Re: [m0n0wall] m0n0 <-> m0n0 IPSec VPN stability

From:	Bjoern Euler <lists at edain dot de>
To:	m0n0wall at lists dot m0n0 dot ch
Cc:	Robert Rich <rrich at gstisecurity dot com>
Subject:	Re: [m0n0wall] m0n0 <-> m0n0 IPSec VPN stability
Date:	Fri, 27 Oct 2006 19:38:07 +0200

On 27.10.2006 16:04 Robert Rich wrote:
> These are mobile client tunnels (home systems are on DHCP).  Phase 2 
> lifetime is configured to be extremely high (1 year) to avoid 
> renegotiation too frequently..could that be the cause?
> 
> Any ideas?

What is the phase 1 lifetime set to? I think it Phase 2 lifetime must be 
smaller than Phase 1 lifetime.
I have made good experiences with the following settings:
Phase 1: 86400s
Phase 2: 3600s

Regards
-Bjoern