New upstream version 5.5.2

author: Yves-Alexis Perez <corsac@corsac.net> 2017-04-01 16:26:44 +0200
committer: Yves-Alexis Perez <corsac@corsac.net> 2017-04-01 16:26:44 +0200
commit: 05ddd767992d68bb38c7f16ece142e8c2e9ae016 (patch)
tree: 302c618be306d4ed3c7f9fc58a1f6aaad4dd252f /conf/options/charon.conf
parent: 25663e04c3ab01ef8dc9f906608282319cfea2db (diff)
download: vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.tar.gz
vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index f72041e6a..1b5d52d02 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -164,6 +164,9 @@ charon {
     # will be allocated.
     # port_nat_t = 4500
 
+    # Wether to prefer updating SAs to the path with the best route.
+    # prefer_best_path = no
+
     # Prefer locally configured proposals for IKE/IPsec over supplied ones as
     # responder (disabling this can avoid keying retries due to
     # INVALID_KE_PAYLOAD notifies).
@@ -236,6 +239,12 @@ charon {
     # Whether to enable constraints against IKEv2 signature schemes.
     # signature_authentication_constraints = yes
 
+    # The upper limit for SPIs requested from the kernel for IPsec SAs.
+    # spi_max = 0xcfffffff
+
+    # The lower limit for SPIs requested from the kernel for IPsec SAs.
+    # spi_min = 0xc0000000
+
     # Number of worker threads in charon.
     # threads = 16
author	Yves-Alexis Perez <corsac@corsac.net>	2017-04-01 16:26:44 +0200
committer	Yves-Alexis Perez <corsac@corsac.net>	2017-04-01 16:26:44 +0200
commit	05ddd767992d68bb38c7f16ece142e8c2e9ae016 (patch)
tree	302c618be306d4ed3c7f9fc58a1f6aaad4dd252f /conf/options/charon.conf
parent	25663e04c3ab01ef8dc9f906608282319cfea2db (diff)
download	vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.tar.gz vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.zip