search

hwdsl2 / setup-ipsec-vpn

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Other
25.4k stars 6.34k forks source link

Close connection after connected for duration #1147

Closed nodesocket closed 2 years ago

nodesocket commented 2 years ago

Describe the enhancement request

Is it possible to set a maximum connection time limit? I.E. after 6 hours, I'd like to forcefully close VPN connections. Using IPsec/XAuth ("Cisco IPsec") only. Is this built into Libreswan at all?

Is your enhancement request related to a problem? Please describe.

Limit connections when forgetting to disconnect VPN when finished with it.

hwdsl2 commented 2 years ago

@nodesocket Hello! Libreswan does not support this feature AFAIK.

@letoams Is setting a maximum connection time limit supported in Libreswan?

letoams commented 2 years ago

On Apr 5, 2022, at 21:09, Lin Song @.***> wrote:

 @nodesocket Hello! Libreswan does not support this feature AFAIK.

@letoams Is setting a maximum connection time limit supported in Libreswan?

salifetime=6h

With

rekey=no

Will terminate the connection and wait for the peer to connect again.

Paul

hwdsl2 commented 2 years ago

Thanks @letoams! @nodesocket Please try these settings, salifetime=6h and rekey=no, in your /etc/ipsec.conf and/or /etc/ipsec.d/ikev2.conf, then restart the IPsec service. Note that with these settings, the client can still rekey or reconnect after the connection terminates.

nodesocket commented 2 years ago

@hwdsl2 @letoams which of the categories do these settings go under? Looking at /etc/ipsec.conf.

hwdsl2 commented 2 years ago

@nodesocket For IPsec/L2TP mode, put those settings in conn l2tp-psk. For IPsec/XAuth ("Cisco IPsec") mode, put them in conn xauth-psk. For IKEv2 mode, put them in /etc/ipsec.d/ikev2.conf. Then restart the IPsec service.

letoams commented 2 years ago

Yes, set salifetime=6h and rekey=no

Sent using a virtual keyboard on a phone

On Apr 4, 2022, at 18:10, Justin Keller @.***> wrote:

 Describe the enhancement request

Is it possible to set a maximum connection time limit? I.E. after 6 hours, I'd like to forcefully close VPN connections. Using IPsec/XAuth ("Cisco IPsec") only. Is this built into Libreswan at all?

Is your enhancement request related to a problem? Please describe.

Limit connections when forgetting to disconnect VPN connection when finished with it.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.