diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2018-06-04 09:59:21 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2018-06-04 09:59:21 +0200 |
| commit | 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (patch) | |
| tree | 2a03e117d072c55cfe2863d26b73e64d933e7ad8 /conf/plugins | |
| parent | 7793611ee71b576dd9c66dee327349fa64e38740 (diff) | |
| download | vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.tar.gz vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.zip | |
New upstream version 5.6.3
Diffstat (limited to 'conf/plugins')
| -rw-r--r-- | conf/plugins/dhcp.conf | 3 | ||||
| -rw-r--r-- | conf/plugins/dhcp.opt | 3 | ||||
| -rw-r--r-- | conf/plugins/kernel-pfkey.conf | 3 | ||||
| -rw-r--r-- | conf/plugins/kernel-pfkey.opt | 10 |
4 files changed, 17 insertions, 2 deletions
diff --git a/conf/plugins/dhcp.conf b/conf/plugins/dhcp.conf index b0e8c84c8..88bbe36e3 100644 --- a/conf/plugins/dhcp.conf +++ b/conf/plugins/dhcp.conf @@ -3,7 +3,8 @@ dhcp { # Always use the configured server address. # force_server_address = no - # Derive user-defined MAC address from hash of IKE identity. + # Derive user-defined MAC address from hash of IKE identity and send client + # identity DHCP option. # identity_lease = no # Interface name the plugin uses for address allocation. diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt index 9c7b86091..6b337bc34 100644 --- a/conf/plugins/dhcp.opt +++ b/conf/plugins/dhcp.opt @@ -9,7 +9,8 @@ charon.plugins.dhcp.force_server_address = no 192.168.0.255) as server address might work. charon.plugins.dhcp.identity_lease = no - Derive user-defined MAC address from hash of IKE identity. + Derive user-defined MAC address from hash of IKE identity and send client + identity DHCP option. charon.plugins.dhcp.server = 255.255.255.255 DHCP server unicast or broadcast IP address. diff --git a/conf/plugins/kernel-pfkey.conf b/conf/plugins/kernel-pfkey.conf index 2d4733e74..f4340e7fe 100644 --- a/conf/plugins/kernel-pfkey.conf +++ b/conf/plugins/kernel-pfkey.conf @@ -7,5 +7,8 @@ kernel-pfkey { # priority of this plugin. load = yes + # Whether to use the internal or external interface in installed routes. + # route_via_internal = no + } diff --git a/conf/plugins/kernel-pfkey.opt b/conf/plugins/kernel-pfkey.opt index ec05215d3..0e347bebb 100644 --- a/conf/plugins/kernel-pfkey.opt +++ b/conf/plugins/kernel-pfkey.opt @@ -5,3 +5,13 @@ charon.plugins.kernel-pfkey.events_buffer_size = 0 Because events are received asynchronously installing e.g. lots of policies may require a larger buffer than the default on certain platforms in order to receive all messages. + +charon.plugins.kernel-pfkey.route_via_internal = no + Whether to use the internal or external interface in installed routes. + + Whether to use the internal or external interface in installed routes. + The internal interface is the one where the IP address contained in the + local traffic selector is located, the external interface is the one over + which the destination address of the IPsec tunnel can be reached. + This is not relevant if virtual IPs are used, for which a TUN device is + created that's used in the routes. |