Hi. I was playing around today with the margin* and life* options.
I did some testing whether there are interruptions during the time where the key is renegotiated (any packages are lost) (btw: Is this technically prevented?) 1) Is it true that when I e.g. specify both: margintime = ... marginbytes = ... that it works like an OR, meaning the first condition that is met leads to e.g. renegotiation? Same with the life* options 2) Now the possible bug, mich might be at least something missing in the documentation ;) For the tests I set: margintime = 9m (default) lifetime = 1h (default) and in addition: marginbyte = 1000 lifebytes = 1000 The I pinged between the two hosts. When the 1000 bytes were reached, the tunnel was lost (not the IKE connection) and was never renegotiated. Although I've had all those things like: keyingtries = %forever, dpdaction = restart, rekey = yes.... This also happens when marginbyte is quite close to lifebytes. And I guess it's the same for the *time and *packets options. Cheers, Chris :)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
