Hi, On Thu, Jul 26, 2007 at 10:04:31AM +0200, [EMAIL PROTECTED] wrote: > Hi, > > I am using ipsecctl and /etc/ipsec.conf to create an IPSec tunnel to a > WatchGuard Firebox X700 in my company. It works fine, but the > re-keying always makes some trouble, it does not always work. My > question now is, how can I set the keylifetimes for phase 1 and 2 in > /etc/ipsec.conf? Is there a way to do this? The manpage does not give > any more info...
sorry, you can't. However, you can use isakmpd.conf to set the default lifetimes. Please see isakmpd.conf(5) for details. isakmpd.conf: [General] Default-phase-1-lifetime= 3600,60:86400 Default-phase-2-lifetime= 1200,60:86400 > > I am running an OpenBSD 4.1 current. My ipsec.conf file looks like this: > > ike esp from 10.240.1.0/24 to 192.168.128.0/24 \ > peer 1.2.3.4 \ > main auth hmac-sha1 enc 3des group modp1024 \ > quick auth hmac-sha1 enc 3des group none \ > psk "XXXX" > > Regards, > James
