Here is my attempt to fix it. I guess there more attempts Paul and Andrew
has their own? I didnt commit because there more happening around. May be
combine and take the best.
During rekey on the responder this patch validate TS before the crypto
starts. Which I think is way better. I have
Adding to the list of functions that revive ...
On Mon, 27 Apr 2020 at 12:06, Andrew Cagney wrote:
> I just pushed code to implement liveness probes using the retransmit
> timer. When retransmits time-out:
>
> - if the IKE SA hasn't established, it does a 'retry' using
> ipsecdoi_replace(st,