[ previous ] [ next ] [ threads ]
 
 From:  Robert Rich <rrich at gstisecurity dot com>
 To:  Bjoern Euler <lists at edain dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0 <-> m0n0 IPSec VPN stability
 Date:  Mon, 30 Oct 2006 05:04:00 -0500
Bjoern,

Thanks for the feedback!

I actually don't have a setting for the phase 1 lifetime, i don't know 
what that means.  Phase 2 lifetime is literally one year.

With settings like yours, do you notice it renegotiating the tunnel?  
We're doing VoIP through these  and i'm afraid of dropouts while that is 
taking place.


Bob


Bjoern Euler wrote:
> On 27.10.2006 16:04 Robert Rich wrote:
>> These are mobile client tunnels (home systems are on DHCP).  Phase 2 
>> lifetime is configured to be extremely high (1 year) to avoid 
>> renegotiation too frequently..could that be the cause?
>>
>> Any ideas?
>
> What is the phase 1 lifetime set to? I think it Phase 2 lifetime must 
> be smaller than Phase 1 lifetime.
> I have made good experiences with the following settings:
> Phase 1: 86400s
> Phase 2: 3600s
>
> Regards
> -Bjoern
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>