<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>Dear all,</DIV>
<DIV> Update the previous letter:</DIV>
<DIV>I found that IKE_SA and Child_SA rekeying will not affect the transmitted data packets, but EAP reauthentication will. I added "reauth=no" in client, and did NOT add "reauth=no" in security gateway, EAP authentication still happened after 2 hours.</DIV>
<DIV>EAP reauthentication will cause packet loss but I have no idea how to avoid EAP reauthentication without controlling the behavior of security gateway?</DIV>
<DIV> </DIV>
<DIV>Thanks.<BR><BR><BR>--- <B>10/6/28 (一),Martin Willi <I><martin@strongswan.org></I></B> 寫道:<BR></DIV>
<BLOCKQUOTE style="BORDER-LEFT: rgb(16,16,255) 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"><BR>寄件者: Martin Willi <martin@strongswan.org><BR>主旨: Re: [strongSwan] Ikelifetime Setting and Reauthentication.<BR>收件者: "Jessie Liu" <iamnotjessie@yahoo.com.tw><BR>副本: users@lists.strongswan.org<BR>日期: 2010年6月28日,一,下午3:23<BR><BR>
<DIV class=plainMail>Hi,<BR><BR>> In security gateway, ikelifetime and keylife are not set.<BR><BR>Not set means: use the default lifetimes.<BR><BR>> (2) [...] So there is not ikelifetime and keylife settings in both<BR>> client and gateway right now.<BR><BR>The gateway still uses the default reauthentication interval. As we<BR>support the repeated authentication extension (RFC4478), the lifetime is<BR>negotiated to the client. The client therefore does<BR><BR>> EAP reauthentication in 2 hours<BR><BR><BR>> What is the relatio between ikelifetime setting and EAP<BR>> reauthentication?<BR><BR>There is no direct relation. But as the EAP reauthentication can be<BR>trigger by the initiator only, the gateway sends its lifetime to client.<BR>The client then enforces the reauthentication policy configured at the<BR>server.<BR><BR>> In this case, IKE_SA and Child_SA will not rekey forever? So this<BR>> reduces the security level due
to the lack of rekeying?<BR><BR>Yes and yes.<BR><BR>Regards<BR>Martin<BR><BR></DIV></BLOCKQUOTE></td></tr></table><br>