On Tue, Aug 25, 2015 at 01:17:06PM -0400, D. Hugh Redelmeier wrote: > I don't think so. The way you described the original problem, two > identical tunnels are created through a race condition. So they both > will have similar lifetimes. > > "replaced" is not a concept in IKEv1. It is a weak notion in our code. > There is no way to know if the other side shares that notion. > > Off the top of my head, without due diligence, I would say that if one SA > is deleted, and it is the eroute owner, and there is an identical SA, it > should be made the eroute owner. > > | We are not talking about a second > | tunnel here (from what I understand) > > I think that we are. But the tunnels have essentially identical > policies.
No we are not. Cisco occationally sends two SAs for the same connection for some reason, but only uses the most recent one as far as I understood the problem. -- Len Sorensen _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
