[strongSwan] Default value of inactivity in ipsec.conf
Terry Wang
terry.wang at live.com
Tue Sep 12 08:50:33 CEST 2017
Hi folks,
I've been assigned to review IPsec VPN deployment configurations (hundreds of strongSwan 5.3.2).
I want to understand how CHILD_SAs are closed if there is no traffic sent or received.
Based on: https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
`inactivity` defines the timeout interval after which a CHILD_SA (phase 2 SA) is closed if it does not send or receive any traffic.
I've looked at the source code:
* src/libcharon/config/child_cfg.c
* src/libcharon/config/child_cfg.h
There is no default value assigned to the variable inactivity (uint32_t). So how does charon (strongSwan) decide when to close a CHILD_SA if no traffic is sent/received.
Thanks,
Terry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170912/3c789567/attachment.html>
More information about the Users
mailing list