[strongSwan] About the IPsec rekey lifetime calculation

David Deng david.live.koo at gmail.com
Tue Oct 12 04:05:39 CEST 2010

Hi All,

When I Initiated some testing about the IPsec rekey mechanism, and I found
the rekey lifetime seems like a randam number (according to the fuzz
setting) and I am so puzzled.

I am wonder that if the following calculation method of IPsec rekey lifetime
is right:

"IPsec rekey lifetime" = "lifetime" - (1 + "fuzz"%) * "margin"

for example:

if lifetime was set as 9m, and fuzz was set as 50, and margin was set as 2,
and then the "IPsec rekey lifetime" will be calculated as:

9 - (1+0.5)*2 = 6m

so the "IPsec rekey lifetime" will be in the scope of
5 ~ 7 m

is it right?

look forward to your answer! thanks a lot!

Besides, I found that the IPsec rekey lifetime still is  a random value even
if the above function existed. so I have no any idea about the IPsec rekey

can you explain how IPsec rekey mechanism work? thanks again!

Best wishes

David Morris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101012/f08b16ca/attachment.html>

More information about the Users mailing list