1 files changed, 11 insertions, 4 deletions

diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 78411250e..f72041e6a 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -7,6 +7,12 @@ charon {
     # Maximum number of half-open IKE_SAs for a single peer IP.
     # block_threshold = 5
 
+    # Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should
+    # be saved under a unique file name derived from the public key of the
+    # Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or
+    # /etc/swanctl/x509crl (vici), respectively.
+    # cache_crls = no
+
     # Whether relations in validated certificate chains should be cached in
     # memory.
     # cert_cache = yes
@@ -51,10 +57,11 @@ charon {
     # follow_redirects = yes
 
     # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
-    # when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for
-    # address family specific        default values). If specified this limit is
-    # used for both IPv4 and IPv6.
-    # fragment_size = 0
+    # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
+    # to 1280 (use 0 for address family specific default values, which uses a
+    # lower value for IPv4).  If specified this limit is used for both IPv4 and
+    # IPv6.
+    # fragment_size = 1280
 
     # Name of the group the daemon changes to after startup.
     # group =