[vpn-help] -12 against ipsec-tools 0.6.6

Matthew Grooms mgrooms at shrew.net
Mon Aug 7 17:58:55 CDT 2006


Peter Eisch wrote:
> On 8/7/06 4:19 PM, "Matthew Grooms" <mgrooms at shrew.net> wrote:
> 
> client:  XP patched to current.
> server: netbsd-3 with stock 0.6.6 (netkey -- KAME kernel extensions)
> 

Thanks for the info.

> When I click on "Disconnect" in the client's panel, does it just initiate a
> close to the session -- one that the racoon server will recognize as reason
> to tear down the existing SAs?  I should also test the rekeying.  I'll test
> that tomorrow.
> 

The client will send sa delete messages to racoon which should help it 
cleanup its sa database. Version 1.1 will also include dead peer 
detection support so if the client disconnects in an irresponsible 
fashion, the peer will be able to cleanup without waiting for the sa's 
to expire.

> 
> FWIW: I can get you onto my "lab" where you can sandbox to your heart's
> content if it would help.
> 

Let me give this a go. It may take me a few days to get back to you as I 
am knee deep in another area at the moment. I may take you up on your 
offer if it helps track down the problem.

Thanks again,

-Matthew



More information about the vpn-help mailing list