[Openswan Users] best config for Windows2003
Paul Wouters
paul at xelerance.com
Mon Apr 16 22:42:18 EDT 2007
On Fri, 13 Apr 2007, Remigiusz Stachura wrote:
> I have a setup with a linux server connecting to a Windows 2003
> server using IPsec in PSK host-to-host transport mode. Only linux sent
> files to windows server. The linux server is using Openswan 2.4.6 on
> kernel 2.6.18. Windows side uses default configuration for IKE SA and
> IPSEC SA lifetime. What values should I set for IKELIFETIME and
> KEYLIFE
Stick with the defaults.
> and does linux should have set: rekey=yes or rekey=no?
You only should use rekey=no if the other end is a dynamic ip (eg right=%any)
> What should I set: auto=add or auto=start if linux server sent 300MB
> files every 12-20 hours.
Only use auto=add if you the other end is a dynamic ip (eg right=%any).
Paul
More information about the Users
mailing list