[strongSwan] Data \ Time based rekeying
Tobias Brunner
tobias at strongswan.org
Mon Apr 2 11:14:05 CEST 2012
Hi Eric,
> I was wondering if I could get some clarification on a few things. I
> need to rekeys Phase 1 and Phase 2 SAs for both IKEv1 and IKEv2 (using
> Linux strongSwan U4.5.2/K3.0.0-12-generic). It’s not clear to me what
> entries I should be using in the config file to accomplish this. At a
> high level I would like to establish that I can rekey both SAs using a
> defined time interval and again using a defined data (KB) interval.
>
> Can somebody help me determine what entries I need to use to accomplish
> this. A config example would be appreciated if available.
The config keywords etc. can be found in our wiki [1]. But note that
the IKEv1 daemon pluto does only support time based lifetimes (the
keywords for that are the same).
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
More information about the Users
mailing list