[strongSwan] soft lifetime for inbound and outbound SA

Tobias Brunner tobias at strongswan.org
Wed Apr 18 11:28:43 CEST 2012

Hi Divya,

> Was there any disadvantage in initial approach of not installing soft
> lifetime for outbound SA?

No not at all.  It was just a side-effect that with the extended
lifetime support introduced back then (with limits for number of bytes
and packets, and more dynamically applied jitter) the rekey time was
different for the in- and outbound SA (before it was the same for both
directions).  So installing a soft lifetime on both SAs just made sense.


More information about the Users mailing list