swanctl.conf: IKEv2 fragmentation supported
This commit is contained in:
parent
1990eeebfe
commit
e333d4c0f1
|
@ -140,14 +140,15 @@ connections.<conn>.dpd_timeout = 0s
|
||||||
specified; this option has no effect on connections using IKE2.
|
specified; this option has no effect on connections using IKE2.
|
||||||
|
|
||||||
connections.<conn>.fragmentation = no
|
connections.<conn>.fragmentation = no
|
||||||
Use IKEv1 UDP packet fragmentation (_yes_, _no_ or _force_).
|
Use IKE UDP datagram fragmentation. (_yes_, _no_ or _force_).
|
||||||
|
|
||||||
The default of _no_ disables IKEv1 fragmentation mechanism, _yes_ enables
|
Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
|
||||||
it if support has been indicated by the peer. _force_ enforces
|
fragmentation). Acceptable values are _yes_, _force_ and _no_ (the
|
||||||
fragmentation if required even before the peer had a chance to indicate
|
default). Fragmented IKE messages sent by a peer are always accepted
|
||||||
support for it.
|
irrespective of the value of this option. If set to _yes_, and the peer
|
||||||
|
supports it, oversized IKE messages will be sent in fragments. If set to
|
||||||
IKE fragmentation is currently not supported with IKEv2.
|
_force_ (only supported for IKEv1) the initial IKE message will already
|
||||||
|
be fragmented if required.
|
||||||
|
|
||||||
connections.<conn>.send_certreq = yes
|
connections.<conn>.send_certreq = yes
|
||||||
Send certificate requests payloads (_yes_ or _no_).
|
Send certificate requests payloads (_yes_ or _no_).
|
||||||
|
|
Loading…
Reference in New Issue