[Openswan Users] Keylife and ikelifetime
Paul Wouters
paul at xelerance.com
Tue Dec 23 11:00:07 EST 2008
On Tue, 23 Dec 2008, openswan at thefeds.net wrote:
> Could you tell me if the following is expected behaviour or a bug?
>
> Whether I set keylife and ikelifetime or leave them to the default values
> I am seeing that for both phase 1 and phase 2 SAs the initiator will set
> EVENT_SA_REPLACE with the correct value, however the responder appears to
> choose a random value.
keylife and ikelifetime are not negotiated. They are used locally. Each end
uses their own specified values, plus some fuzz.
Paul
More information about the Users
mailing list