1 files changed, 13 insertions, 0 deletions

diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 0bec9bb0a..bd8e29940 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -58,6 +58,10 @@ charon {
     # Allow IKEv1 Aggressive Mode with pre-shared keys as responder.
     # i_dont_care_about_security_and_use_aggressive_mode_psk = no
 
+    # Whether to ignore the traffic selectors from the kernel's acquire events
+    # for IKEv2 connections (they are not used for IKEv1).
+    # ignore_acquire_ts = no
+
     # A space-separated list of routing tables to be excluded from route
     # lookups.
     # ignore_routing_tables =
@@ -116,6 +120,9 @@ charon {
     # Determine plugins to load via each plugin's load option.
     # load_modular = no
 
+    # Initiate IKEv2 reauthentication with a make-before-break scheme.
+    # make_before_break = no
+
     # Maximum packet size accepted by charon.
     # max_packet = 10000
 
@@ -197,6 +204,12 @@ charon {
     # Send strongSwan vendor ID payload
     # send_vendor_id = no
 
+    # Whether to enable Signature Authentication as per RFC 7427.
+    # signature_authentication = yes
+
+    # Whether to enable constraints against IKEv2 signature schemes.
+    # signature_authentication_constraints = yes
+
     # Number of worker threads in charon.
     # threads = 16