On Mon, Jan 29, 2024 at 10:51 AM Jen Linkova <[email protected]> wrote:
> It looks like the ESP ping capability needs to be negotiated. > The question is: shall it be another IKEv2 Configuration attribute or smth > else? > Anyway it means that the proposed mechanism can not be completely > uncoupled from IKE... > Not necessarily. A VPN client might know for sure that the server it wants to talk to supports ESP ping. Before the IKE handshake, it could send the ping, and if no response came back, it simply wouldn't bother with negotiating ESP or IPv6 at all and just go back to IPv4.
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
