Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Maximum Lifetime IPsec configuration
« previous
next »
Print
Pages: [
1
]
Author
Topic: Maximum Lifetime IPsec configuration (Read 4329 times)
jorgevisentini
Jr. Member
Posts: 75
Karma: 6
Maximum Lifetime IPsec configuration
«
on:
July 24, 2017, 05:24:09 pm »
Hi everyone!
I do not know if it's with the community of OPNSense or with the community and strongSwan documentation. But does anyone know what the maximum time I can put in the Phase 1 and Phase 2 "Lifetime" fields of IPsec settings?
Thanks!
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Maximum Lifetime IPsec configuration
«
Reply #1 on:
July 24, 2017, 07:05:01 pm »
Hi Jorge,
I couldn't find the maximum, but rather an elaborate guide on how they should be timed:
https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
I don't think we enforce any maximums, but the longer the lifetime the less secure the connections may be.
Cheers,
Franco
Logged
jorgevisentini
Jr. Member
Posts: 75
Karma: 6
Re: Maximum Lifetime IPsec configuration
«
Reply #2 on:
July 24, 2017, 08:25:19 pm »
Hi Franco,
I was reading this documentation. Really, it does not say anything in time, and as you said, the longer the weaker time, the more security.
The issue is that I have an IPsec with a Fortinet that is falling every now and then, and in the Lifetime field we put 172800 seconds ...
We began to suspect that it could be some time-related problem, because it is always when the time expires and tries to generate another key.
But anyway, thank you very much for your attention !!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Maximum Lifetime IPsec configuration