Hi All, When I Initiated some testing about the IPsec rekey mechanism, and I found the rekey lifetime seems like a randam number (according to the fuzz setting) and I am so puzzled.
I am wonder that if the following calculation method of IPsec rekey lifetime is right: "IPsec rekey lifetime" = "lifetime" - (1 + "fuzz"%) * "margin" for example: if lifetime was set as 9m, and fuzz was set as 50, and margin was set as 2, and then the "IPsec rekey lifetime" will be calculated as: 9 - (1+0.5)*2 = 6m so the "IPsec rekey lifetime" will be in the scope of 5 ~ 7 m is it right? look forward to your answer! thanks a lot! Besides, I found that the IPsec rekey lifetime still is a random value even if the above function existed. so I have no any idea about the IPsec rekey lifetime. can you explain how IPsec rekey mechanism work? thanks again! Best wishes David Morris
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users