[strongSwan] About the IPsec rekey lifetime calculation
Tobias Brunner
tobias at strongswan.org
Tue Oct 12 10:50:12 CEST 2010
Hi David,
I added some notes to our wiki about the lifetime/rekeytime calculation:
http://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
Regards,
Tobias
David Deng wrote:
> Hi All,
>
> When I Initiated some testing about the IPsec rekey mechanism, and I
> found the rekey lifetime seems like a randam number (according to the
> fuzz setting) and I am so puzzled.
>
> I am wonder that if the following calculation method of IPsec rekey
> lifetime is right:
>
> "IPsec rekey lifetime" = "lifetime" - (1 + "fuzz"%) * "margin"
>
> for example:
>
> if lifetime was set as 9m, and fuzz was set as 50, and margin was set as
> 2, and then the "IPsec rekey lifetime" will be calculated as:
>
> 9 - (1+0.5)*2 = 6m
>
>
> so the "IPsec rekey lifetime" will be in the scope of
> 5 ~ 7 m
>
> is it right?
>
>
> look forward to your answer! thanks a lot!
>
>
> Besides, I found that the IPsec rekey lifetime still is a random value
> even if the above function existed. so I have no any idea about the
> IPsec rekey lifetime.
>
> can you explain how IPsec rekey mechanism work? thanks again!
>
>
> Best wishes
>
> David Morris
More information about the Users
mailing list