[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd and reboots

To: Lars Hansson <lars@unet.net.ph>
Subject: Re: isakmpd and reboots
From: Hakan Olsson <ho@crt.se>
Date: Mon, 18 Mar 2002 18:23:46 +0100 (CET)
Cc: misc@openbsd.org

The by far easiest way is to 'kill <isakmpd-pid>' before you reboot.

This causes DELETE notifications to be sent to the other part, making it
clean up it's phase-2 SAs. (Note: make sure you don't disconnect
yourself...).

/H

On Mon, 18 Mar 2002, Lars Hansson wrote:

> I have a slight problem with isakmpd.
> Lets say I have 2 computers connected using isakmpd/ipsec. Everything works
> just fine.
> However, if I reboot one of them there wont be an encrypted connection
> when it is back up. The logs says INVALID_COOKIE wich i presume is
> because the machine that was rebooted uses a zero cookie and the machine
> that wasnt is expecting a real cookie since it still thinks the SA's are valid.
> Now, is there any way to get an automatic renegotiation upon reboot or something
> similar?
> I'd rather not have to manually restart the isakmpd on every single machine
> in case one has to be rebooted. Sort of inconvenient if some of them are in
> other countries.
>
>
> --
> Lars Hansson
>
>

--
Håkan Olsson <ho@crt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4264        & Technology AB

Follow-Ups:
- Re: isakmpd and reboots
  - From: Lars Hansson <lars@unet.net.ph>

References:
- isakmpd and reboots
  - From: Lars Hansson <lars@unet.net.ph>

Prev by Date: asheron's call and pf
Next by Date: Re: mounting a netbios share in openbsd...
Prev by thread: isakmpd and reboots
Next by thread: Re: isakmpd and reboots
Index(es):
- Date
- Thread