[strongSwan] why is "rekeying disabled" seen in the "ipsec statusall" output?

Tobias Brunner tobias at strongswan.org
Tue May 26 14:39:59 CEST 2015

Hi Rajiv,

Please refer to [1] for the formula how rekey times are calculated.

In your particular case with

> keylife=15m
> rekeymargin=9m

the rekey time could be <= 0, effectively disabling rekeying.


[1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey

More information about the Users mailing list