Paul Wouters writes:
> So why not, instead of a random process, exchange the maximum Child SA
> lifetime accepted before rekey? If the numbers are identical, prefer the
> current exchange initiator.
>
> That way, it is deterministic and both endpoints inform the other end
> when (plus or minus som
Hi Harold,
I failed to understand one thing. The situation you are trying to avoid
in most cases happens if peers are configured with equal SA lifetime.
Why you don't just configure your gateways with different lifetimes?
It seems to me that in scenarios you describe you have a total control over
