[strongSwan] Question about IKEv2 re-authentication timeout

Thomas Egerer hakke_007 at gmx.de
Fri Jul 12 22:54:11 CEST 2013

Hi Dan,
On 07/12/2013 07:23 PM, Dan Cook wrote:
> Greetings,
> I have a configuration / runtime question regarding authentication
> failures in SS 5.1 (I assume 5.0.4 behaves the same).
> What is the default timeout between re-authentication attempts?
> Is the timeout configurable in strongswan.conf?  I tried setting the
> "close_ike_on_child_failure" to yes in the charon section of
> strongswan.conf but that didn't appear to affect the timeout value.
Check out the ipsec.conf(5) man page and look for ikelifetime
(default 3h), and reauth (default yes). I guess, that's exactly what
your looking for.


More information about the Users mailing list