From: Tobias Brunner Date: Wed, 27 Nov 2024 10:08:05 +0000 (+0100) Subject: swanctl: Update note about reauth approaches for reauth_time X-Git-Tag: 6.0.0~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6cf84547d72573733ff9639c94602747173b00a3;p=thirdparty%2Fstrongswan.git swanctl: Update note about reauth approaches for reauth_time --- diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index fbdfbf42f1..ffac64c5db 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -263,9 +263,10 @@ connections..reauth_time = 0s to actively reauthenticate as responder. The IKEv2 reauthentication lifetime negotiation can instruct the client to perform reauthentication. - Reauthentication is disabled by default. Enabling it usually may lead - to small connection interruptions, as strongSwan uses a break-before-make - policy with IKEv2 to avoid any conflicts with associated tunnel resources. + Reauthentication is disabled by default. Enabling it can usually result in + short connection interruptions, even when using make-before-break + reauthentication, which is now the default. However, they are significantly + shorter than when using the legacy break-before-make approach. connections..rekey_time = 4h Time to schedule IKE rekeying.