Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Prefer old ipsec SAs

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    5 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cubsfan
      last edited by

      Running 2.0-RC2 (i386) built on Mon May 23 02:20:40 EDT 2011. I've got an IPsec tunnel that needs the prefer old IPsec SAs option to stay up and running.  It was working fine on 1.2.3 but on 2.0 it doesn't seem to work.

      thanks

      -andy

      1 Reply Last reply Reply Quote 0
      • C
        cubsfan
        last edited by

        Do I need to file a bug on this or anything?  I've setup a 1.2.3 box for my VPN endpoints for the time being.

        thanks
        -andy

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Can you check

          sysctl net.key.preferred_oldsa
          

          With the option on and off, see if that changes for you.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • C
            cubsfan
            last edited by

            With it enabled it reports

            net.key.preferred_oldsa: -30

            with it disabled it reports

            net.key.preferred_oldsa: 0

            thanks

            -andy

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Then it should be operating normally. If you're seeing some other issue, the IPsec logs might be helpful, and/or the setkey -D and setkey -DP output. It probably isn't the SA preferral.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.