diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2013-04-26 14:57:47 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2013-04-26 14:57:47 +0200 |
commit | 10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43 (patch) | |
tree | bf1d05a2e37dbd1911b86fcc026fbe49b0239c71 /man/ipsec.conf.5.in | |
parent | 7585facf05d927eb6df3929ce09ed5e60d905437 (diff) | |
download | vyos-strongswan-10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43.tar.gz vyos-strongswan-10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43.zip |
Imported Upstream version 5.0.3
Diffstat (limited to 'man/ipsec.conf.5.in')
-rw-r--r-- | man/ipsec.conf.5.in | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 2766cc4ed..e778ab773 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -452,6 +452,11 @@ suites, the strict flag exclamation mark) can be used, e.g: .BR aes256-sha512-modp4096! .TP +.BR ikedscp " = " 000000 " | <DSCP field>" +Differentiated Services Field Codepoint to set on outgoing IKE packets sent +from this connection. The value is a six digit binary encoded string defining +the Codepoint to set, as defined in RFC 2474. +.TP .BR ikelifetime " = " 3h " | <time>" how long the keying channel of a connection (ISAKMP or IKE SA) should last before being renegotiated. Also see EXPIRY/REKEY below. @@ -613,6 +618,10 @@ connection. See ipsec.secrets(5) for details about smartcard definitions. is required only if selecting the certificate with .B leftid is not sufficient, for example if multiple certificates use the same subject. +.br +Multiple certificate paths or PKCS#11 backends can be specified in a comma +separated list. The daemon chooses the certificate based on the received +certificate requests if possible before enforcing the first. .TP .BR leftcert2 " = <path>" Same as @@ -737,6 +746,14 @@ can be used to the same effect, e.g. .B leftprotoport=udp/%any or .BR leftprotoport=%any/53 . + +The port value can alternatively take the value +.B %opaque +for RFC 4301 OPAQUE selectors, or a numerical range in the form +.BR 1024-65535 . +None of the kernel backends currently supports opaque or port ranges and uses +.B %any +for policy installation instead. .TP .BR leftrsasigkey " = <raw rsa public key> | <path to public key>" the left participant's public key for RSA signature authentication, in RFC 2537 |