[strongSwan-dev] Rekey Question
martin at strongswan.org
Fri Jul 26 13:23:33 CEST 2013
> Actually we were wondering if it is possible to only have a IKE_SA
> rekeying without rekeying also the associated CHILD_SA.
There is currently no such option in ipsec.conf, as rekey=no disables
rekeying for both IKE and CHILD_SAs.
You can, however, just use a very large value for lifetime, such as
lifetime=365d or something. The 24h maximum mentioned in ipsec.conf is
actually not enforced anymore.
More information about the Dev