Hi,
I am using ipsecctl and /etc/ipsec.conf to create an IPSec tunnel to a
WatchGuard Firebox X700 in my company. It works fine, but the
re-keying always makes some trouble, it does not always work. My
question now is, how can I set the keylifetimes for phase 1 and 2 in
/etc/ipsec.conf? Is there a way to do this? The manpage does not give
any more info...
I am running an OpenBSD 4.1 current. My ipsec.conf file looks like this:
ike esp from 10.240.1.0/24 to 192.168.128.0/24 \
peer 1.2.3.4 \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc 3des group none \
psk "XXXX"
Regards,
James
