[strongSwan] Maximum connection duration

Andreas Steffen andreas.steffen at strongswan.org
Wed Oct 20 15:52:22 CEST 2010

Hello Claude,

if you do not set both rekey = no and reauth=no then a strongSwan
client will keep on rekeying and reauthenticating, respectively.

There is an option to shut down the CHILD_SA after a certain
interval of inactivity using the following ipsec.conf directive:

 conn xyz
    inactivity = <time>

defines the timeout interval, after which a CHILD_SA is closed if it did
not send or receive any traffic.

With the additional strongswan.conf option

  charon {
     inactivity_close_ike = yes

  The IKE_SA corresponding to the CHILD_SA will be closed, too.

Best regards


On 20.10.2010 15:19, Claude Tompers wrote:
> Hi,
> We are using strongswan in a road warrior configuration and some of
> our warriors tend to keep their VPN connections going after usage. Is
> there a way to put a maximum connection duration so that they
> disconnect anyway after a given time ?
> kind regards, Claude

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list