[Openswan dev] XAUTH: Re-keying without re-authenticating?
Michael Richardson
mcr at sandelman.ottawa.on.ca
Mon Feb 28 10:27:34 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Chris" == Chris Poon <dev-null at telus.net> writes:
>> My suggestion is: a) you need to have longer phase 1
>> lifetimes. 24 hours+
>>
>> b) you need to set the server and client to rekey=no. (or
>> whatever the equivalent is on Checkpoint)
>>
>> c) you need to have your UI force the rekey using "ipsec whack
>> --name foo --initiate"
Chris> b) sounds doable and c) is annoying. Let me try b) and see
Chris> what happens.
Those weren't options. Those were things to do.
a) make it less painful
b) make sure that it doesn't happened without supervision
c) supervise
- --
] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
] mcr @ xelerance.com Now doing IPsec training, see |net architect[
] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQiM4ZYqHRg3pndX9AQF4tAP+MFuEfNFp4IYLKbSVA+abYOwFKUjgO/2I
jrk98yFty2Lv6XrIdXhRiB64ksYmCu+ctAI9wv+Yex4QbL+UYPfi3zjff8foTzGb
7TrzcPb/2NyhMz2KwlOhc5Lkcji2roGJ/E14WX90tiaYtPqbyUYJpKjW9xrlYyWQ
rusjMbiRnbQ=
=CuBA
-----END PGP SIGNATURE-----
More information about the Dev
mailing list