delete IPsec SA in transport mode
Hello,
I'm looking for your advice to delete SA without DPD.
I use strongSwan U5.3.2/K3.10.84 and xl2tpd 1.3.1. with following
configuration.
[ipsec.conf]
config setup
charondebug = "ike 4, cfg 2"
conn L2TP-PSK
authby=secret
auto=add
keyingtries=3
keyexchange=ikev1
rekey=no
dpddelay=10
dpdtimeout=90
dpdaction=clear
ikelifetime=120s
lifetime=90s
margintime = 10s
type=transport
left=X1.X2.X3.X4
leftprotoport=17/1701
reauth = yes
right=%any
rightprotoport=17/%any
L2TP client OS is Windows7 and it does not support DPD.
If the client disconnect IPsec without delete-SA, for example blue screen
e.t.c, then I think linux system keeps the SA until strongSwan is restared.
I saw https://wiki.strongswan.org/projects/strongswan/wiki/Windows7 . But
my question is:
1) ikelifetime, lifetime and margintime are ignored if rekey is "no" ?
2) Do you have any configuration to delete the IPsec SA automatically with
"rekey=no" ?
3) I want to delete IPsec SA if no packet arrived during specifed period.
Is it possible ?
Thank you,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160325/67826433/attachment.html>