On Fri, 5 Feb 2016, Rajeev Gaur wrote:
1) Please suggest how can I make the same device initiator as well as responder. I have got the devices now. Looking into this.
Set a really long keylife, eg ikelifetime=24h salifetime=24h. then initiate the connection and wait for them to rekey to you.
2) Just for clarity, because the sites are acting as initiator and responder and their ikelifetime and salifetime are different, you suggested to keep them same so that even though they switch roles, one role does not hold on to complete the duration of other role. The roles are switched at the same time durations. Also, rather then my devices trigger the keying, it is triggered when cisco router HST (hello state timer) expires. Am I right?
If you initiating works, then putting short lifetimes makes sure you will rekeyy before the other end decides it must rekey to you. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
