OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: jorgevisentini on July 24, 2017, 05:24:09 pm
-
Hi everyone!
I do not know if it's with the community of OPNSense or with the community and strongSwan documentation. But does anyone know what the maximum time I can put in the Phase 1 and Phase 2 "Lifetime" fields of IPsec settings?
Thanks!
-
Hi Jorge,
I couldn't find the maximum, but rather an elaborate guide on how they should be timed:
https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
I don't think we enforce any maximums, but the longer the lifetime the less secure the connections may be.
Cheers,
Franco
-
Hi Franco,
I was reading this documentation. Really, it does not say anything in time, and as you said, the longer the weaker time, the more security.
The issue is that I have an IPsec with a Fortinet that is falling every now and then, and in the Lifetime field we put 172800 seconds ...
We began to suspect that it could be some time-related problem, because it is always when the time expires and tries to generate another key.
But anyway, thank you very much for your attention !!