On 2012-04-11, Christian Weisgerber <na...@mips.inka.de> wrote: > Andre Ruppert <a...@in-telegence.net> wrote: > >> is there any chance (perhaps in the future) to integrate lifetime >> parameters via ipsecctl --> ipsec.conf or will I be forced to keep on >> using isakmpd.conf? > > There is lifetime code in ipsecctl. I don't know if its absence > from the man page is an accidental omission or if the code is > incomplete. >
IIRC, it looks like it should work per-peer but can actually only be used to set lifetimes for the default peer. Examination of the output from ipsecctl -nvf /etc/ipsec.conf would confirm this.