diff options
Diffstat (limited to 'conf/options/charon.conf')
| -rw-r--r-- | conf/options/charon.conf | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/conf/options/charon.conf b/conf/options/charon.conf index f72041e6a..1b5d52d02 100644 --- a/conf/options/charon.conf +++ b/conf/options/charon.conf @@ -164,6 +164,9 @@ charon { # will be allocated. # port_nat_t = 4500 + # Wether to prefer updating SAs to the path with the best route. + # prefer_best_path = no + # Prefer locally configured proposals for IKE/IPsec over supplied ones as # responder (disabling this can avoid keying retries due to # INVALID_KE_PAYLOAD notifies). @@ -236,6 +239,12 @@ charon { # Whether to enable constraints against IKEv2 signature schemes. # signature_authentication_constraints = yes + # The upper limit for SPIs requested from the kernel for IPsec SAs. + # spi_max = 0xcfffffff + + # The lower limit for SPIs requested from the kernel for IPsec SAs. + # spi_min = 0xc0000000 + # Number of worker threads in charon. # threads = 16 |