transport mode IPSec with Windows 7, static keys
Victor Sudakov
vas at mpeks.tomsk.su
Sat Sep 26 14:31:03 UTC 2015
Victor Sudakov wrote:
>
> However, FreeBSD+racoon and Windows 7 with its builtin IPsec
> PolicyAgent service work more or less (E: 3des-cbc, A: hmac-sha1) on
> pre-shared secret.
>
> The only problem I have encountered is that after Windows reboot,
> traffic stops flowing between FreeBSD and Windows until racoon is
> restarted.
>
> I wonder if it has anything to do with the net.key.preferred_oldsa
> setting.
The two sysctls:
net.key.preferred_oldsa=0
net.key.blockacq_count=0
seem to fix the reboot problem. Could anyone explain the mechanism? I
have never had to tweak them to get IPsec working between FreeBSD hosts.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-net
mailing list