diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2016-10-20 16:18:38 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2016-10-20 16:18:38 +0200 |
| commit | 25663e04c3ab01ef8dc9f906608282319cfea2db (patch) | |
| tree | a0ca5e70f66d74dbe552c996a4f3a285cdfc35e4 /conf/plugins/kernel-netlink.conf | |
| parent | bf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff) | |
| download | vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.tar.gz vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.zip | |
New upstream version 5.5.1
Diffstat (limited to 'conf/plugins/kernel-netlink.conf')
| -rw-r--r-- | conf/plugins/kernel-netlink.conf | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/conf/plugins/kernel-netlink.conf b/conf/plugins/kernel-netlink.conf index 3997dc7d9..47f7d58bc 100644 --- a/conf/plugins/kernel-netlink.conf +++ b/conf/plugins/kernel-netlink.conf @@ -46,8 +46,33 @@ kernel-netlink { # Netlink message retransmission timeout, 0 to disable retransmissions. # timeout = 0 - # Lifetime of XFRM acquire state in kernel. + # Lifetime of XFRM acquire state and allocated SPIs in kernel. # xfrm_acq_expires = 165 + # XFRM policy hashing threshold configuration for IPv4 and IPv6. + spdh_thresh { + + ipv4 { + + # Local subnet XFRM policy hashing threshold for IPv4. + # lbits = 32 + + # Remote subnet XFRM policy hashing threshold for IPv4. + # rbits = 32 + + } + + ipv6 { + + # Local subnet XFRM policy hashing threshold for IPv6. + # lbits = 128 + + # Remote subnet XFRM policy hashing threshold for IPv6. + # rbits = 128 + + } + + } + } |