-------- Original Message --------
> "It is your job to ensure both peers are configured with the same lifetimes.
> If they are not, it is possible for the tunnel to be established initially,
> but then cease to work when one of the mis-matched lifetime periods
> I would still be grateful if anyone can answer the question in my post
> below. Is the setting of SA lifetimes on the client and the server a totally
> manual process - or can you safely leave it unset on the client and rely on
> the client detecting the expiration of a SA lifetime?
Personnaly, I'm not an IPsec expert at all and I just try to figure out
how and *why* things work.
So, I've changed my config this morning and I've set up P1 lifetime to
86400 seconds and P2 to 3600 seconds. Then I manually forced the remote
machine to reboot many times: it seems all is working fine this time!
Still don't know why... Still don't know if the problems will occur
In conclusion: I would recommend to set the values by hand on both ends.
Exactly the same values, of course! My current point of view is: I need
a working config so that my boss trust me and let me play with m0n0wall
+ Soekris hardware and save money.
Curiosity is another topic. So, if any IPsec guru could answer...
I would like to thank all people who gave us feedback on that topic
during the past days. We'll have to wait for Manuel to be back and read
his tons of e-mail before we know what he thinks... (Manuel: good luck ;-)