summaryrefslogtreecommitdiff
path: root/src/swanctl/swanctl.opt
diff options
context:
space:
mode:
authorRomain Francoise <rfrancoise@debian.org>2014-10-21 19:28:38 +0200
committerRomain Francoise <rfrancoise@debian.org>2014-10-21 19:28:38 +0200
commit2b8de74ff4c334c25e89988c4a401b24b5bcf03d (patch)
tree10fb49ca94bfd0c8b8a583412281abfc0186836e /src/swanctl/swanctl.opt
parent81c63b0eed39432878f78727f60a1e7499645199 (diff)
downloadvyos-strongswan-2b8de74ff4c334c25e89988c4a401b24b5bcf03d.tar.gz
vyos-strongswan-2b8de74ff4c334c25e89988c4a401b24b5bcf03d.zip
Import upstream release 5.2.1
Diffstat (limited to 'src/swanctl/swanctl.opt')
-rw-r--r--src/swanctl/swanctl.opt15
1 files changed, 10 insertions, 5 deletions
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index e136ffb5b..f1e47a9e4 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -161,13 +161,13 @@ connections.<conn>.send_certreq = yes
of the initial IKE packets.
connections.<conn>.send_cert = ifasked
- Send certificate payloads (_yes_, _no_ or _ifasked_).
+ Send certificate payloads (_always_, _never_ or _ifasked_).
Send certificate payloads when using certificate authentication. With the
default of _ifasked_ the daemon sends certificate payloads only if
- certificate requests have been received. _no_ disables sending of
- certificate payloads, _yes_ always sends certificate payloads whenever
- certificate authentication is used.
+ certificate requests have been received. _never_ disables sending of
+ certificate payloads altogether, _always_ causes certificate payloads to be
+ sent unconditionally whenever certificate authentication is used.
connections.<conn>.keyingtries = 1
Number of retransmission sequences to perform during initial connect.
@@ -194,6 +194,11 @@ connections.<conn>.unique = no
EAP or XAuth authentication is involved, the EAP-Identity or XAuth username
is used to enforce the uniqueness policy instead.
+ On initiators this setting specifies whether an INITIAL_CONTACT notify is
+ sent during IKE_AUTH if no existing connection is found with the remote
+ peer (determined by the identities of the first authentication round).
+ Only if set to _keep_ or _replace_ will the client send a notify.
+
connections.<conn>.reauth_time = 0s
Time to schedule IKE reauthentication.
@@ -349,7 +354,7 @@ connections.<conn>.remote<suffix>.certs =
The certificates may use a relative path from the **swanctl** _x509_
directory, or an absolute path.
-connections.<conn>.remote<suffix>.cacert =
+connections.<conn>.remote<suffix>.cacerts =
Comma separated list of CA certificates to accept for authentication.
Comma separated list of CA certificates to accept for authentication.