HQY 一个和谐有爱的空间

reauth = yes | no

whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done.
In IKEv2, a value of no rekeys without uninstalling the IPsec SAs, a value of yes (the default)
creates a new IKE_SA from scratch and tries to recreate all IPsec SAs.

rekey = yes | no

whether a connection should be renegotiated when it is about to expire. The two ends need not agree, but
while a value of no prevents the daemon from requesting renegotiation, it does not prevent responding
to renegotiation requested from the other end, so no will be largely ineffective unless both ends agree on it.
Also see reauth.

rekeyfuzz = 100% | <percentage>

maximum percentage by which marginbytes, marginpackets and margintime should be randomly increased to randomize
rekeying intervals (important for hosts with many connections); acceptable values are an integer, which may exceed 100,
followed by a '%' .
The value of marginTYPE, after this random increase, must not exceed lifeTYPE (where TYPE is one of bytes, packets or time).
The value 0% will suppress randomization. Relevant only locally, other end need not agree on it.
Also see Expiry and Rekey.

margintime = 9m | <time>

how long before connection expiry or keying-channel expiry should attempts to negotiate a replacement begin; acceptable values
as for lifetime (default 9m). Relevant only locally, other end need not agree on it. Also see Expiry and Rekey.

config setup

         uniqueids = never

conn %default

 authby=psk

 type=tunnel

 ike=aes-sha1-modp1024!

 ikelifetime=3600s

 reauth=yes

 esp=aes-sha1-modp1024!

 lifetime=3600s

 aggressive=yes

conn net-net

 keyexchange=ikev1

 left=%any

 leftsubnet=192.168.23.0/24

 leftid=@A.com

 leftfirewall=yes

 right=x.x.x.x

 rightsubnet=192.168.168.0/22;

 rightid=@B.com

 auto=start

 type=tunnel

 margintime=1m

 rekeyfuzz=100%

 rekey=yes

conn net-net2

 keyexchange=ikev1

 left=%any

 leftsubnet=192.168.1.0/24

 leftid=@A.com

 leftfirewall=yes

 right=x.x.x.x

 rightsubnet=192.168.168.0/22;

 rightid=@B.com

 auto=start

 type=tunnel

 margintime=1m

 rekeyfuzz=100%

 rekey=yes

推荐本站淘宝优惠价购买喜欢的宝贝:

本文链接：https://hqyman.cn/post/537.html 非本站原创文章欢迎转载，原创文章需保留本站地址！

休息一下~~