|
||||||||
> My current opinion is that almost all problems with traffic not > passing in spite of good SAs are caused by "orphaned" send SAs whose twins have > dsappeared from the receiving end. Depending on the SA selection priority > at the sender, these can be problematic even when properly paired SAs are > also available. How would one be able to find these "orphaned" send SAs? In the gui under "diagnostics/IPsec/SAD"? In any case, rebooting the m0n0's on each end of the tunnel should get rid of any orphaned stuff. |