From 51a71ee15c1bcf0e82f363a16898f571e211f9c3 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Mon, 4 Jun 2018 09:59:21 +0200 Subject: New upstream version 5.6.3 --- conf/plugins/dhcp.conf | 3 ++- conf/plugins/dhcp.opt | 3 ++- conf/plugins/kernel-pfkey.conf | 3 +++ conf/plugins/kernel-pfkey.opt | 10 ++++++++++ 4 files changed, 17 insertions(+), 2 deletions(-) (limited to 'conf/plugins') diff --git a/conf/plugins/dhcp.conf b/conf/plugins/dhcp.conf index b0e8c84c8..88bbe36e3 100644 --- a/conf/plugins/dhcp.conf +++ b/conf/plugins/dhcp.conf @@ -3,7 +3,8 @@ dhcp { # Always use the configured server address. # force_server_address = no - # Derive user-defined MAC address from hash of IKE identity. + # Derive user-defined MAC address from hash of IKE identity and send client + # identity DHCP option. # identity_lease = no # Interface name the plugin uses for address allocation. diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt index 9c7b86091..6b337bc34 100644 --- a/conf/plugins/dhcp.opt +++ b/conf/plugins/dhcp.opt @@ -9,7 +9,8 @@ charon.plugins.dhcp.force_server_address = no 192.168.0.255) as server address might work. charon.plugins.dhcp.identity_lease = no - Derive user-defined MAC address from hash of IKE identity. + Derive user-defined MAC address from hash of IKE identity and send client + identity DHCP option. charon.plugins.dhcp.server = 255.255.255.255 DHCP server unicast or broadcast IP address. diff --git a/conf/plugins/kernel-pfkey.conf b/conf/plugins/kernel-pfkey.conf index 2d4733e74..f4340e7fe 100644 --- a/conf/plugins/kernel-pfkey.conf +++ b/conf/plugins/kernel-pfkey.conf @@ -7,5 +7,8 @@ kernel-pfkey { # priority of this plugin. load = yes + # Whether to use the internal or external interface in installed routes. + # route_via_internal = no + } diff --git a/conf/plugins/kernel-pfkey.opt b/conf/plugins/kernel-pfkey.opt index ec05215d3..0e347bebb 100644 --- a/conf/plugins/kernel-pfkey.opt +++ b/conf/plugins/kernel-pfkey.opt @@ -5,3 +5,13 @@ charon.plugins.kernel-pfkey.events_buffer_size = 0 Because events are received asynchronously installing e.g. lots of policies may require a larger buffer than the default on certain platforms in order to receive all messages. + +charon.plugins.kernel-pfkey.route_via_internal = no + Whether to use the internal or external interface in installed routes. + + Whether to use the internal or external interface in installed routes. + The internal interface is the one where the IP address contained in the + local traffic selector is located, the external interface is the one over + which the destination address of the IPsec tunnel can be reached. + This is not relevant if virtual IPs are used, for which a TUN device is + created that's used in the routes. -- cgit v1.2.3