[Openswan Users] Keylife and ikelifetime
openswan at thefeds.net
openswan at thefeds.net
Tue Dec 23 13:26:39 EST 2008
I will try specifying the fuzz. Currently I am seeing some SAs lasting for
only 30% of the locally configured life (local life = remote life).
Tim
On Tue, 23 Dec 2008, Paul Wouters wrote:
> On Tue, 23 Dec 2008, openswan at thefeds.net wrote:
>
>> Could you tell me if the following is expected behaviour or a bug?
>>
>> Whether I set keylife and ikelifetime or leave them to the default values
>> I am seeing that for both phase 1 and phase 2 SAs the initiator will set
>> EVENT_SA_REPLACE with the correct value, however the responder appears to
>> choose a random value.
>
> keylife and ikelifetime are not negotiated. They are used locally. Each end
> uses their own specified values, plus some fuzz.
>
> Paul
>
More information about the Users
mailing list