man: Document IKEv2 fragmentation in ipsec.conf(5)
This commit is contained in:
parent
482810141c
commit
aaf9911aeb
|
@ -446,19 +446,20 @@ This may help to surmount restrictive firewalls. In order to force the peer to
|
|||
encapsulate packets, NAT detection payloads are faked.
|
||||
.TP
|
||||
.BR fragmentation " = yes | force | " no
|
||||
whether to use IKE fragmentation (proprietary IKEv1 extension). Acceptable
|
||||
values are
|
||||
whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2
|
||||
fragmentation as per RFC 7383). Acceptable values are
|
||||
.BR yes ,
|
||||
.B force
|
||||
and
|
||||
.B no
|
||||
(the default). Fragmented messages sent by a peer are always accepted
|
||||
(the default). Fragmented IKE messages sent by a peer are always accepted
|
||||
irrespective of the value of this option. If set to
|
||||
.BR yes ,
|
||||
and the peer supports it, larger IKE messages will be sent in fragments.
|
||||
If set to
|
||||
.B force
|
||||
the initial IKE message will already be fragmented if required.
|
||||
(only supported for IKEv1) the initial IKE message will already be fragmented
|
||||
if required.
|
||||
.TP
|
||||
.BR ike " = <cipher suites>"
|
||||
comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms
|
||||
|
|
Loading…
Reference in New Issue