[strongSwan] Data \ Time based rekeying

Tobias Brunner tobias at strongswan.org
Mon Apr 2 11:14:05 CEST 2012

Hi Eric,

> I was wondering if I could get some clarification on a few things.  I
> need to rekeys Phase 1 and Phase 2 SAs for both IKEv1 and IKEv2 (using
> Linux strongSwan U4.5.2/K3.0.0-12-generic).  It’s not clear to me what
> entries I should be using in the config file to accomplish this.  At a
> high level I would like to establish that I can rekey both SAs using a
> defined time interval and again using a defined data (KB) interval. 
> Can somebody help me determine what entries I need to use to accomplish
> this.  A config example would be appreciated if available. 

The config keywords etc. can be found in our wiki [1].  But note that
the IKEv1 daemon pluto does only support time based lifetimes (the
keywords for that are the same).


[1] http://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey

More information about the Users mailing list