Re: [m0n0wall-dev] 1.2b1 IPsec SA issues

From:	Chris Buechler <cbuechler at gmail dot com>
To:	m0n0wall dash dev at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall-dev] 1.2b1 IPsec SA issues
Date:	Mon, 27 Sep 2004 11:32:36 -0400

On Mon, 27 Sep 2004 03:36:47 -0400, Chris Buechler <cbuechler at gmail dot com> wrote:
> 
> 
> >
> > I've found several (similar) entries in your log that make me think that
> > both racoon and PIX do not use *exactly* the same settings:
> >
> >     pfs group mismatched: my:2 peer:0
> >
> > It would be interesting to get the PIX's log, too.
> >
> 
> I just noticed that.  Never did it before 1.2.  Interesting.  I did
> notice one difference between the two on lifetime, and fixed that.
> Maybe this version is more picky with mismatched settings?  I don't
> know, it's been as it is now for more than 5 months, and just now
> breaks?
> 

Since changing the one mismatched lifetime, and the one mismatched PFS
setting, it has yet to go down.  It's been about 8 hours.  Still
scratching my head as to why my screw up worked for 5 months and just
now broke.

I'll post back if it craps out again, but for now it seems to be fine.  

Sorry, looks like my error.  

-Chris