Hello Meera, ikelifetime defines the phase1 re-negotiation interval whereas lifetime (the new synonym for the old FreeS/WAN keylife parameter) determines the phase2 rekeying interval.
Regards Andreas lifetime or On 01/31/2012 10:04 AM, Meera Sudhakar wrote: > Hi, > > I am a bit confused with the parameters "ikelifetime" and "lifetime". I > believe "ikelifetime" re-negotiates phase 1 according to the value we > assign it. What about "lifetime"? The strongSwan wiki says "how long a > particular instance of a connection (a set of encryption/authentication > keys for user packets) should last, from successful negotiation to > expiry". So is this also for phase 1? > In that case, what paramater should I use to re-negotiate phase 2? > Sorry if these questions seem silly :( > > Thanks and regards, > Meera ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
