Page MenuHomeVyOS Platform

Support configuring IPSec SA bytes
Open, Requires assessmentPublicFEATURE REQUEST

Description

Once can not only have the SA change after xx seconds, but also after yy bytes. This is supported by StrongSwan but missing on the CLI.

lifebytes = <number>
the number of bytes transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to 5.0.0.
lifepackets = <number>
the number of packets transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to 5.0.0.

https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey

Details

Difficulty level
Easy (less than an hour)
Version
1.2.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

c-po created this task.Dec 6 2019, 7:34 AM
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po changed Version from - to 1.2.3.