[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Error recovery?



Our remote access client provides a single GUI that manages both physical
dial-up and IPSEC tunnel initiatiation. Since our app gets the 'disconnect'
command from the user, we can, and do, send the DELETE's, wait for them
to get on the wire, and then disconnect the phone call. The user doesn't
disconnect the call via some other UI although he can certainly unplug the
modem :-(.

We will probably keep our Phase 1 SA alive for the duration of the user's
session so we can send the necessary phase 2 DELETE's and so we can add
keep-alives in the future.

-Ben McCann

Paul Kierstead wrote:
> 
> People who connect using dial-up generally just hang-up. You can intercept
> this and try sending a DELETE, but your results may vary...
> 
> As well, numerous vendors do not keep phase-1's up, and I suspect they feel
> that renegotiating for the sake of a DELETE is not worth it.
> 
> OTOH, it would still be damn helpful where you could have it.
> 

-- 
Ben McCann                              Indus River Networks
                                        31 Nagog Park
                                        Acton, MA, 01720
email: bmccann@indusriver.com           web: www.indusriver.com 
phone: (978) 266-8140                   fax: (978) 266-8111


References: