Bug 277485

Summary: keylife too short
Product: [Unmaintained] kvpnc Reporter: uholeschak <ulrich>
Component: generalAssignee: Christoph Thielecke <crissi99>
Status: RESOLVED UNMAINTAINED    
Severity: normal    
Priority: NOR    
Version First Reported In: 0.9.6   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description uholeschak 2011-07-10 17:58:43 UTC 
Version:           0.9.6 (using KDE 4.6.2) 
OS:                Linux

In openswan ipsec mode the keylife entry in the config file is too short (identical too ikelifetime):

stream << "    keylife=1200s" << "\n";
stream << "    ikelifetime=1200s" << "\n";

Basically the connection is stable, but you get many quickstate errors at the other end of the connection.

If i understand it right, keylife should be normally larger than ikelifetime.
With the following settings the errors are gone:

stream << "    keylife=3600s" << "\n";
stream << "    ikelifetime=1200s" << "\n";


Reproducible: Always

Steps to Reproduce:
View error logs at the other end of the connection in openswan ipsec mode.


Expected Results:  
No errors
Comment 1 Andrew Crouthamel 2018-09-04 14:54:07 UTC 
Hello! Sorry to be the bearer of bad news, but this project has been unmaintained for many years so I am closing this bug.