[strongSwan] Question About the IKE rekey and ESP rekey time setting
martin at strongswan.org
Wed Jan 5 10:34:59 CET 2011
> According to the description which listed on strongswan official
> websit, the rekey time interval will be in the following scope:
> 1) IKE_REKEY interval:
> 2）ESP_REKEY interval:
I don't know to which description you are referring to, but  is more
rekeytime = lifetime - (margintime + random(0, margintime * rekeyfuzz))
> Secondly, I want to set the time of rekey as fixed value.
For a fixed ESP rekeying after 10s, and a fixed IKE rekeying after 20s,
It is save to set the fuzz to zero, but you always should have a margin.
Otherwise the rekey event collides with the critical timeout where the
SA gets deleted.
More information about the Users