Reduce proposed lifetime to widely-compatible value

ndpgroup / vpnc

client for ipsec (cisco/juniper) vpn concentrator

GNU General Public License v2.0

34 stars 30 forks source link

Reduce proposed lifetime to widely-compatible value #9

Closed compenguy closed 7 years ago

compenguy commented 7 years ago

Current proposed lifetime value (2147483 seconds, which equates to MAXINT ms, or ~25 days) is rejected by Fortigate vpn devices because "peer SA proposal does not match local policy". It seems default policy for these devices constrains lifetime where similar VPN devices don't.

Reducing the lifetime from its current value to 28800 (exactly 8 hours) causes it to start working with fortigate devices.

jflemer-ndp commented 7 years ago

This github repo is just for Juniper specific features. It looks like your change is generic. I would suggest you submit the patch via the vpnc-devel mailing list (http://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel).

compenguy commented 7 years ago

Ah, my apologies. I'll take it to the mailing list, then.