Hello
I have iked running connecting to a Fortigate FW.
Running 'ipsecctl -s a' gives me the correct flows, but a rising number
of SADs. The tunnel has been up 5 days and I got 212 SADs installed.
Do I need to set up some kind of dpd to have the old SADs pulled down,
or is my error, that ikelifetime and lifetime are not in seconds?
#cat /etc/iked.conf
...
ikev2 "h" active esp \
from $k_dev to $h_server \
from $k_server to $h_dev \
peer $h_gw \
ikesa auth hmac-sha2-256 \
enc aes-256 \
group modp1536 \
childsa auth hmac-sha2-256 \
enc aes-256 \
group modp1536 \
srcid '80.80.80.80' \
ikelifetime 28800 \
lifetime 14400 \
psk 'Some nice long hash'
...
Cheers,
Kim
