<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">Hi Martin, Hi All,</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">Happy new year! I have one question to ask you about the IKE rekey and ESP rekey time.</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">According to the description which listed on strongswan official websit, the rekey time interval will be in the following scope:</font></span></p>
<p style="TEXT-INDENT: -18pt; MARGIN: 0cm 0cm 0pt 18pt; mso-list: l0 level1 lfo1; tab-stops: list 18.0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt; mso-fareast-font-family: Arial" lang="EN-US"><span style="mso-list: Ignore"><font size="3">1)</font><span style="FONT: 7pt 'Times New Roman'"> </span></span></span><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">IKE_REKEY interval:</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><font size="3"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US">[</span><span style="FONT-FAMILY: Verdana; COLOR: black; mso-bidi-font-size: 10.5pt" lang="EN-US">IKERekeyLifetime-2*marginTime,IKERekeyLifetime-marginTime]</span></font></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Verdana; COLOR: black; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><font size="3"><span style="FONT-FAMILY: Verdana; COLOR: black; mso-bidi-font-size: 10.5pt" lang="EN-US">2</span><span style="FONT-FAMILY: ËÎÌå; COLOR: black; mso-bidi-font-size: 10.5pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">£©</span><span style="FONT-FAMILY: Verdana; COLOR: black; mso-bidi-font-size: 10.5pt" lang="EN-US">ESP_REKEY interval:</span></font></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><font size="3"><span style="FONT-FAMILY: Verdana; COLOR: black; mso-bidi-font-size: 10.5pt" lang="EN-US">[IPsecRekeyLifetimeTime-2*marginTime,IPsecRekeyLifetimeTime-marginTime]</span><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"> </span></font></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">But, when I initiate some round testing and found the values are often not in the scope.</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">Therefore, First question is: I am wonder what factor influents the time of rekey (IKE and IPsec).</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">Secondly, I want to set the time of rekey as fixed value. Now I modified the code as followed. </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Verdana; COLOR: black; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">Line 771 of stroke_config.c and Line 374 of child_cfg.c of strongswan<br>
<br>modification recode as followed:<br>1) <br> /******************************************************** <br> * Modification Record:<br> * Author: Deng Weiping<br> * Reason: Modify the rekey lifetime as the fixed value <br>
* Original Calculation for rekey lifetime is:<br> * rekey_lifetime = rekey_lifetime - rekey.margin - random()%(rekey.margin * rekey.fuzz/100)<br> * After modified, calculation for rekey lifetime is:<br> * rekey_lieftime = rekey_lifetime - rekey.margin * rekey.fuzz/100<br>
* Modification Time: OCT 13, 2010<br> **********************************************************<br> **********************************************************/<br>- <br> child_cfg = child_cfg_create(<br> msg-><a href="http://add_conn.name">add_conn.name</a>, msg->add_conn.rekey.ipsec_lifetime,<br>
msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin,<br> msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100, <br> msg->add_conn.me.updown, msg->add_conn.me.hostaccess,<br>
msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp);<br><br>+<br>child_cfg = child_cfg_create(<br> msg-><a href="http://add_conn.name">add_conn.name</a>, msg->add_conn.rekey.ipsec_lifetime,<br>
msg->add_conn.rekey.ipsec_lifetime,<br> msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100, <br> msg->add_conn.me.updown, msg->add_conn.me.hostaccess,<br>
msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp);<br> <br>2) <br> /*************************************************<br> * Modification Record:<br> * Reason: Rekey lifetime of IPsec <br>
* Modified Time: OCT 13, 2010<br> * Author: Deng Weiping <br> *************************************************/<br>- <br> return this->rekeytime - (random() % this->jitter);<br>+ <br> return this->rekeytime - this->jitter;<br>
<br>After modification, the rekey lifetime of IPsec will be set as followed:<br>if fuzz as 100, and then the lifetime of IPsec will be set fixedly as: <br>---------------------------------------------------------------------<br>
lifetime = lifetime - margin<br>---------------------------------------------------------------------</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Verdana; COLOR: black; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">But the above modification can only change the rekey time of IPsec. But the rekey time of IKE can not be changed to fixed value. </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">Therefore, the second question, If I want to change the IKE rekey time as the fixed value, what modification I need to apply.</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">Thanks in advance!</font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3"> </font></span></p>
<p style="MARGIN: 0cm 0cm 0pt" class="MsoNormal"><span style="FONT-FAMILY: Arial; mso-bidi-font-size: 10.5pt" lang="EN-US"><font size="3">David Morris </font></span></p>