From owner-FreeBSD-net-jp@jp.FreeBSD.org Thu Dec 11 18:40:41 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id hBB9efl04993;
	Thu, 11 Dec 2003 18:40:41 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from gate.m-saki.dyndns.org ([2001:3e0:36a:0:260:94ff:fef0:2dd])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet6 id hBB9efM04988
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Thu, 11 Dec 2003 18:40:41 +0900 (JST)
	(envelope-from m-saki@rr.iij4u.or.jp)
Received: from miffy.taihei-dengyo.co.jp (p1030-ipbffx01maru.tokyo.ocn.ne.jp [218.43.19.158])
	(user=mizutani mech=CRAM-MD5 bits=0)
	by gate.m-saki.dyndns.org (8.12.7/8.12.7) with ESMTP id hBB9eZrW087699
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Thu, 11 Dec 2003 18:40:35 +0900 (JST)
	(envelope-from m-saki@rr.iij4u.or.jp)
Message-ID: <87he07heul.wl@miffy.taihei-dengyo.co.jp>
From: Masaki Mizutani <m-saki@rr.iij4u.or.jp>
To: FreeBSD-net-jp@jp.FreeBSD.org
In-Reply-To: <yger7zbvib2.wl%ume@mahoroba.org>
References: <87k753hiyf.wl@miffy.taihei-dengyo.co.jp>
	<yger7zbvib2.wl%ume@mahoroba.org>
User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.4 (Hosorogi) SLIM/1.14.9 (MEGUMI) APEL/10.4 MULE XEmacs/21.4 (patch 12) (Portable Code) (i386--freebsd)
X-Face: DP-3apzI<SXXJs>,JOcx>nG;Fs;Mwu41fN=FKlS)v*@UCXto4?HI{:v@j|}_Na+S}Ot(-Q.
 y"4-bLy7Rk;b2_s&?}!Pye?I~\7Sf=j.;hcg.04R@:\{rR]79zY4zS-7+?#~!9_cyn:D@T0iIR;$6X
 gd5cUd[.][-0x'$(V8-pK?[7CW^^V>@'iNga\>Z'
MIME-Version: 1.0 (generated by SEMI 1.14.4 - "Hosorogi")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: FreeBSD-net-jp@jp.FreeBSD.org
Precedence: list
Date: Thu, 11 Dec 2003 18:40:34 +0900
X-Sequence: FreeBSD-net-jp 4041
Subject: [FreeBSD-net-jp 4041] Re: =?ISO-2022-JP?B?GyRCOEUkJBsoQg==?= SA
 =?ISO-2022-JP?B?GyRCJHI7SCQkQjMkMSRrJE4kTyRKJDwbKEI=?= ?
Sender: owner-FreeBSD-net-jp@jp.FreeBSD.org
X-Originator: m-saki@rr.iij4u.or.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+031208

$B7j$,$"$C$?$iF~$j$?$$(B $B$_$:$?$K$G$9!#(B

At Thu, 11 Dec 2003 18:02:09 +0900,
Hajimu UMEMOTO <ume@mahoroba.org> wrote:
>   sysctl net.key.prefered_oldsa=0 $B$r;n$7$F$_$F$/$@$5$$!#(B

$B$_$4$H$K?7$7$$(BSA$B$r;H$C$F$/$l$k$h$&$K$J$j$^$7$?!#(B

...$B$C$F$$$&$+!"$J$s$+8+$?;v$"$kJQ?t$@$J$!$H;W$C$?$i(B
man racoon.conf $B$K$7$C$+$j=q$$$F$"$j$^$7$?!#$4$a$s$J$5$$!#(B

             initial_contact (on | off);
                     enable this to send an INITIAL-CONTACT message.  The
                     default value is on.  This message is useful only when
                     the implementation of the responder choices an old SA
                     when there are multiple SAs which are different estab-
                     lished time, and the initiator reboots.  If racoon did
                     not use the message, the responder would use an old SA
                     even when an new SA was established.  The KAME stack has
                     the switch in the system wide value, net.key.pre-
                     ferred_oldsa.  when the value is zero, the stack always
                     use an new SA.

/etc/sysctl.conf $B$K!V(Bnet.key.prefered_oldsa=0$B!W=q$$$F$*$/;v$K$7$^$9!#(B
$B$"$j$,$H$&$4$6$$$^$7$?!#(B

$B$A$J$_$K!"8E$$(BSA$B$r;H$o$J$1$l$P$J$i$J$$$h$&$J>u67$H$$$&$N$O(B
$B$I$&$$$&;~$J$N$G$7$g$&$+!#2?$+$N967bBP:v$G$7$g$&$+(B?

-- 
$B?eC+!!@5<y(B / m-saki@rr.iij4u.or.jp
PGP Fingerprint: E551 12B2 CF6B 50EA BD5C  CFD1 FF41 0F6E 595C 92CE
PGP Public Key : http://m-saki.dyndns.org:8888/%7Emizutani/mizutani_gpg.asc
