From 13b45efdbf77961fc64768cafa340a273120f5c7 Mon Sep 17 00:00:00 2001
From: Hristo Venev <hvenev@vmware.com>
Date: Thu, 4 Mar 2021 06:20:02 -0800
Subject: [PATCH] Set the rekey time to 1 hour

The default rekey time is "never", which means that once 2^32 packets
are sent over a connection, it is dead. Fix this by rekeying every now
and then.

1 hour is roughly the time it takes to send 2^32 128-byte packets over a
gigabit link.
---
 backend/ipsec/handle_charon.go | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/backend/ipsec/handle_charon.go b/backend/ipsec/handle_charon.go
index 3d38b2d17..5bcfab497 100644
--- a/backend/ipsec/handle_charon.go
+++ b/backend/ipsec/handle_charon.go
@@ -156,15 +156,15 @@ func (charon *CharonIKEDaemon) LoadConnection(localLease, remoteLease *subnet.Le
 
 	childConfMap := make(map[string]goStrongswanVici.ChildSAConf)
 	childSAConf := goStrongswanVici.ChildSAConf{
-		Local_ts:     []string{localLease.Subnet.String()},
-		Remote_ts:    []string{remoteLease.Subnet.String()},
-		ESPProposals: []string{charon.espProposal},
-		StartAction:  "start",
-		CloseAction:  "trap",
-		DpdAction:    "restart",
-		Mode:         "tunnel",
-		ReqID:        reqID,
-		//		RekeyTime:     rekeyTime,
+		Local_ts:      []string{localLease.Subnet.String()},
+		Remote_ts:     []string{remoteLease.Subnet.String()},
+		ESPProposals:  []string{charon.espProposal},
+		StartAction:   "start",
+		CloseAction:   "trap",
+		DpdAction:     "restart",
+		Mode:          "tunnel",
+		ReqID:         reqID,
+		RekeyTime:     "1h",
 		InstallPolicy: "no",
 	}