October 4th, 2012, 10:04 AM
IPsec ISAKMP racoon - soft lifetime does not work
Hello and welcome,
The problem is that my racoon does not use soft lifetime to inform other peers about rekeying.
I've got official ipsec-tools RPM from RedHat (ipsec-tools-0.6.5-14.el5.3), quite strange there is such a bug.
The bug is quite affecting my system: keys are deleted after the hard life time expiration; and new keys are generated only after a while. So, this interrupts system traffic which causes intolerable loss of packets.
When I use "setkey -D" command I see that "Soft" lifetime is calculated properly and is contained in Phase 2 key record.
Can anyone help to identify the problem? I would like to know why racoon does not initiate new key negotiation after soft lifetime expiration.
This touches Phase 1 keys too. From the sniffer traces I see that racoon is not sending any re-negotiation requests.
Thanks in advance