[Swan] lifetime kilobytes
Paul Wouters
paul at nohats.ca
Thu Oct 14 17:38:39 UTC 2021
On Thu, 14 Oct 2021, Lennart Sorensen wrote:
>>> "crypto map set security-association lifetime kilobytes 4608000" - I do not see this parameter in the configuration. the changelog doesn't mention this
>> Note also that 4.6MB is a very small amount of traffic if this lifetime
>> is associated with ESP. For IKE it might be okay, but a little strange
>> to specify.
>
> 4608000 kilobytes is 4.6GB so not terribly small.
Oh yes. While libreswan's default is bytes, the cisco option uses
kilobytes. Thanks for spotting that. 4.6GB does appear to match
the FIPS requirements for maximum traffic by a single key for 3DES :)
Paul
More information about the Swan
mailing list