code for previously mentioned case =
is same. So, I think the patch is not there. Though, I have not tested the =
scenario with the setup. If somebody has a netbsd peer-peer racoon without =
NAT support, please let me know SIGHUP at one peer sends a ipsec-sa delete =
message to other. =20

Another question, when an ipsec-sa delete message is received, should =
racoon delete the intbound ipsec-sa too?  Rightnow, there is a comment =
saying in purge_ipsec_spi (isakmp_inf.c:1178).

 /* don't delete inbound SAs at the moment */
 /* XXX should we remove SAs with opposite direction as well? */

                 suresh.