[strongSwan] About the IPsec rekey lifetime calculation
David Deng
david.live.koo at gmail.com
Tue Oct 12 04:05:39 CEST 2010
Hi All,
When I Initiated some testing about the IPsec rekey mechanism, and I found
the rekey lifetime seems like a randam number (according to the fuzz
setting) and I am so puzzled.
I am wonder that if the following calculation method of IPsec rekey lifetime
is right:
"IPsec rekey lifetime" = "lifetime" - (1 + "fuzz"%) * "margin"
for example:
if lifetime was set as 9m, and fuzz was set as 50, and margin was set as 2,
and then the "IPsec rekey lifetime" will be calculated as:
9 - (1+0.5)*2 = 6m
so the "IPsec rekey lifetime" will be in the scope of
5 ~ 7 m
is it right?
look forward to your answer! thanks a lot!
Besides, I found that the IPsec rekey lifetime still is a random value even
if the above function existed. so I have no any idea about the IPsec rekey
lifetime.
can you explain how IPsec rekey mechanism work? thanks again!
Best wishes
David Morris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101012/f08b16ca/attachment.html>
More information about the Users
mailing list