Is it possible to develop a feature to disable rekey in an IPsec VPN?
For our demand, we need to disable rekey, but it doesn’t support. If VyOS is supported, it can setting lifetime “0”.
StrongSwan has support to disable this, by setting “rekey_time = 0” /etc/swanctl/swanctl.conf.
Regards!
Could you check it before we’ll implement it?
sudo nano -c +4 /opt/vyatta/share/vyatta-cfg/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def
And change range --range 30-86400 to --range 0-86400
sudo systemctl restart vyos-configd
And try to configure with 0
Thanks, @Viacheslav, for your prompt feedback.
Currently, we do a workaround as this way, it works for us.
If VyOS can support this directly, without the need to edit node.def file it will be better.