Re: [strongSwan] About the IPsec rekey lifetime calculation
Hi David, I added some notes to our wiki about the lifetime/rekeytime calculation: http://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey Regards, Tobias David Deng wrote: > Hi All, > > When I Initiated some testing about the IPsec rekey mechanism, and I > found the rekey lifetime seems like a randam number (according to the > fuzz setting) and I am so puzzled. > > I am wonder that if the following calculation method of IPsec rekey > lifetime is right: > > "IPsec rekey lifetime" = "lifetime" - (1 + "fuzz"%) * "margin" > > for example: > > if lifetime was set as 9m, and fuzz was set as 50, and margin was set as > 2, and then the "IPsec rekey lifetime" will be calculated as: > > 9 - (1+0.5)*2 = 6m > > > so the "IPsec rekey lifetime" will be in the scope of > 5 ~ 7 m > > is it right? > > > look forward to your answer! thanks a lot! > > > Besides, I found that the IPsec rekey lifetime still is a random value > even if the above function existed. so I have no any idea about the > IPsec rekey lifetime. > > can you explain how IPsec rekey mechanism work? thanks again! > > > Best wishes > > David Morris ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] About the IPsec rekey lifetime calculation
Hello David, yes your calculation is correct. Regards Andreas On 10/12/2010 04:05 AM, David Deng wrote: > Hi All, > > When I Initiated some testing about the IPsec rekey mechanism, and I > found the rekey lifetime seems like a randam number (according to the > fuzz setting) and I am so puzzled. > > I am wonder that if the following calculation method of IPsec rekey > lifetime is right: > > "IPsec rekey lifetime" = "lifetime" - (1 + "fuzz"%) * "margin" > > for example: > > if lifetime was set as 9m, and fuzz was set as 50, and margin was set as > 2, and then the "IPsec rekey lifetime" will be calculated as: > > 9 - (1+0.5)*2 = 6m > > > so the "IPsec rekey lifetime" will be in the scope of > 5 ~ 7 m > > is it right? > > > look forward to your answer! thanks a lot! > > > Besides, I found that the IPsec rekey lifetime still is a random value > even if the above function existed. so I have no any idea about the > IPsec rekey lifetime. > > can you explain how IPsec rekey mechanism work? thanks again! > > > Best wishes > > David Morris > == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[ITA-HSR]== ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users