wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-14 08:43:01 +02:00
Code Issues Projects Releases Wiki Activity

Change server-side ipsec.conf settings

Browse source 
Switching to inline rekeying from reauthentication, and lengthening child_SA and IKE_SA lifetimes.
This commit is contained in:
TC1977 2018-11-20 11:56:42 -05:00
parent 709ad25abb
commit d260ba09a2
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
roles/strongswan/templates/ipsec.conf.j2
View file

@ -4,11 +4,14 @@ config setup
conn %default conn %default
fragmentation=yes fragmentation=yes
rekey=no rekey=yes
reauth=no
dpdaction=clear dpdaction=clear
keyexchange=ikev2 keyexchange=ikev2
compress=yes compress=yes
dpddelay=35s dpddelay=35s
lifetime=3h
ikelifetime=12h
{% if algo_windows %} {% if algo_windows %}
ike={{ ciphers.compat.ike }} ike={{ ciphers.compat.ike }}