Bug #3785: strongswan config being generated with ike SA lifetime set to value of ipsec SA lifetime - pfSense - pfSense bugtracker

Actions

Copy link

Bug #3785

closed

strongswan config being generated with ike SA lifetime set to value of ipsec SA lifetime

Added by Matthew Smith over 10 years ago. Updated over 10 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Matthew Smith

Category:

IPsec

Target version:

2.2

Start date:

07/30/2014

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.2

Affected Architecture:

Description

Connection entries in /var/etc/ipsec/ipsec.conf are being generated with ikelifetime set to 3600s when the GUI shows the phase 1 lifetime being 28800s.

vpn_ipsec_configure in /etc/inc/vpn.inc writes a variable called lifeline to the file for each phase 2 entry. It first sets this variable to the lifetime value of the phase 1 entry and then overwrites that with the value of the phase 2 entry.

There are 2 separate parameters for this supported by strongswan. ikelifetime and lifetime. Setting the ike values as ikelifetime and the IPsec values as lifetime in the connection should work.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #3785

strongswan config being generated with ike SA lifetime set to value of ipsec SA lifetime

Updated by Matthew Smith over 10 years ago

Updated by King J over 10 years ago

Updated by Matthew Smith over 10 years ago

Updated by Ermal Luçi over 10 years ago

Updated by Chris Buechler over 10 years ago