[Openswan dev]
Re: [Openswan Users] Regarding the life time for IKE SA and IPsecSA
Tuomo Soini
tis at foobar.fi
Tue Jan 17 20:38:41 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Wouters wrote:
> On Tue, 17 Jan 2006, Tuomo Soini wrote:
>
>
>>I attach patch to address that for known windows connections.
>
>
> What does this fix? We have tested l2tp connection and they stay up
> for 24+ hours without those addeded ikelifetime= and lifetime=
> settings.
>
> What is the problem you are seeing?
I have noticed that when l2tp-over-ipsec connection with windwos road
warrior goes broken it takes hours to get it working again. Using same
default values as windows uses we could drop IPSEC SA sooner making
recovering connection faster.
Usually it's beest to have similar settings on both ends.
No real bug fixed (other than old warning about type=tunnel and cosmetic
stuff).
- --
Tuomo Soini <tis at foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Foobar - http://enigmail.mozdev.org
iD8DBQFDzTmxTlrZKzwul1ERAg7qAJ4oKeSi+sgjrneesJn05uXlCMtKgwCfQj+0
5ANYHh6aptYKyhIy10hTgCM=
=PifI
-----END PGP SIGNATURE-----
More information about the Dev
mailing list