[strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs
Tobias Brunner
tobias at strongswan.org
Mon Mar 19 16:47:16 CET 2012
Hi Anand,
> conn %default
> ikelifetime=10m
> keylife=5m
> rekeymargin=3m
Not sure what exactly the problem is but I suspect it might be related
to the times you configured above (at least partially).
Please have a look at the wiki page documenting how rekey times are
calculated [1]. As you can see, the values 5m for keylife (lifetime)
and 3m for rekeymargin (margintime) are problematic - it could even
disable rekeying (rekeytime = 5m - random(3m..6m)).
Please increase lifetime and see if that fixes the problem (also,
updating to a more recent release wouldn't hurt).
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
More information about the Users
mailing list