OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: jorgevisentini on July 24, 2017, 05:24:09 pm

Title: Maximum Lifetime IPsec configuration
Post by: jorgevisentini on July 24, 2017, 05:24:09 pm

Hi everyone!

I do not know if it's with the community of OPNSense or with the community and strongSwan documentation. But does anyone know what the maximum time I can put in the Phase 1 and Phase 2 "Lifetime" fields of IPsec settings?

Thanks!

Title: Re: Maximum Lifetime IPsec configuration
Post by: franco on July 24, 2017, 07:05:01 pm

Hi Jorge,

I couldn't find the maximum, but rather an elaborate guide on how they should be timed:

https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey

I don't think we enforce any maximums, but the longer the lifetime the less secure the connections may be.


Cheers,
Franco

Title: Re: Maximum Lifetime IPsec configuration
Post by: jorgevisentini on July 24, 2017, 08:25:19 pm

Hi Franco,
I was reading this documentation. Really, it does not say anything in time, and as you said, the longer the weaker time, the more security.

The issue is that I have an IPsec with a Fortinet that is falling every now and then, and in the Lifetime field we put 172800 seconds ...

We began to suspect that it could be some time-related problem, because it is always when the time expires and tries to generate another key.

But anyway, thank you very much for your attention !!