diff options
Diffstat (limited to 'src/swanctl/swanctl.conf')
| -rw-r--r-- | src/swanctl/swanctl.conf | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index 9b87a963a..c50f20dc6 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -56,6 +56,13 @@ # Send certificate payloads (always, never or ifasked). # send_cert = ifasked + # String identifying the Postquantum Preshared Key (PPK) to be used. + # ppk_id = + + # Whether a Postquantum Preshared Key (PPK) is required for this + # connection. + # ppk_required = no + # Number of retransmission sequences to perform during initial connect. # keyingtries = 1 @@ -311,6 +318,14 @@ # Netfilter mark and mask for output traffic. # mark_out = 0/0x00000000 + # Netfilter mark applied to packets after the inbound IPsec SA + # processed them. + # set_mark_in = 0/0x00000000 + + # Netfilter mark applied to packets after the outbound IPsec SA + # processed them. + # set_mark_out = 0/0x00000000 + # Traffic Flow Confidentiality padding. # tfc_padding = 0 @@ -321,6 +336,18 @@ # IPsec implementation. # hw_offload = no + # Whether to copy the DF bit to the outer IPv4 header in tunnel + # mode. + # copy_df = yes + + # Whether to copy the ECN header field to/from the outer IP + # header in tunnel mode. + # copy_ecn = yes + + # Whether to copy the DSCP header field to/from the outer IP + # header in tunnel mode. + # copy_dscp = out + # Action to perform after loading the configuration (none, trap, # start). # start_action = none @@ -379,6 +406,17 @@ # } + # Postquantum Preshared Key (PPK) section for a specific secret. + # ppk<suffix> { + + # Value of the PPK. + # secret = + + # PPK identity the PPK belongs to. + # id<suffix> = + + # } + # Private key decryption passphrase for a key in the private folder. # private<suffix> { |