When the SAs are set up, they should have an expiration date. Correspondingly, the IPsec notifies about the expiration of SAs in hip_netdev_event() so that hipd can run CLOSE. -- You received this bug notification because you are a member of HIPL core team, which is subscribed to HIPL. https://bugs.launchpad.net/bugs/592115 Title: handle SA expiration properly Status in Host Identity Protocol for Linux: Confirmed Bug description: Currently SAs do not expire at all and therefore those events are not catched at all.