[Swan-dev] Maximum configurable value of salifetime, ikelifetime
Tuomo Soini
tis at foobar.fi
Tue Dec 15 11:05:55 UTC 2020
On Mon, 14 Dec 2020 11:16:16 -0500
Balaji Thoguluva <tbbalaji at gmail.com> wrote:
> Hi Folks,
>
> What is the maximum configurable value of salifetime, ikelifetime,
> rekeymargin, rekeyfuzz?
salifetime=24h
ikelifetime=24h
rekeymargin doesn't have limits, other than it must be way shorter than
lifetimes, default is 9m
rekeyfuzz maximum is 100% - that is percentage of rekeymargin.
So rekeying starts rekeymargin + rekeyfuzz before expiry of SA. With
defaults 9m to 18m before expiry.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
More information about the Swan-dev
mailing list