Imported Upstream version 5.5.0

2 files changed, 10 insertions, 0 deletions

diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 5ca61a8e8..78411250e 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -157,6 +157,11 @@ charon {
     # will be allocated.
     # port_nat_t = 4500
 
+    # Prefer locally configured proposals for IKE/IPsec over supplied ones as
+    # responder (disabling this can avoid keying retries due to
+    # INVALID_KE_PAYLOAD notifies).
+    # prefer_configured_proposals = yes
+
     # By default public IPv6 addresses are preferred over temporary ones (RFC
     # 4941), to make connections more stable. Enable this option to reverse
     # this.
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 86279ec83..3970012d2 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -253,6 +253,11 @@ charon.port_nat_t = 4500
 	allocated.  Has to be different from **charon.port**, otherwise a random
 	port will be allocated.
 
+charon.prefer_configured_proposals = yes
+	Prefer locally configured proposals for	IKE/IPsec over supplied ones as
+	responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD
+	notifies).
+
 charon.prefer_temporary_addrs = no
 	By default public IPv6 addresses are preferred over temporary ones (RFC
 	4941), to make connections more stable. Enable this option to reverse this.