Menu
▾
▴
Re: [Ipsec-tools-devel] [ANNOUNCE] Ipsec-tools 0.7-beta3 released
|
From: Jefferson L. F. <fr...@gm...> - 2012-09-03 18:20:11
|
Tore Anderson <tore@...> writes: > > * VANHULLEBUS Yvan > > > I guess we should simply discard anything related to lifebyte, but I'm > > not sure it won't cause problems with some peers that set up a value > > for lifebyte... > > > > Did your peer really sent a proposal with a lifebyte of 4,5 Mb, or is > > this another lifebyte related bug/issue/problem on ipsec-tool's side ? > > > > And was your peer an ipsec-tools's racoon (in which version ?) or > > "something else" ? > > The peer is a Cisco ASA with OS version 7.2.2, and it really did > propose a lifebyte of 4.5 MB. According to my client it's not possible > to disable this completely. I'm using racoon 0.7-beta3. > > However I'm more concerned about the racoon part of the log message. > If racoon proposes a lifebyte of 2GB, but sets up the IPSEC SAs without > any lifebyte, won't that cause the peer to expire tose SAs prematurely > if 2GB is transferred before the lifetime has elapsed? And won't that > cause connectivity problems? > > I think this might have been the trouble I had speaking to this > device. At apparantly random intervals the Cisco would send me a > delete SA notification (delete SA didn't work with 0.6.6 so > connectivity was interrupted). I believe that was due to the 4.5 MB > limit being hit, the Cisco apparantly thought we'd agreed to such a > lifebyte. > Hi Tore, Searching for a solution of my problem, I found your question about set a lifebyte in racoon. Aparently my problem is the same - my Peer: racoon - my partner peer CISCO, and the log: [racoon: ERROR: lifebyte mismatched: my:2147483647 peer:0 ] Did you find some way to solve this problem ? Or to set the lifebyte ? Thanks a lot ! Regards. Jefferson. |
