On 2012-04-11, Christian Weisgerber na...@mips.inka.de wrote:
Andre Ruppert a...@in-telegence.net wrote:
is there any chance (perhaps in the future) to integrate lifetime
parameters via ipsecctl -- ipsec.conf or will I be forced to keep on
using isakmpd.conf?
There is lifetime code in ipsecctl. I don't know if its absence
from the man page is an accidental omission or if the code is
incomplete.
IIRC, it looks like it should work per-peer but can actually
only be used to set lifetimes for the default peer. Examination of
the output from ipsecctl -nvf /etc/ipsec.conf would confirm this.