Merge tag 'upstream/5.3.5'

Upstream version 5.3.5
author: Yves-Alexis Perez <corsac@debian.org> 2015-11-26 15:26:43 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2015-11-26 15:26:43 +0100
commit: 03d10e87daf85e14845734e0e006eeeee31601c0 (patch)
tree: 66a54cb5ff7549e83aff848822c7c5ac251a8a72 /man
parent: c076d095d3603dab2a6320fae519cd774fd6663e (diff)
parent: f42f239a632306ed082f6fde878977248eea85cf (diff)
download: vyos-strongswan-03d10e87daf85e14845734e0e006eeeee31601c0.tar.gz
vyos-strongswan-03d10e87daf85e14845734e0e006eeeee31601c0.zip
1 files changed, 8 insertions, 7 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 6ddb05728..61804c8b3 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -349,13 +349,14 @@ liveliness of the IPsec peer. The values
 .BR hold ,
 and
 .B restart
-all activate DPD. If no activity is detected, all connections with a dead peer
-are stopped and unrouted
-.RB ( clear ),
-put in the hold state
-.RB ( hold )
-or restarted
-.RB ( restart ).
+all activate DPD and determine the action to perform on a timeout. With
+.B clear
+the connection is closed with no further actions taken.
+.B hold
+installs a trap policy, which will catch matching traffic and tries to
+re-negotiate the connection on demand.
+.B restart
+will immediately trigger an attempt to re-negotiation the connection.
 The default is
 .B none
 which disables the active sending of DPD messages.
author	Yves-Alexis Perez <corsac@debian.org>	2015-11-26 15:26:43 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2015-11-26 15:26:43 +0100
commit	03d10e87daf85e14845734e0e006eeeee31601c0 (patch)
tree	66a54cb5ff7549e83aff848822c7c5ac251a8a72 /man
parent	c076d095d3603dab2a6320fae519cd774fd6663e (diff)
parent	f42f239a632306ed082f6fde878977248eea85cf (diff)
download	vyos-strongswan-03d10e87daf85e14845734e0e006eeeee31601c0.tar.gz vyos-strongswan-03d10e87daf85e14845734e0e006eeeee31601c0.zip