[Openswan dev] DPD issue with multiple tunnels between two peers

Mark-Andre Hopf mhopf at innominate.com
Wed Jul 11 03:33:43 EDT 2007

On Tue 10.07. 20:00, Benny Amorsen wrote:
> >>>>> "M-AH" == Mark-Andre Hopf <mhopf at innominate.com> writes:
> M-AH> From RFC 3706:
> M-AH>    After some number of retransmitted messages, an
> M-AH> implementation SHOULD assume its peer to be unreachable and
> M-AH> delete IPSec and IKE SAs to the peer.
> I'm not sure what your point is.

It means that it is okay to delete ALL SAs to the peer.


mark-andre.hopf at innominate.com
senior software engineer           innominate security technologies AG
development                             protecting industrial networks
tel: +49.30.6392-3284  fax: -3307                http://innominate.com
Pound for pound, the amoeba is the most vicious animal on earth.

More information about the Dev mailing list