none
Changing default rekey options RRS feed

  • Question

  • I have a problem with a Vista L2TP/IPSec connection. Vista does a rekey after 1 hour and then the server (Strongswan on Linux) cannot do something about this since Vista should not be the initiator in this case. Its a known problem published in the openswan/strongswan maillist as well as the bug report. The issues has been reported to Microsoft and is only a problem for a roadwarrior setup.

    What I'd like to know is how to change the default values (3600 seconds before rekey) in Windows for all or my VPN connections so I can do a local work around of this issue. Very greateful for any information. One more thing though, I have to do it using an API like RAS or WFP since its a part of an application.
     
    Friday, October 17, 2008 3:09 PM

Answers

  • We are experiencing something similar, except that our issue is that Vista is proposing a rekey after 3600 seconds, however the rekey is being initiated from the server end, and Vista cannot respond because it is behind a NAT firewall and does not receive the IKE UDP traffic.

    We also would like to at least lengthen the Quick Mode Rekey interval since an hour is not long enough. Unfortunately I haven't managed to work out where to set it for an L2TP connection, although it can be aparrently set for regular IPSec under the "Ip Security Policy" mmc snapin.

    Thursday, April 30, 2009 10:37 AM