[strongSwan] Inactivity Timeout default value

Martin Willi martin at strongswan.org
Fri Nov 16 09:39:34 CET 2012


Hi,

> One possibility is the that the Inactivity Timeout period is exceeded,
> but this parameter is not included in any of the ipsec.conf conn
> sections, hence my need for the default value.

There is an "inactivity" parameter in ipsec.conf that closes a
connection when there is no traffic over it for a certain time; but I
don't think you are hitting this timeout, it is disabled by default.

Another timeout closes the IKE_SA during setup if it does not get
established fast enough, this timeout defaults to 30 seconds. It can be
changed globally with the strongswan.conf option:

charon {
  # ...
  half_open_timeout = 60
}

Regards
Martin





More information about the Users mailing list