From: Michal L. <mi...@lo...> - 2004-09-13 14:36:44
|
On Fri, 10 Sep 2004, Emmanuel Dreyfus wrote: > On Fri, Sep 10, 2004 at 03:18:30PM +0900, Shoichi Sakane wrote: > > i made the patch for the current racoon in the repository > > to support the features. i attached it to this mail. > > I discovered a small problem when testing with multiple users: > > racoon allocates internal IP addresses that are configured on the > client through ISAKMP mode config. In racoon.conf, I have > generate_policy set to on so that the policy gets created according to > the allocated IP. > > Problem: that policy is not deleted when the client disconnects. When > another client will connect from another external IP and will get the > same internal IP, phase 2 will break because the older policy is still > around. In other words the policy is not deleted after the client properly shuts down the connection? > Is there a config trick to have the automatically generated policies > deleted on SA deletion, or should I take care of it on my own in ISAKMP > mode config code? It should probably be solved in the generic SA deletion code. Would you mind fixing it there? Michal Ludvig -- * A mouse is a device used to point at the xterm you want to type in. * Personal homepage - http://www.logix.cz/michal |