Hi, > After disabling rekeying for Windows 7 connection I got rid of most of > the reconnects caused by rekeying the SAs, but I still have one > annoying connection interruption left.
When following the rules from [1], rekeying initiated by strongSwan works fine here. > But for some reason IP Security Monitor on Windows 7 reports 10800s as > main mode SA lifetime. Even if I change ikelifetime on the Strongswan > server to i.e 8 or 12h it is still 3h. I don't know if you can trust the IP Security Monitor, as it is mainly for IKEv1. Not sure if these 10800s are correct. Further, lifetimes are never negotiated in IKEv2, you can't change the behavior of Windows by defining an ikelifetime on strongSwan. It only changes the behavior of rekeying initiated locally. > Now, the problem isn't really the 3h interval, it's that all the > connections drop for a while until reconnect. Would be helpful to know exactly _what_ is happening every three hours. Does Windows trigger a rekey? Does it drop the CHILD_SA, close the IKE_SA? A strongSwan log output would be helpful. > ike=aes256-sha1-modp1024 > esp=aes256-sha1 I'd try to limit the proposal list to exactly these by appending a '!'. I'm not aware of any problems with our lengthy default proposal set, but just in case. Regards Martin [1]http://wiki.strongswan.org/projects/strongswan/wiki/Windows7#Rekeying-behavior _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
