Support configuring IPSec SA bytes
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	c-po
	Dec 6 2019, 7:34 AM

Description

Once can not only have the SA change after xx seconds, but also after yy bytes. This is supported by StrongSwan but missing on the CLI.

lifebytes = <number>
the number of bytes transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to 5.0.0.
lifepackets = <number>
the number of packets transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to 5.0.0.

https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey

Details

Difficulty level: Easy (less than an hour)
Version: 1.2.3
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Feature (new functionality)

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		sarthurdev	T2816 Rewrite IPsec scripts with the new XML/Python approach
		Resolved	FEATURE REQUEST	Viacheslav	T1856 Support configuring IPSec SA bytes