Hello Tobias, Thanks for the help and the pointer to the wiki-page with the important info
Yes ofcourse...as you said with the values i have used for lifetime, rekeytime would be <=0. So for my specific requirement of ensuring quick rekeys, should i use rekeymargin as <=3m? so that rekeytime would not become 0?. This is required for my setup to reproduce a crash which happens after multiple rekeying, while constant traffic (bidiectional udp and/or tcp streams) flowing thru the established ipsec tunnel. Iam trying to ascertain whether the crash is happening during a rekey collision or due to some other reason. My GW platform is openwrt and iam running v5.0.4-strongswan (iam keeping ikelifetime as 30m) thanks & regards rajiv On Tue, May 26, 2015 at 6:09 PM, Tobias Brunner <[email protected]> wrote: > Hi Rajiv, > > Please refer to [1] for the formula how rekey times are calculated. > > In your particular case with > > > keylife=15m > > rekeymargin=9m > > the rekey time could be <= 0, effectively disabling rekeying. > > Regards, > Tobias > > [1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
