diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2016-03-24 11:59:32 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2016-03-24 11:59:32 +0100 |
commit | 518dd33c94e041db0444c7d1f33da363bb8e3faf (patch) | |
tree | e8d1665ffadff7ec40228dda47e81f8f4691cd07 /conf/options/charon.opt | |
parent | f42f239a632306ed082f6fde878977248eea85cf (diff) | |
download | vyos-strongswan-518dd33c94e041db0444c7d1f33da363bb8e3faf.tar.gz vyos-strongswan-518dd33c94e041db0444c7d1f33da363bb8e3faf.zip |
Imported Upstream version 5.4.0
Diffstat (limited to 'conf/options/charon.opt')
-rw-r--r-- | conf/options/charon.opt | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 816f3250c..86279ec83 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -61,6 +61,14 @@ charon.crypto_test.required = no charon.crypto_test.rng_true = no Whether to test RNG with TRUE quality; requires a lot of entropy. +charon.delete_rekeyed = no + Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only). + + Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only). + Reduces the number of stale CHILD_SAs in scenarios with a lot of rekeyings. + However, this might cause problems with implementations that continue to + use rekeyed SAs until they expire. + charon.dh_exponent_ansi_x9_42 = yes Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic strength. @@ -89,6 +97,9 @@ charon.flush_auth_cfg = no this might conflict with plugins that later need access to e.g. the used certificates. +charon.follow_redirects = yes + Whether to follow IKEv2 redirects (RFC 5685). + charon.fragment_size = 0 Maximum size (complete IP datagram size in bytes) of a sent IKE fragment when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for @@ -283,7 +294,7 @@ charon.retry_initiate_interval = 0 resolution failed), 0 to disable retries. charon.reuse_ikesa = yes - Initiate CHILD_SA within existing IKE_SAs. + Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1). charon.routing_table Numerical routing table to install routes to. |