I just set up a IPSec Connection between two Routerboards ROS v. 6.13
The connection works fine.
I just noticed that there seems to be something wrong with the rekeying.
As far as I understand the logic the rekeying of the phase2 should happen while
the current SAs are in the "dying" state.
To me it looks like the rekeying only happens when the old SA is hard expired and removed.
This leads to some packets of loss on each rekey.
Am I missing something or how could this be fixed?