[strongSwan] About the IPsec rekey lifetime calculation
andreas.steffen at strongswan.org
Tue Oct 12 06:21:51 CEST 2010
yes your calculation is correct.
On 10/12/2010 04:05 AM, David Deng wrote:
> Hi All,
> When I Initiated some testing about the IPsec rekey mechanism, and I
> found the rekey lifetime seems like a randam number (according to the
> fuzz setting) and I am so puzzled.
> I am wonder that if the following calculation method of IPsec rekey
> lifetime is right:
> "IPsec rekey lifetime" = "lifetime" - (1 + "fuzz"%) * "margin"
> for example:
> if lifetime was set as 9m, and fuzz was set as 50, and margin was set as
> 2, and then the "IPsec rekey lifetime" will be calculated as:
> 9 - (1+0.5)*2 = 6m
> so the "IPsec rekey lifetime" will be in the scope of
> 5 ~ 7 m
> is it right?
> look forward to your answer! thanks a lot!
> Besides, I found that the IPsec rekey lifetime still is a random value
> even if the above function existed. so I have no any idea about the
> IPsec rekey lifetime.
> can you explain how IPsec rekey mechanism work? thanks again!
> Best wishes
> David Morris
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users