On 2012-04-11, Christian Weisgerber <[email protected]> wrote: > Andre Ruppert <[email protected]> wrote: > >> is there any chance (perhaps in the future) to integrate lifetime >> parameters via ipsecctl --> ipsec.conf or will I be forced to keep on >> using isakmpd.conf? > > There is lifetime code in ipsecctl. I don't know if its absence > from the man page is an accidental omission or if the code is > incomplete. >
IIRC, it looks like it should work per-peer but can actually only be used to set lifetimes for the default peer. Examination of the output from ipsecctl -nvf /etc/ipsec.conf would confirm this.
