Maximum Lifetime IPsec configuration

Started by jorgevisentini, July 24, 2017, 05:24:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 24, 2017, 05:24:09 PM
Hi everyone!

I do not know if it's with the community of OPNSense or with the community and strongSwan documentation. But does anyone know what the maximum time I can put in the Phase 1 and Phase 2 "Lifetime" fields of IPsec settings?

Thanks!
July 24, 2017, 07:05:01 PM #1
Hi Jorge,

I couldn't find the maximum, but rather an elaborate guide on how they should be timed:

https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey

I don't think we enforce any maximums, but the longer the lifetime the less secure the connections may be.


Cheers,
Franco
July 24, 2017, 08:25:19 PM #2
Hi Franco,
I was reading this documentation. Really, it does not say anything in time, and as you said, the longer the weaker time, the more security.

The issue is that I have an IPsec with a Fortinet that is falling every now and then, and in the Lifetime field we put 172800 seconds ...

We began to suspect that it could be some time-related problem, because it is always when the time expires and tries to generate another key.

But anyway, thank you very much for your attention !!
Print
Go Up Pages1
User actions