Updated ipsec.conf.5 with new ESN options

2025-10-04 00:00:14 -04:00 · 2011-04-18 16:11:40 +02:00 · 2011-04-18 16:11:40 +02:00 · 378219546c
commit 378219546c
parent d3d21c29db
1 changed files with 10 additions and 2 deletions
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@ -409,12 +409,20 @@ comma-separated list of ESP encryption/authentication algorithms to be used
 for the connection, e.g.
 .BR aes128-sha256 .
 The notation is
-.BR encryption-integrity-[dh-group] .
+.BR encryption-integrity[-dhgroup][-esnmodes] .
 .br
 If
 .B dh-group
 is specified, CHILD_SA setup and rekeying include a separate diffe hellman
-exchange (IKEv2 only).
+exchange (IKEv2 only). Valid
+.B esnmodes
+(IKEv2 only) are
+.B esn
+and
+.B noesn.
+Specifying both negotiates Extended Sequence number support with the peer,
+the defaut is
+.B noesn.
 .TP
 .BR forceencaps " = yes | " no
 force UDP encapsulation for ESP packets even if no NAT situation is detected.