[strongSwan] Maximum connection duration
Claude Tompers
claude.tompers at restena.lu
Wed Oct 20 16:08:15 CEST 2010
Hello Andreas,
This seems to work. Thanks a lot.
kind regards,
Claude
On Wednesday 20 October 2010 15:52:22 Andreas Steffen wrote:
> Hello Claude,
>
> if you do not set both rekey = no and reauth=no then a strongSwan
> client will keep on rekeying and reauthenticating, respectively.
>
> There is an option to shut down the CHILD_SA after a certain
> interval of inactivity using the following ipsec.conf directive:
>
> conn xyz
> inactivity = <time>
> ....
>
> defines the timeout interval, after which a CHILD_SA is closed if it did
> not send or receive any traffic.
>
> With the additional strongswan.conf option
>
> charon {
> inactivity_close_ike = yes
> }
>
> The IKE_SA corresponding to the CHILD_SA will be closed, too.
>
> Best regards
>
> Andreas
>
> On 20.10.2010 15:19, Claude Tompers wrote:
> > Hi,
> >
> > We are using strongswan in a road warrior configuration and some of
> > our warriors tend to keep their VPN connections going after usage. Is
> > there a way to put a maximum connection duration so that they
> > disconnect anyway after a given time ?
> >
> > kind regards, Claude
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101020/108b4bc3/attachment.pgp>
More information about the Users
mailing list