[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: isakmpd and reboots
The by far easiest way is to 'kill <isakmpd-pid>' before you reboot.
This causes DELETE notifications to be sent to the other part, making it
clean up it's phase-2 SAs. (Note: make sure you don't disconnect
On Mon, 18 Mar 2002, Lars Hansson wrote:
> I have a slight problem with isakmpd.
> Lets say I have 2 computers connected using isakmpd/ipsec. Everything works
> just fine.
> However, if I reboot one of them there wont be an encrypted connection
> when it is back up. The logs says INVALID_COOKIE wich i presume is
> because the machine that was rebooted uses a zero cookie and the machine
> that wasnt is expecting a real cookie since it still thinks the SA's are valid.
> Now, is there any way to get an automatic renegotiation upon reboot or something
> I'd rather not have to manually restart the isakmpd on every single machine
> in case one has to be rebooted. Sort of inconvenient if some of them are in
> other countries.
> Lars Hansson
Håkan Olsson <firstname.lastname@example.org> (+46) 708 437 337 Carlstedt Research
Unix, Networking, Security (+46) 31 701 4264 & Technology AB