On Mon, 5 May 2014, Syed Ajim Hussain wrote:
Thanks for your reply, This problem happened in real scenario, problem is- both the Tunnel end points are different vendor, They handle it differently.We can defined this behavior in RFC, Also we have some other scenarios, it will be better if we define these extreme case behavior also in RFC, to make inter-op smooth.
In libreswan (openswan) the daemon processes one packet at a time, so by definition one of the child SA's finishes before the other, no matter how close the timing is. It also has a feature "uniqueids" that would (dis)allow identical Child SA's, so the latter one establishing replaces the previous one established. I'm not convinced your issue is a protocol issue. It seems more like an implementation issue? If any of your endpoints involved libreswan/openswan, feel free to contact me. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
