[Openswan Users] Expiring SA based on traffic volume, and manual expiration of SA
Paul Wouters
paul at xelerance.com
Thu Dec 18 14:13:32 EST 2008
On Thu, 18 Dec 2008, Jennifer Agarwal wrote:
> My client is interested in expiring the SA based on elapsed time, traffic volume, and having the ability to
> manually expire an SA.
>
> I have found the ipsec.conf file contains the parameters "keylife" for IPsec SA and "ikelifetime" for ISAKMP
> SA. Both of these parameters allow the user to set the time before new SAs are negotiated.
>
> Does anyone know how I would allow the expiration of the SA manually or based on traffic volume?
That's currently not implemented. It should not be too hard to do, as the traffic statistics
are available in both KLIPS and NETKEY.
Paul
More information about the Users
mailing list