[Top] [All Lists]

Re: [IPSEC] Too many SADs!

To: netdev@xxxxxxxxxxx
Subject: Re: [IPSEC] Too many SADs!
From: Wolfgang Walter <>
Date: Tue, 22 Mar 2005 00:52:52 +0100
Cc: sfrost@xxxxxxxxxxx
Organization: Studentenwerk München
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: KMail/1.7.2
We had the same problem. Seems to be a limitation of the pfkey-implementation 
of linux.

racoon and setkey both use the pfkey-interface.

We switched to iproute2 and openswan which both use the netfilter-interface. 
Therefor they can handle thousands of SAD and SPD rules.


Wolfgang Walter

<Prev in Thread] Current Thread [Next in Thread>