Imported Upstream version 5.4.0

1 files changed, 12 insertions, 1 deletions

diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 816f3250c..86279ec83 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -61,6 +61,14 @@ charon.crypto_test.required = no
 charon.crypto_test.rng_true = no
 	Whether to test RNG with TRUE quality; requires a lot of entropy.
 
+charon.delete_rekeyed = no
+	Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only).
+
+	Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only).
+	Reduces the number of stale CHILD_SAs in scenarios with a lot of rekeyings.
+	However, this might cause problems with implementations that continue to
+	use rekeyed SAs until they expire.
+
 charon.dh_exponent_ansi_x9_42 = yes
 	Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
 	strength.
@@ -89,6 +97,9 @@ charon.flush_auth_cfg = no
 	this might conflict with plugins that later need access to e.g. the used
 	certificates.
 
+charon.follow_redirects = yes
+	Whether to follow IKEv2 redirects (RFC 5685).
+
 charon.fragment_size = 0
 	Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
 	when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for
@@ -283,7 +294,7 @@ charon.retry_initiate_interval = 0
 	resolution failed), 0 to disable retries.
 
 charon.reuse_ikesa = yes
-	Initiate CHILD_SA within existing IKE_SAs.
+	Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1).
 
 charon.routing_table
 	Numerical routing table to install routes to.