[strongSwan-dev] [PATCH] kernel-netlink: Allow to override xfrm_acq_expires value

Martin Willi martin at strongswan.org
Mon Sep 23 10:52:45 CEST 2013


> This patch allows strongswan to override xfrm_acq_expires default
> value by setting charon.plugins.kernel-netlink.xfrm_acq_expires in
> strongswan.conf.

Thanks for the patch, applied with some minor modifications to [1].

Please be aware that using a shorter acquire lifetime may help to raise
additional acquires, but can also be problematic if tunnel setup takes
longer than the configured value.

Best Regards


More information about the Dev mailing list