Hi,

when testing with current racoon/ipsec i found following annoying
behaviour:
	Nodes A and B enjoy working communication (SA established)
	A crashes (take any of my past panic PRs for a valid reason 8-)
	After A recovers B has trouble communicating with A as
	it (B) believes to have valid SAs (but unknown to A) and A
	drops them into the bit bucket. So B seems to have to
	wait until its old (now invalid SAs) time out.
	Things mmediately get fine when A is forced to communicate with
	B (e. g. ping) because it establishes a new PH1
	association and sends an INITIAL_CONTACT message that
	flushes the old SAs. But what happens when A has no
	reason to talk to B after a crash?

Now is there a config option to avoid this scenario or do we have a weak
protocol here? Scanning through the jenkins rekeying draft an racoon
manuals i haven't found a workaround yet.

Regards,
  Frank