From 4b1cd5a367058f2fe09d5e0e49a4c79eb5cd0193 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Wed, 7 Oct 2009 11:40:36 +0200
Subject: Reenabled acq_expires SA timer using rekey timeout

While not using a SA expiration for allocating SPIs works fine,
the situation is much more problematic for kernel-created temporary
SAs from acquires. If the negotiation of such a CHILD_SA fails,
the created temporary SA can not be deleted.
---
 src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c')

diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 08d494ecb..d280daf74 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1996,7 +1996,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
 	fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY);
 	if (fd)
 	{
-		ignore_result(write(fd, "0", 1));
+		ignore_result(write(fd, "165", 3));
 		close(fd);
 	}
 
-- 
cgit v1.2.3