Diff for /embedaddon/strongswan/conf/options/charon.conf between versions 1.1 and 1.1.1.2

version 1.1, 2020/06/03 09:46:43 version 1.1.1.2, 2021/03/17 00:20:08
Line 21  charon { Line 21  charon {
     # memory.      # memory.
     # cert_cache = yes      # cert_cache = yes
   
       # Whether to use DPD to check if the current path still works after any
       # changes to interfaces/addresses.
       # check_current_path = no
   
       # Send the Cisco FlexVPN vendor ID payload (IKEv2 only).
       # cisco_flexvpn = no
   
     # Send Cisco Unity vendor ID payload (IKEv1 only).      # Send Cisco Unity vendor ID payload (IKEv1 only).
     # cisco_unity = no      # cisco_unity = no
   
Line 55  charon { Line 62  charon {
     # checks.      # checks.
     # dos_protection = yes      # dos_protection = yes
   
     # Compliance with the errata for RFC 4753.  
     # ecp_x_coordinate_only = yes  
   
     # Free objects during authentication (might conflict with plugins).      # Free objects during authentication (might conflict with plugins).
     # flush_auth_cfg = no      # flush_auth_cfg = no
   
     # Whether to follow IKEv2 redirects (RFC 5685).      # Whether to follow IKEv2 redirects (RFC 5685).
     # follow_redirects = yes      # follow_redirects = yes
   
       # Violate RFC 5998 and use EAP-only authentication even if the peer did not
       # send an EAP_ONLY_AUTHENTICATION notify during IKE_AUTH.
       # force_eap_only_authentication = no
   
     # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment      # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
     # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults      # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
     # to 1280 (use 0 for address family specific default values, which uses a      # to 1280 (use 0 for address family specific default values, which uses a
Line 139  charon { Line 147  charon {
     # NAT keep alive interval.      # NAT keep alive interval.
     # keep_alive = 20s      # keep_alive = 20s
   
       # Number of seconds the keep alive interval may be exceeded before a DPD is
       # sent instead of a NAT keep alive (0 to disable).  This is only useful if a
       # clock is used that includes time spent suspended (e.g. CLOCK_BOOTTIME).
       # keep_alive_dpd_margin = 0s
   
     # Plugins to load in the IKE daemon charon.      # Plugins to load in the IKE daemon charon.
     # load =      # load =
   
Line 358  charon { Line 371  charon {
         # List of TLS encryption ciphers.          # List of TLS encryption ciphers.
         # cipher =          # cipher =
   
           # List of TLS key exchange groups.
           # ke_group =
   
         # List of TLS key exchange methods.          # List of TLS key exchange methods.
         # key_exchange =          # key_exchange =
   
         # List of TLS MAC algorithms.          # List of TLS MAC algorithms.
         # mac =          # mac =
   
           # Whether to include CAs in a server's CertificateRequest message.
           # send_certreq_authorities = yes
   
           # List of TLS signature schemes.
           # signature =
   
         # List of TLS cipher suites.          # List of TLS cipher suites.
         # suites =          # suites =
   
           # Maximum TLS version to negotiate.
           # version_max = 1.2
   
           # Minimum TLS version to negotiate.
           # version_min = 1.2
   
     }      }
   

Removed from v.1.1  
changed lines
  Added in v.1.1.1.2


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>