diff options
| author | Romain Francoise <rfrancoise@debian.org> | 2014-10-21 19:28:38 +0200 |
|---|---|---|
| committer | Romain Francoise <rfrancoise@debian.org> | 2014-10-21 19:41:50 +0200 |
| commit | b23b0e5609ed4b3d29396a1727aab035fa4a395f (patch) | |
| tree | 091d0b144dd92a0c124b7fbe9eae68f79cb975dc /src/swanctl/swanctl.opt | |
| parent | 4a01a7e2574040cf246fd00ebff173b873c17349 (diff) | |
| download | vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.tar.gz vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.zip | |
Import upstream release 5.2.1
Diffstat (limited to 'src/swanctl/swanctl.opt')
| -rw-r--r-- | src/swanctl/swanctl.opt | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index e136ffb5b..f1e47a9e4 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -161,13 +161,13 @@ connections.<conn>.send_certreq = yes of the initial IKE packets. connections.<conn>.send_cert = ifasked - Send certificate payloads (_yes_, _no_ or _ifasked_). + Send certificate payloads (_always_, _never_ or _ifasked_). Send certificate payloads when using certificate authentication. With the default of _ifasked_ the daemon sends certificate payloads only if - certificate requests have been received. _no_ disables sending of - certificate payloads, _yes_ always sends certificate payloads whenever - certificate authentication is used. + certificate requests have been received. _never_ disables sending of + certificate payloads altogether, _always_ causes certificate payloads to be + sent unconditionally whenever certificate authentication is used. connections.<conn>.keyingtries = 1 Number of retransmission sequences to perform during initial connect. @@ -194,6 +194,11 @@ connections.<conn>.unique = no EAP or XAuth authentication is involved, the EAP-Identity or XAuth username is used to enforce the uniqueness policy instead. + On initiators this setting specifies whether an INITIAL_CONTACT notify is + sent during IKE_AUTH if no existing connection is found with the remote + peer (determined by the identities of the first authentication round). + Only if set to _keep_ or _replace_ will the client send a notify. + connections.<conn>.reauth_time = 0s Time to schedule IKE reauthentication. @@ -349,7 +354,7 @@ connections.<conn>.remote<suffix>.certs = The certificates may use a relative path from the **swanctl** _x509_ directory, or an absolute path. -connections.<conn>.remote<suffix>.cacert = +connections.<conn>.remote<suffix>.cacerts = Comma separated list of CA certificates to accept for authentication. Comma separated list of CA certificates to accept for authentication. |