[strongSwan] Maximum connection duration
Andreas Steffen
andreas.steffen at strongswan.org
Wed Oct 20 15:52:22 CEST 2010
Hello Claude,
if you do not set both rekey = no and reauth=no then a strongSwan
client will keep on rekeying and reauthenticating, respectively.
There is an option to shut down the CHILD_SA after a certain
interval of inactivity using the following ipsec.conf directive:
conn xyz
inactivity = <time>
....
defines the timeout interval, after which a CHILD_SA is closed if it did
not send or receive any traffic.
With the additional strongswan.conf option
charon {
inactivity_close_ike = yes
}
The IKE_SA corresponding to the CHILD_SA will be closed, too.
Best regards
Andreas
On 20.10.2010 15:19, Claude Tompers wrote:
> Hi,
>
> We are using strongswan in a road warrior configuration and some of
> our warriors tend to keep their VPN connections going after usage. Is
> there a way to put a maximum connection duration so that they
> disconnect anyway after a given time ?
>
> kind regards, Claude
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list