[strongSwan] Default value of inactivity in ipsec.conf

Andreas Steffen andreas.steffen at strongswan.org
Tue Sep 12 08:38:52 CEST 2017


Hi Terry,

by default no inactivity timer is set. In the default case
the CHILD SA exists until it expires.

Regards

Andreas

On 12.09.2017 08:50, Terry Wang wrote:
> Hi folks,
>
> I've been assigned to review IPsec VPN deployment configurations
> (hundreds of strongSwan 5.3.2).
>
> I want to understand how CHILD_SAs are closed if there is no traffic
> sent or received.
>
> Based on: https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
>
> `inactivity` defines the timeout interval after which a CHILD_SA (phase
> 2 SA) is closed if it does not send or receive any traffic.
>
> I've looked at the source code:
>
>   * src/libcharon/config/child_cfg.c
>   * src/libcharon/config/child_cfg.h
>
> There is no default value assigned to the variable inactivity
> (uint32_t). So how does charon (strongSwan) decide when to close a
> CHILD_SA if no traffic is sent/received.
>
> Thanks,
> Terry
>

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==


More information about the Users mailing list