On Thu, 14 Oct 2021, Kontakt wrote:
I want to set up the ikev1 tunnel, where the other party expects from me the parameter "crypto map set security-association lifetime kilobytes 4608000" - I do not see this parameter in the configuration. the changelog doesn't mention this either. Can I ask for help in its configuration? on the other side I believe is cisco / ace
This functionality is not available but should make it in the next release. Note however, that lifetimes are not negotiated. Either side configured it, and whenever a side deems the maximum is reached, it is up to them to initiate a rekey or reauthentication. So this option is at least not preventing you from establishing an IPsec connection. Note also that 4.6MB is a very small amount of traffic if this lifetime is associated with ESP. For IKE it might be okay, but a little strange to specify. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
