Fix IKEv2
- Fix an issue with IKEv2 disconnecting after one hour due to IKE SA expiration, by setting ikelifetime and salifetime to 24h. Ref: #913 #844 https://libreswan.org/man/ipsec.conf.5.html
This commit is contained in:
hwdsl2
parent
27dc3d25f2
commit
7d9f2c6603
@ -342,6 +342,8 @@ wget https://git.io/ikev2setup -O ikev2.sh && sudo bash ikev2.sh --auto
|
||||
fragmentation=yes
|
||||
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
||||
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2
|
||||
ikelifetime=24h
|
||||
salifetime=24h
|
||||
EOF
|
||||
```
|
||||
|
||||
|
||||
@ -342,6 +342,8 @@ As an alternative to using the [helper script](#using-helper-scripts), advanced
|
||||
fragmentation=yes
|
||||
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
||||
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2
|
||||
ikelifetime=24h
|
||||
salifetime=24h
|
||||
EOF
|
||||
```
|
||||
|
||||
|
||||
@ -595,7 +595,7 @@ cat > "$mc_file" <<EOF
|
||||
<key>EncryptionAlgorithm</key>
|
||||
<string>AES-256-GCM</string>
|
||||
<key>LifeTimeInMinutes</key>
|
||||
<integer>1440</integer>
|
||||
<integer>1410</integer>
|
||||
</dict>
|
||||
<key>DeadPeerDetectionRate</key>
|
||||
<string>Medium</string>
|
||||
@ -614,7 +614,7 @@ cat > "$mc_file" <<EOF
|
||||
<key>IntegrityAlgorithm</key>
|
||||
<string>SHA2-256</string>
|
||||
<key>LifeTimeInMinutes</key>
|
||||
<integer>1440</integer>
|
||||
<integer>1410</integer>
|
||||
</dict>
|
||||
<key>LocalIdentifier</key>
|
||||
<string>$client_name</string>
|
||||
@ -796,6 +796,8 @@ conn ikev2-cp
|
||||
fragmentation=yes
|
||||
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
|
||||
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2
|
||||
ikelifetime=24h
|
||||
salifetime=24h
|
||||
encapsulation=yes
|
||||
EOF
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user