Hello and welcome,

The problem is that my racoon does not use soft lifetime to inform other peers about rekeying.

I've got official ipsec-tools RPM from RedHat (ipsec-tools-0.6.5-14.el5.3), quite strange there is such a bug.

The bug is quite affecting my system: keys are deleted after the hard life time expiration; and new keys are generated only after a while. So, this interrupts system traffic which causes intolerable loss of packets.

When I use "setkey -D" command I see that "Soft" lifetime is calculated properly and is contained in Phase 2 key record.

Can anyone help to identify the problem? I would like to know why racoon does not initiate new key negotiation after soft lifetime expiration.

This touches Phase 1 keys too. From the sniffer traces I see that racoon is not sending any re-negotiation requests.

Thanks in advance