Project

General

Profile

Bug #3785

Updated by Matthew Smith over 10 years ago


 Connection entries in /var/etc/ipsec/ipsec.conf are being generated with ikelifetime set to 3600s when the GUI shows the phase 1 lifetime being 28800s. 

 vpn_ipsec_configure in /etc/inc/vpn.inc writes a variable called lifeline to the file for each phase 2 entry. It first sets this variable to the lifetime value of the phase 1 entry and then overwrites that with the value of the phase 2 entry. 

 There are 2 separate parameters for this supported by strongswan. ikelifetime and lifetime. Setting the ike values as ikelifetime and the IPsec values as lifetime in the connection should work. 

Back