Krzysztof Oledzki wrote: > > > On Mon, 1 Aug 2005, Herbert Xu wrote: > >> On Mon, Aug 01, 2005 at 05:46:26AM +0200, Krzysztof Oledzki wrote: >> >>> >>> Any new patches to test? ;) >> >> >> As I said in an earlier message, you should patch racoon to delete >> the old *outbound* SA when the new SA has been negotiated. > > > Did not receive this one, sorry :(. However, the same question was asked > to racoon developers and the answer was, that it is kernel job. They > even pointed that KAME IPSec stack can be tuned to (or not to) prefer > old SA.
The kernel's job is to use a valid SA. In this case both are valid and the peer is buggy. So I think the suggestion to work around this in the keying daemons is not unreasonable. Regards Patrick - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
