[strongSwan] About the IPsec rekey lifetime calculation
Andreas Steffen
andreas.steffen at strongswan.org
Tue Oct 12 06:21:51 CEST 2010
Hello David,
yes your calculation is correct.
Regards
Andreas
On 10/12/2010 04:05 AM, David Deng wrote:
> Hi All,
>
> When I Initiated some testing about the IPsec rekey mechanism, and I
> found the rekey lifetime seems like a randam number (according to the
> fuzz setting) and I am so puzzled.
>
> I am wonder that if the following calculation method of IPsec rekey
> lifetime is right:
>
> "IPsec rekey lifetime" = "lifetime" - (1 + "fuzz"%) * "margin"
>
> for example:
>
> if lifetime was set as 9m, and fuzz was set as 50, and margin was set as
> 2, and then the "IPsec rekey lifetime" will be calculated as:
>
> 9 - (1+0.5)*2 = 6m
>
>
> so the "IPsec rekey lifetime" will be in the scope of
> 5 ~ 7 m
>
> is it right?
>
>
> look forward to your answer! thanks a lot!
>
>
> Besides, I found that the IPsec rekey lifetime still is a random value
> even if the above function existed. so I have no any idea about the
> IPsec rekey lifetime.
>
> can you explain how IPsec rekey mechanism work? thanks again!
>
>
> Best wishes
>
> David Morris
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list