[Openswan Users] How to configure Rekey IPSEC_SA and Rekey IKE_SA
yacui at redhat.com
Tue Oct 26 03:30:19 EDT 2010
I'm a little bit confused about how to configure rekeying(IPSEC_SA and IKE_SA) in openswan.
Is the 'salifetime=' equivalent to the time of rekeying for IPSEC_SA and 'ikelifetime=' equivalent to the time of rekeying for the IKE_SA?
Do i need to further specify the 'rekeymargin' for the margintime and 'rekeyfuzz' for randomization ?
(I've already set the rekey to yes, and pfs to yes.)
Thanks a lot for your reply in advance.
More information about the Users