Bug 277485 - keylife too short
Summary: keylife too short
Status: RESOLVED UNMAINTAINED
Alias: None
Product: kvpnc
Classification: Unmaintained
Component: general (other bugs)
Version First Reported In: 0.9.6
Platform: Compiled Sources Linux
: NOR normal
Target Milestone: ---
Assignee: Christoph Thielecke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-10 17:58 UTC by uholeschak
Modified: 2018-09-04 14:54 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description uholeschak 2011-07-10 17:58:43 UTC 
Version:           0.9.6 (using KDE 4.6.2) 
OS:                Linux

In openswan ipsec mode the keylife entry in the config file is too short (identical too ikelifetime):

stream << "    keylife=1200s" << "\n";
stream << "    ikelifetime=1200s" << "\n";

Basically the connection is stable, but you get many quickstate errors at the other end of the connection.

If i understand it right, keylife should be normally larger than ikelifetime.
With the following settings the errors are gone:

stream << "    keylife=3600s" << "\n";
stream << "    ikelifetime=1200s" << "\n";


Reproducible: Always

Steps to Reproduce:
View error logs at the other end of the connection in openswan ipsec mode.


Expected Results:  
No errors
Comment 1 Andrew Crouthamel 2018-09-04 14:54:07 UTC 
Hello! Sorry to be the bearer of bad news, but this project has been unmaintained for many years so I am closing this bug.