[strongSwan] Maximum connection duration
andreas.steffen at strongswan.org
Wed Oct 20 15:52:22 CEST 2010
if you do not set both rekey = no and reauth=no then a strongSwan
client will keep on rekeying and reauthenticating, respectively.
There is an option to shut down the CHILD_SA after a certain
interval of inactivity using the following ipsec.conf directive:
inactivity = <time>
defines the timeout interval, after which a CHILD_SA is closed if it did
not send or receive any traffic.
With the additional strongswan.conf option
inactivity_close_ike = yes
The IKE_SA corresponding to the CHILD_SA will be closed, too.
On 20.10.2010 15:19, Claude Tompers wrote:
> We are using strongswan in a road warrior configuration and some of
> our warriors tend to keep their VPN connections going after usage. Is
> there a way to put a maximum connection duration so that they
> disconnect anyway after a given time ?
> kind regards, Claude
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users