diff options
author | Romain Francoise <rfrancoise@debian.org> | 2014-10-21 19:28:38 +0200 |
---|---|---|
committer | Romain Francoise <rfrancoise@debian.org> | 2014-10-21 19:28:38 +0200 |
commit | 2b8de74ff4c334c25e89988c4a401b24b5bcf03d (patch) | |
tree | 10fb49ca94bfd0c8b8a583412281abfc0186836e /src/swanctl/swanctl.opt | |
parent | 81c63b0eed39432878f78727f60a1e7499645199 (diff) | |
download | vyos-strongswan-2b8de74ff4c334c25e89988c4a401b24b5bcf03d.tar.gz vyos-strongswan-2b8de74ff4c334c25e89988c4a401b24b5bcf03d.zip |
Import upstream release 5.2.1
Diffstat (limited to 'src/swanctl/swanctl.opt')
-rw-r--r-- | src/swanctl/swanctl.opt | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index e136ffb5b..f1e47a9e4 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -161,13 +161,13 @@ connections.<conn>.send_certreq = yes of the initial IKE packets. connections.<conn>.send_cert = ifasked - Send certificate payloads (_yes_, _no_ or _ifasked_). + Send certificate payloads (_always_, _never_ or _ifasked_). Send certificate payloads when using certificate authentication. With the default of _ifasked_ the daemon sends certificate payloads only if - certificate requests have been received. _no_ disables sending of - certificate payloads, _yes_ always sends certificate payloads whenever - certificate authentication is used. + certificate requests have been received. _never_ disables sending of + certificate payloads altogether, _always_ causes certificate payloads to be + sent unconditionally whenever certificate authentication is used. connections.<conn>.keyingtries = 1 Number of retransmission sequences to perform during initial connect. @@ -194,6 +194,11 @@ connections.<conn>.unique = no EAP or XAuth authentication is involved, the EAP-Identity or XAuth username is used to enforce the uniqueness policy instead. + On initiators this setting specifies whether an INITIAL_CONTACT notify is + sent during IKE_AUTH if no existing connection is found with the remote + peer (determined by the identities of the first authentication round). + Only if set to _keep_ or _replace_ will the client send a notify. + connections.<conn>.reauth_time = 0s Time to schedule IKE reauthentication. @@ -349,7 +354,7 @@ connections.<conn>.remote<suffix>.certs = The certificates may use a relative path from the **swanctl** _x509_ directory, or an absolute path. -connections.<conn>.remote<suffix>.cacert = +connections.<conn>.remote<suffix>.cacerts = Comma separated list of CA certificates to accept for authentication. Comma separated list of CA certificates to accept for authentication. |