--- embedaddon/strongswan/conf/options/charon.conf	2020/06/03 09:46:43	1.1.1.1
+++ embedaddon/strongswan/conf/options/charon.conf	2021/03/17 00:20:08	1.1.1.2
@@ -21,6 +21,13 @@ charon {
     # memory.
     # cert_cache = yes
 
+    # Whether to use DPD to check if the current path still works after any
+    # changes to interfaces/addresses.
+    # check_current_path = no
+
+    # Send the Cisco FlexVPN vendor ID payload (IKEv2 only).
+    # cisco_flexvpn = no
+
     # Send Cisco Unity vendor ID payload (IKEv1 only).
     # cisco_unity = no
 
@@ -55,15 +62,16 @@ charon {
     # checks.
     # dos_protection = yes
 
-    # Compliance with the errata for RFC 4753.
-    # ecp_x_coordinate_only = yes
-
     # Free objects during authentication (might conflict with plugins).
     # flush_auth_cfg = no
 
     # Whether to follow IKEv2 redirects (RFC 5685).
     # follow_redirects = yes
 
+    # Violate RFC 5998 and use EAP-only authentication even if the peer did not
+    # send an EAP_ONLY_AUTHENTICATION notify during IKE_AUTH.
+    # force_eap_only_authentication = no
+
     # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
     # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
     # to 1280 (use 0 for address family specific default values, which uses a
@@ -139,6 +147,11 @@ charon {
     # NAT keep alive interval.
     # keep_alive = 20s
 
+    # Number of seconds the keep alive interval may be exceeded before a DPD is
+    # sent instead of a NAT keep alive (0 to disable).  This is only useful if a
+    # clock is used that includes time spent suspended (e.g. CLOCK_BOOTTIME).
+    # keep_alive_dpd_margin = 0s
+
     # Plugins to load in the IKE daemon charon.
     # load =
 
@@ -358,14 +371,29 @@ charon {
         # List of TLS encryption ciphers.
         # cipher =
 
+        # List of TLS key exchange groups.
+        # ke_group =
+
         # List of TLS key exchange methods.
         # key_exchange =
 
         # List of TLS MAC algorithms.
         # mac =
 
+        # Whether to include CAs in a server's CertificateRequest message.
+        # send_certreq_authorities = yes
+
+        # List of TLS signature schemes.
+        # signature =
+
         # List of TLS cipher suites.
         # suites =
+
+        # Maximum TLS version to negotiate.
+        # version_max = 1.2
+
+        # Minimum TLS version to negotiate.
+        # version_min = 1.2
 
     }