David Wierbowski writes: > I'm not sure I'm going to buy that garage door opener if I have to wait for > dead peer detection before I can open or close it again :>).
You don't, if the device is already sleeping, and you press the button again it wakes up, creates NEW IKE SA and the IPsec SA and sends the packet forward. The single Child SA is only for the opener itself, the server it is connected is assumed to be bigger device which also is able to support multiple Child SAs simultaneously and which can do complex things like DPD etc (note that the minimal implementation can already reply to DPD as that is just empty INFORMATIONAL exchange). The garage door opener can also always put up the INITIAL_CONTACT notification so if the server has not yet deleted the IKE SA by when it connectes again it will delete it based on that notification. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
