[strongSwan] Maximum connection duration

Claude Tompers claude.tompers at restena.lu
Wed Oct 20 16:08:15 CEST 2010


Hello Andreas,

This seems to work. Thanks a lot.

kind regards,
Claude


On Wednesday 20 October 2010 15:52:22 Andreas Steffen wrote:
> Hello Claude,
> 
> if you do not set both rekey = no and reauth=no then a strongSwan
> client will keep on rekeying and reauthenticating, respectively.
> 
> There is an option to shut down the CHILD_SA after a certain
> interval of inactivity using the following ipsec.conf directive:
> 
>  conn xyz
>     inactivity = <time>
>     ....
> 
> defines the timeout interval, after which a CHILD_SA is closed if it did
> not send or receive any traffic.
> 
> With the additional strongswan.conf option
> 
>   charon {
>      inactivity_close_ike = yes
>   }
> 
>   The IKE_SA corresponding to the CHILD_SA will be closed, too.
> 
> Best regards
> 
> Andreas
> 
> On 20.10.2010 15:19, Claude Tompers wrote:
> > Hi,
> > 
> > We are using strongswan in a road warrior configuration and some of
> > our warriors tend to keep their VPN connections going after usage. Is
> > there a way to put a maximum connection duration so that they
> > disconnect anyway after a given time ?
> > 
> > kind regards, Claude
> 
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
> 

-- 
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101020/108b4bc3/attachment.pgp>


More information about the Users mailing list