From 518dd33c94e041db0444c7d1f33da363bb8e3faf Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Thu, 24 Mar 2016 11:59:32 +0100 Subject: Imported Upstream version 5.4.0 --- conf/options/charon.opt | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'conf/options/charon.opt') diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 816f3250c..86279ec83 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -61,6 +61,14 @@ charon.crypto_test.required = no charon.crypto_test.rng_true = no Whether to test RNG with TRUE quality; requires a lot of entropy. +charon.delete_rekeyed = no + Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only). + + Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only). + Reduces the number of stale CHILD_SAs in scenarios with a lot of rekeyings. + However, this might cause problems with implementations that continue to + use rekeyed SAs until they expire. + charon.dh_exponent_ansi_x9_42 = yes Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic strength. @@ -89,6 +97,9 @@ charon.flush_auth_cfg = no this might conflict with plugins that later need access to e.g. the used certificates. +charon.follow_redirects = yes + Whether to follow IKEv2 redirects (RFC 5685). + charon.fragment_size = 0 Maximum size (complete IP datagram size in bytes) of a sent IKE fragment when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for @@ -283,7 +294,7 @@ charon.retry_initiate_interval = 0 resolution failed), 0 to disable retries. charon.reuse_ikesa = yes - Initiate CHILD_SA within existing IKE_SAs. + Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1). charon.routing_table Numerical routing table to install routes to. -- cgit v1.2.3