[Openswan Users] Key lifetimes (fwd)
Michael Richardson
mcr at xelerance.com
Mon Oct 23 12:01:36 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Mike" == Mike Horn <lists at caddisconsulting.com> writes:
Mike> Thanks, it appears that the max IKE lifetime is 24hrs based on
Mike> the entry in ietf_constants.h (thanks to Tuomo Soini for
Mike> pointing this out). I would suggest updating the ipsec.conf
Mike> man page with this value as the current entry defining a 8hr
Mike> max lifetime could confuse other Openswan newbies like it did
Mike> me.
Right. we reject it at policy loading time, and if the peer proposes
it, we log it. I don't see a reason to retain this check.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRTznXICLcPvd0N1lAQKb3gf9HDYvDtuzuikXNjDSFuDzvO26eRQhHTqS
cZDUKBML69LuziSxYJIVzQxH63uzYvR4apZ/UbGFjojZdsOzQkTNc/ADI95PLnKk
gzjef6idF6d4DeckpLGG67E73wSPeWyAuYodmxXe8BgyyNwWMSbQjohmmUlGp5Dg
2LFaUoTwPwKX14c/lsHXnm+w1vGAED5ERrPb8suaitRN60J/CNDp8joX80rf02+k
CRcfJx26A0MyZLcPEs4/3lBZgjit1GXvf1x4U077zPCQ2l9gah7TFX0hYHR4SFLJ
NzCsubpEBHSabOZw6VyutRG7OC68d91pJH6gG/lwqpZQ3l9Xt+LMkw==
=48HV
-----END PGP SIGNATURE-----
More information about the Users
mailing list