[Openswan dev] Phase 2 Negotiation Reliability
Herbert Xu
herbert at gondor.apana.org.au
Mon Aug 16 19:11:50 CEST 2004
On Sun, Aug 15, 2004 at 08:46:23PM -0400, Michael Richardson wrote:
>
> DPD can have another component that tests that the phase 2 is up, but
> it isn't implemented.
Yes that sounds like a great idea. Is there any effort in the WG to
do this in a standard way?
> In the interium, adding a message to the protocol would be best idea,
> based upon a vendor ID.
Well since a modified DPD will solve the problem as well (along with some
other problems, e.g., phase 2 rekeyed, responder reboots, phase 1
rekeyed due to normal expiration => no phase 2 on the responder),
and it's about the same in terms of the cost to interoperability, it
would seem best to direct the effort there until IKEv2 arrives.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Dev
mailing list