IPsec SA lifetime…
-
Hi,
When setting SA lifetimes on IPsecs VPN's, I have the option to select the lifetime in seconds but not in Kb?
Am I missing something that needs to be enabled to allow this, or is the feature simply not there?Running pfSense 2.0-Release…
Regards,
Anders -
AFAIK ipsec-tools used by pfsense doesn't support Security Association Lifetime by traffic volume, only by time.
-
dhatz is correct, ipsec-tools, which is what we use for IPsec, does not support lifetimes by data size, only by time.
-
dhatz is correct, ipsec-tools, which is what we use for IPsec, does not support lifetimes by data size, only by time.
A little extra research on this topic reveals that it seems to be deprecated in racoon, ie. removed and I will therefore assume that it is not a feature that is coming (back)…