Disable rekey IPSec VPN

Is it possible to develop a feature to disable rekey in an IPsec VPN?

For our demand, we need to disable rekey, but it doesn’t support. If VyOS is supported, it can setting lifetime “0”.


StrongSwan has support to disable this, by setting “rekey_time = 0” /etc/swanctl/swanctl.conf.


Could you check it before we’ll implement it?

sudo nano -c +4 /opt/vyatta/share/vyatta-cfg/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def

And change range --range 30-86400 to --range 0-86400

sudo systemctl restart vyos-configd

And try to configure with 0

Thanks, @Viacheslav, for your prompt feedback.

Currently, we do a workaround as this way, it works for us.

If VyOS can support this directly, without the need to edit node.def file it will be better.

I created the task T5139

Thanks, @Viacheslav!