[Openswan Users] Keying parameters
Paul Wouters
paul at xelerance.com
Mon Dec 8 14:13:54 EST 2008
On Thu, 4 Dec 2008, Philip Mountifield wrote:
> When negotiating parameters do the end of the vpn tunnel tell each other
> what lifetime they have to the IKE ans IPsec SA?
some implementations tell the other, but it is not part of the negotiations.
That is, both ends do not need to agree. Whoever finds that their keylife is
about to end, should do its own rekeying.
> I have a openswan
> server which is connecting to a freeswan (1.99) based router and the
> router is initiating the connection but it seems to drop and recover as
> if the timings are out of sync.
FreeS/WAN used to refuse certain long keylifes. I believe 86400 was its max.
Paul
More information about the Users
mailing list