Bug #3785: strongswan config being generated with ike SA lifetime set to value of ipsec SA lifetime - pfSense - pfSense bugtracker

Bug #3785

Updated by Matthew Smith over 9 years ago


 Connection entries in /var/etc/ipsec/ipsec.conf are being generated with ikelifetime set to 3600s when the GUI shows the phase 1 lifetime being 28800s. 

 vpn_ipsec_configure in /etc/inc/vpn.inc writes a variable called lifeline to the file for each phase 2 entry. It first sets this variable to the lifetime value of the phase 1 entry and then overwrites that with the value of the phase 2 entry. 

 There are 2 separate parameters for this supported by strongswan. ikelifetime and lifetime. Setting the ike values as ikelifetime and the IPsec values as lifetime in the connection should work.

Back

Project

General

Profile

pfSense

Bug #3785