IPsec: Default to rekey=no

19 May 2015


      Hi,
we noticed interruptions with our IPsec roadwarrriors. The problem turned  
out to be caused by the server trying to rekey with the client that is  
sitting behind a NAT (Windows 7 client at colleague's home). See  
https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#Rekeying-behav...
This was solved by adding "rekey=no" to "/etc/ipsec.user.conf" for each  
connection.
I wonder if this should be added by IPFire by default as I guess that all  
roadwarriors behind a NAT (probably the majority) might have this problem.
So, adding
     print CONF "\trekey=no\n";
to
     /srv/web/ipfire/cgi-bin/vpnmain.cgi
Lars

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

IPsec: Default to rekey=no