I set the IKERekey time as following:
conn %default
ikelifetime=6m
keylife=3m
rekeymargin=1m
keyingtries=2
rekeyfuzz =0%
but I found that the message always like the following, this will
cause the stop of data transfer.
1. INFORMATIONAL (deleting IKE_SA)
On 05/20/2011 08:45 AM, Richard Chan wrote:
Using wireshark and trying to sniff the cleartext packet, I can only see
incoming packets.
That's a peculiarity of the Linux kernel. Capture the (UDP encapsulated)
ESP packets and use wireshark to decrypt them. See