[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd.conf question

To: tech@openbsd.org
Subject: isakmpd.conf question
From: newsham@lava.net (Tim Newsham)
Date: Thu, 4 Jan 2001 11:34:03 -1000 (HST)


Small isakmpd/isakmpd.conf question.

If I change the Default-phase-2-lifetime in [General]
will it adjust the time between rekeying of active
vpn sessions?  

How do two peers agree on the rekeying time?  Do they
tell eachother their lifetimes and then pick the common
minimum in the min-max range?  Or do they just verify
the min-max and then initiate a rekey when their default
value is reached?

I have a connection between two peers, and it is rekeying
every 45minutes.  (One side has a conf setup for 8hour
lifetime and the BSD side has the defaults).  I want to
increase this rekeying time.  (Also, why is it 45
minutes?  Does it rekey early to give it some leeway,
and if so, how early?)

Tim N.

Follow-Ups:
- Re: isakmpd.conf question
  - From: "Angelos D. Keromytis" <angelos@keromytis.org>
- Re: isakmpd.conf question
  - From: Philipp Buehler <lists@fips.de>

Prev by Date: tcic driver problem... (fwd)
Next by Date: Re: isakmpd.conf question
Prev by thread: tcic driver problem... (fwd)
Next by thread: Re: isakmpd.conf question
Index(es):
- Date
- Thread