diff options
author | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
commit | 05ddd767992d68bb38c7f16ece142e8c2e9ae016 (patch) | |
tree | 302c618be306d4ed3c7f9fc58a1f6aaad4dd252f /conf/options/charon.conf | |
parent | 25663e04c3ab01ef8dc9f906608282319cfea2db (diff) | |
download | vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.tar.gz vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.zip |
New upstream version 5.5.2
Diffstat (limited to 'conf/options/charon.conf')
-rw-r--r-- | conf/options/charon.conf | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/conf/options/charon.conf b/conf/options/charon.conf index f72041e6a..1b5d52d02 100644 --- a/conf/options/charon.conf +++ b/conf/options/charon.conf @@ -164,6 +164,9 @@ charon { # will be allocated. # port_nat_t = 4500 + # Wether to prefer updating SAs to the path with the best route. + # prefer_best_path = no + # Prefer locally configured proposals for IKE/IPsec over supplied ones as # responder (disabling this can avoid keying retries due to # INVALID_KE_PAYLOAD notifies). @@ -236,6 +239,12 @@ charon { # Whether to enable constraints against IKEv2 signature schemes. # signature_authentication_constraints = yes + # The upper limit for SPIs requested from the kernel for IPsec SAs. + # spi_max = 0xcfffffff + + # The lower limit for SPIs requested from the kernel for IPsec SAs. + # spi_min = 0xc0000000 + # Number of worker threads in charon. # threads = 16 |