[Openswan Users] How to configure Rekey IPSEC_SA and Rekey IKE_SA

Yatong Cui yacui at redhat.com
Tue Oct 26 03:30:19 EDT 2010


Hi all,

I'm a little bit confused about how to configure rekeying(IPSEC_SA and IKE_SA) in openswan.

Is the 'salifetime=' equivalent to the time of rekeying for IPSEC_SA and 'ikelifetime=' equivalent to the time of rekeying for the IKE_SA?

Do i need to further specify the 'rekeymargin' for the margintime and 'rekeyfuzz' for randomization ? 

(I've already set the rekey to yes, and pfs to yes.)

Thanks a lot for your reply in advance.

Thanks
Frank


More information about the Users mailing list