[Openswan Users] How to configure Rekey IPSEC_SA and Rekey IKE_SA
Paul Wouters
paul at xelerance.com
Tue Oct 26 10:12:29 EDT 2010
On Tue, 26 Oct 2010, Yatong Cui wrote:
> I'm a little bit confused about how to configure rekeying(IPSEC_SA and IKE_SA) in openswan.
>
> Is the 'salifetime=' equivalent to the time of rekeying for IPSEC_SA and 'ikelifetime=' equivalent to the time of rekeying for the IKE_SA?
yes.
> Do i need to further specify the 'rekeymargin' for the margintime and 'rekeyfuzz' for randomization ?
Only if you don't like the defaults for them, which should be fine.
Paul
More information about the Users
mailing list