swanctl: Update note about reauth approaches for reauth_time

author Tobias Brunner <tobias@strongswan.org>

Wed, 27 Nov 2024 10:08:05 +0000 (11:08 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Wed, 27 Nov 2024 10:08:05 +0000 (11:08 +0100)
author Tobias Brunner <tobias@strongswan.org>
Wed, 27 Nov 2024 10:08:05 +0000 (11:08 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Wed, 27 Nov 2024 10:08:05 +0000 (11:08 +0100)
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt

index fbdfbf42f1cb0e05f56d0c9e8c5ec3ecaaea7204..ffac64c5dba3d6ed22e2ac7870a8185d99dc8d77 100644 (file)
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -263,9 +263,10 @@ connections.<conn>.reauth_time = 0s
         to actively reauthenticate as responder. The IKEv2 reauthentication lifetime
         negotiation can instruct the client to perform reauthentication.
  
-       Reauthentication is disabled by default. Enabling it usually may lead
-       to small connection interruptions, as strongSwan uses a break-before-make
-       policy with IKEv2 to avoid any conflicts with associated tunnel resources.
+       Reauthentication is disabled by default. Enabling it can usually result in
+       short connection interruptions, even when using make-before-break
+       reauthentication, which is now the default. However, they are significantly
+       shorter than when using the legacy break-before-make approach.
  
  connections.<conn>.rekey_time = 4h
         Time to schedule IKE rekeying.
author	Tobias Brunner <tobias@strongswan.org>
	Wed, 27 Nov 2024 10:08:05 +0000 (11:08 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Wed, 27 Nov 2024 10:08:05 +0000 (11:08 +0100)