diff options
Diffstat (limited to 'src/swanctl/swanctl.conf')
| -rw-r--r-- | src/swanctl/swanctl.conf | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index c480ce174..428be91e7 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -13,7 +13,7 @@ # Remote address(es) to use for IKE communication, comma separated. # remote_addrs = %any - # Local UPD port for IKE communication. + # Local UDP port for IKE communication. # local_port = 500 # Remote UDP port for IKE communication. @@ -43,7 +43,7 @@ # Timeout for DPD checks (IKEV1 only). # dpd_timeout = 0s - # Use IKEv1 UDP packet fragmentation (yes, no or force). + # Use IKE UDP datagram fragmentation. (yes, no or force). # fragmentation = no # Send certificate requests payloads (yes or no). @@ -76,10 +76,19 @@ # Section for a local authentication round. # local<suffix> { + # Optional numeric identifier by which authentication rounds are + # sorted. If not specified rounds are ordered by their position in + # the config file/VICI message. + # round = 0 + # Comma separated list of certificate candidates to use for # authentication. # certs = + # Comma separated list of raw public key candidates to use for + # authentication. + # pubkeys = + # Authentication to perform locally (pubkey, psk, xauth[-backend] or # eap[-method]). # auth = pubkey @@ -102,6 +111,11 @@ # Section for a remote authentication round. # remote<suffix> { + # Optional numeric identifier by which authentication rounds are + # sorted. If not specified rounds are ordered by their position in + # the config file/VICI message. + # round = 0 + # IKE identity to expect for authentication round. # id = %any @@ -115,6 +129,10 @@ # authentication. # cacerts = + # Comma separated list of raw public keys to accept for + # authentication. + # pubkeys = + # Certificate revocation policy, (strict, ifuri or relaxed). # revocation = relaxed |