Re: V5.0 -> ipsec --> lifetime dependencies between ipsec.conf (ipsecctl) and isakmpd.conf
On 2012-04-11, Christian Weisgerber wrote: > Andre Ruppert wrote: > >> is there any chance (perhaps in the future) to integrate lifetime >> parameters via ipsecctl --> ipsec.conf or will I be forced to keep on >> using isakmpd.conf? > > There is lifetime code in ipsecctl. I don't know if its absence > from the man page is an accidental omission or if the code is > incomplete. > IIRC, it looks like it should work per-peer but can actually only be used to set lifetimes for the default peer. Examination of the output from ipsecctl -nvf /etc/ipsec.conf would confirm this.
Re: V5.0 -> ipsec --> lifetime dependencies between ipsec.conf (ipsecctl) and isakmpd.conf
Andre Ruppert wrote: > is there any chance (perhaps in the future) to integrate lifetime > parameters via ipsecctl --> ipsec.conf or will I be forced to keep on > using isakmpd.conf? There is lifetime code in ipsecctl. I don't know if its absence from the man page is an accidental omission or if the code is incomplete. -- Christian "naddy" Weisgerber na...@mips.inka.de
V5.0 -> ipsec --> lifetime dependencies between ipsec.conf (ipsecctl) and isakmpd.conf
Hello @misc, I'm lost in the documentation of isakmpd.conf and ipsec.conf :-( Situation: I have to set up several ipsec-connections on one system on my side (OBSD 5) to different sites with different VPN-hardware. All external sites offer only PSKs in configuration, no certificates. Problem: most of the sites use different key lifetimes (in phase 1/2), so I have do deal with a bunch of lifetime values. Question: is there any chance (perhaps in the future) to integrate lifetime parameters via ipsecctl --> ipsec.conf or will I be forced to keep on using isakmpd.conf? I don't need isakmpd.conf for other parameters ;-) best regards Andre Ruppert