summaryrefslogtreecommitdiff
path: root/man/ipsec.conf.5.in
diff options
context:
space:
mode:
Diffstat (limited to 'man/ipsec.conf.5.in')
-rw-r--r--man/ipsec.conf.5.in31
1 files changed, 31 insertions, 0 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 187f36957..8b36d0f32 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -544,8 +544,18 @@ for public key authentication (RSA/ECDSA),
.B psk
for pre-shared key authentication and
.B eap
+<<<<<<< HEAD
to (require the) use of the Extensible Authentication Protocol. In the case
of
+=======
+to (require the) use of the Extensible Authentication Protocol.
+To require a trustchain public key strength for the remote side, specify the
+key type followed by the strength in bits (for example
+.BR rsa-2048
+or
+.BR ecdsa-256 ).
+For
+>>>>>>> upstream/4.5.1
.B eap,
an optional EAP method can be appended. Currently defined methods are
.BR eap-aka ,
@@ -589,7 +599,11 @@ sets
to the distinguished name of the certificate's subject and
.B leftca
to the distinguished name of the certificate's issuer.
+<<<<<<< HEAD
The left participant's ID can be overriden by specifying a
+=======
+The left participant's ID can be overridden by specifying a
+>>>>>>> upstream/4.5.1
.B leftid
value which must be certified by the certificate, though.
.TP
@@ -598,6 +612,13 @@ Same as
.B leftcert,
but for the second authentication round (IKEv2 only).
.TP
+<<<<<<< HEAD
+=======
+.BR leftcertpolicy " = <OIDs>"
+Comma separated list of certificate policy OIDs the peers certificate must have.
+OIDs are specified using the numerical dotted representation (IKEv2 only).
+.TP
+>>>>>>> upstream/4.5.1
.BR leftfirewall " = yes | " no
whether the left participant is doing forwarding-firewalling
(including masquerading) using iptables for traffic from \fIleftsubnet\fR,
@@ -953,6 +974,16 @@ synonym for
.BR reqid " = <number>"
sets the reqid for a given connection to a pre-configured fixed value.
.TP
+<<<<<<< HEAD
+=======
+.BR tfc " = <value>"
+number of bytes to pad ESP payload data to. Traffic Flow Confidentiality
+is currently supported in IKEv2 and applies to outgoing packets only. The
+special value
+.BR %mtu
+fills up ESP packets with padding to have the size of the MTU.
+.TP
+>>>>>>> upstream/4.5.1
.BR type " = " tunnel " | transport | transport_proxy | passthrough | drop"
the type of the connection; currently the accepted values
are
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-25 02:52:46 +0000