1 files changed, 11 insertions, 1 deletions

diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index 977403e91..f83211805 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -542,7 +542,8 @@ this option to yes and configuring the local broadcast address (e.g.
 
 .TP
 .BR charon.plugins.dhcp.identity_lease " [no]"
-Derive user\-defined MAC address from hash of IKE identity.
+Derive user\-defined MAC address from hash of IKE identity and send client
+identity DHCP option.
 
 .TP
 .BR charon.plugins.dhcp.interface " []"
@@ -1107,6 +1108,15 @@ a larger buffer than the default on certain platforms in order to receive all
 messages.
 
 .TP
+.BR charon.plugins.kernel-pfkey.route_via_internal " [no]"
+Whether to use the internal or external interface in installed routes. The
+internal interface is the one where the IP address contained in the local
+traffic selector is located, the external interface is the one over which the
+destination address of the IPsec tunnel can be reached. This is not relevant if
+virtual IPs are used, for which a TUN device is created that's used in the
+routes.
+
+.TP
 .BR charon.plugins.kernel-pfroute.vip_wait " [1000]"
 Time in ms to wait until virtual IP addresses appear/disappear before failing.