mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-21 20:46:10 +03:00
Code Issues Projects Releases Wiki Activity

Increase IKE lifetime

Browse Source 
- Set both "ikelifetime" and "salifetime" to 24 hours, which is
  recommended since we have "rekey=no" on the server. VPN clients will
  normally initiate rekey with a shorter interval.
  Ref: https://github.com/libreswan/libreswan/issues/405#issuecomment-765109809
       https://libreswan.org/man/ipsec.conf.5.html
This commit is contained in:
hwdsl2 2021-01-21 23:24:41 -06:00
parent 1c975c8410
commit 2b6586cf1b
3 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
vpnsetup.sh
View File

@ -274,6 +274,8 @@ conn shared
ikev2=never
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
ikelifetime=24h
salifetime=24h
sha2-truncbug=no
conn l2tp-psk

2
vpnsetup_amzn.sh
View File

@ -224,6 +224,8 @@ conn shared
ikev2=never
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
ikelifetime=24h
salifetime=24h
sha2-truncbug=no
conn l2tp-psk

2
vpnsetup_centos.sh
View File

@ -255,6 +255,8 @@ conn shared
ikev2=never
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
ikelifetime=24h
salifetime=24h
sha2-truncbug=no
conn l2tp-psk