[Openswan dev] Phase 2 Negotiation Reliability

Herbert Xu herbert at gondor.apana.org.au
Mon Aug 16 19:11:50 CEST 2004

On Sun, Aug 15, 2004 at 08:46:23PM -0400, Michael Richardson wrote:
>   DPD can have another component that tests that the phase 2 is up, but
> it isn't implemented.

Yes that sounds like a great idea.  Is there any effort in the WG to
do this in a standard way?
>   In the interium, adding a message to the protocol would be best idea,
> based upon a vendor ID.

Well since a modified DPD will solve the problem as well (along with some
other problems, e.g., phase 2 rekeyed, responder reboots, phase 1
rekeyed due to normal expiration => no phase 2 on the responder),
and it's about the same in terms of the cost to interoperability, it
would seem best to direct the effort there until IKEv2 arrives.

Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

More information about the Dev mailing list