Hi folks, I've been assigned to review IPsec VPN deployment configurations (hundreds of strongSwan 5.3.2).
I want to understand how CHILD_SAs are closed if there is no traffic sent or received. Based on: https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection `inactivity` defines the timeout interval after which a CHILD_SA (phase 2 SA) is closed if it does not send or receive any traffic. I've looked at the source code: * src/libcharon/config/child_cfg.c * src/libcharon/config/child_cfg.h There is no default value assigned to the variable inactivity (uint32_t). So how does charon (strongSwan) decide when to close a CHILD_SA if no traffic is sent/received. Thanks, Terry
