[strongSwan] About the IPsec rekey lifetime calculation
david.live.koo at gmail.com
Tue Oct 12 04:05:39 CEST 2010
When I Initiated some testing about the IPsec rekey mechanism, and I found
the rekey lifetime seems like a randam number (according to the fuzz
setting) and I am so puzzled.
I am wonder that if the following calculation method of IPsec rekey lifetime
"IPsec rekey lifetime" = "lifetime" - (1 + "fuzz"%) * "margin"
if lifetime was set as 9m, and fuzz was set as 50, and margin was set as 2,
and then the "IPsec rekey lifetime" will be calculated as:
9 - (1+0.5)*2 = 6m
so the "IPsec rekey lifetime" will be in the scope of
5 ~ 7 m
is it right?
look forward to your answer! thanks a lot!
Besides, I found that the IPsec rekey lifetime still is a random value even
if the above function existed. so I have no any idea about the IPsec rekey
can you explain how IPsec rekey mechanism work? thanks again!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users