List Info

Thread: IPSec Keylifetime using ipsecctl and ipsec.conf?
IPSec Keylifetime using ipsecctl and ipsec.conf?
country flaguser name
Germany		 2007-07-26 03:04:31 
Hi,

I am using ipsecctl and /etc/ipsec.conf to create an IPSec
tunnel to a  
WatchGuard Firebox X700 in my company. It works fine, but
the  
re-keying always makes some trouble, it does not always
work. My  
question now is, how can I set the keylifetimes for phase 1
and 2 in  
/etc/ipsec.conf? Is there a way to do this? The manpage does
not give  
any more info...

I am running an OpenBSD 4.1 current. My ipsec.conf file
looks like this:

ike esp from 10.240.1.0/24 to 192.168.128.0/24 
   peer 1.2.3.4 
   main auth hmac-sha1 enc 3des group modp1024 
   quick auth hmac-sha1 enc 3des group none 
   psk "XXXX"

Regards,
James
Re: IPSec Keylifetime using ipsecctl and ipsec.conf?
user name
 2007-07-26 03:24:05 
Hi,

On Thu, Jul 26, 2007 at 10:04:31AM +0200, mailinglistsjameslepthien.de wrote:
> Hi,
> 
> I am using ipsecctl and /etc/ipsec.conf to create an
IPSec tunnel to a  
> WatchGuard Firebox X700 in my company. It works fine,
but the  
> re-keying always makes some trouble, it does not always
work. My  
> question now is, how can I set the keylifetimes for
phase 1 and 2 in  
> /etc/ipsec.conf? Is there a way to do this? The manpage
does not give  
> any more info...

sorry, you can't.

However, you can use isakmpd.conf to set the default
lifetimes.  Please
see isakmpd.conf(5) for details.

isakmpd.conf:
[General]
Default-phase-1-lifetime=       3600,60:86400
Default-phase-2-lifetime=       1200,60:86400

> 
> I am running an OpenBSD 4.1 current. My ipsec.conf file
looks like this:
> 
> ike esp from 10.240.1.0/24 to 192.168.128.0/24 
>   peer 1.2.3.4 
>   main auth hmac-sha1 enc 3des group modp1024 
>   quick auth hmac-sha1 enc 3des group none 
>   psk "XXXX"
> 
> Regards,
> James
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )