diff options
Diffstat (limited to 'conf/options')
| -rw-r--r-- | conf/options/charon.conf | 12 | ||||
| -rw-r--r-- | conf/options/charon.opt | 17 |
2 files changed, 29 insertions, 0 deletions
diff --git a/conf/options/charon.conf b/conf/options/charon.conf index 1b5d52d02..7ccb74939 100644 --- a/conf/options/charon.conf +++ b/conf/options/charon.conf @@ -29,6 +29,10 @@ charon { # Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only). # delete_rekeyed = no + # Delay in seconds until inbound IPsec SAs are deleted after rekeyings + # (IKEv2 only). + # delete_rekeyed_delay = 5 + # Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic # strength. # dh_exponent_ansi_x9_42 = yes @@ -199,6 +203,14 @@ charon { # in strongswan.conf(5). # retransmit_base = 1.8 + # Maximum jitter in percent to apply randomly to calculated retransmission + # timeout (0 to disable). + # retransmit_jitter = 0 + + # Upper limit in seconds for calculated retransmission timeout (0 to + # disable). + # retransmit_limit = 0 + # Timeout in seconds before sending first retransmit. # retransmit_timeout = 4.0 diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 4c4311e81..3593c6a5f 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -75,6 +75,16 @@ charon.delete_rekeyed = no However, this might cause problems with implementations that continue to use rekeyed SAs until they expire. +charon.delete_rekeyed_delay = 5 + Delay in seconds until inbound IPsec SAs are deleted after rekeyings (IKEv2 + only). + + Delay in seconds until inbound IPsec SAs are deleted after rekeyings (IKEv2 + only). To process delayed packets the inbound part of a CHILD_SA is kept + installed up to the configured number of seconds after it got replaced + during a rekeying. If set to 0 the CHILD_SA will be kept installed until it + expires (if no lifetime is set it will be destroyed immediately). + charon.dh_exponent_ansi_x9_42 = yes Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic strength. @@ -311,6 +321,13 @@ charon.retransmit_timeout = 4.0 charon.retransmit_tries = 5 Number of times to retransmit a packet before giving up. +charon.retransmit_jitter = 0 + Maximum jitter in percent to apply randomly to calculated retransmission + timeout (0 to disable). + +charon.retransmit_limit = 0 + Upper limit in seconds for calculated retransmission timeout (0 to disable). + charon.retry_initiate_interval = 0 Interval in seconds to use when retrying to initiate an IKE_SA (e.g. if DNS resolution failed), 0 to disable retries. |