sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

swanctl: Update note about reauth approaches for reauth_time

Browse Source
This commit is contained in:
Tobias Brunner 2024-11-27 11:08:05 +01:00
parent ac7500cccd
commit 6cf84547d7
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/swanctl/swanctl.opt
View File

@ -263,9 +263,10 @@ connections.<conn>.reauth_time = 0s
to actively reauthenticate as responder. The IKEv2 reauthentication lifetime
negotiation can instruct the client to perform reauthentication.
Reauthentication is disabled by default. Enabling it usually may lead
to small connection interruptions, as strongSwan uses a break-before-make
policy with IKEv2 to avoid any conflicts with associated tunnel resources.
Reauthentication is disabled by default. Enabling it can usually result in
short connection interruptions, even when using make-before-break
reauthentication, which is now the default. However, they are significantly
shorter than when using the legacy break-before-make approach.
connections.<conn>.rekey_time = 4h
Time to schedule IKE rekeying.