If the server is busy dealing with LAN-speed traffic, it can easily
exhaust the 32 MB data limit within the 2 minutes allowed. The result
of this is that another switch or switch-ok gets sent and ignored, and
no new keys are negotiated. The only thing to do is lower the validity
time. One key-exchange every 20 seconds isn't going to break the bank.
/*----- Tunable parameters ------------------------------------------------*/
-#define T_VALID MIN(2) /* Challenge validity period */
+#define T_VALID SEC(20) /* Challenge validity period */
#define T_RETRY SEC(10) /* Challenge retransmit interval */
#define VALIDP(kx, now) ((now) < (kx)->t_valid)