sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity

Removed unsupported options from ipsec.conf(5) man page.

Browse Source
This commit is contained in:
Tobias Brunner 2010-10-19 17:06:57 +02:00
parent 8207a74200
commit a6f8100812
1 changed files with 0 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
man/ipsec.conf.5.in
View File

@ -233,10 +233,6 @@ defines the identity of the AAA backend used during IKEv2 EAP authentication.
This is required if the EAP client uses a method that verifies the server This is required if the EAP client uses a method that verifies the server
identity (such as EAP-TLS), but it does not match the IKEv2 gateway identity. identity (such as EAP-TLS), but it does not match the IKEv2 gateway identity.
.TP .TP
.B ah
AH authentication algorithm to be used
for the connection, e.g.
.B hmac-md5.
.TP .TP
.B auth .B auth
whether authentication should be done as part of whether authentication should be done as part of
@ -1104,13 +1100,6 @@ The default is
.B yes .B yes
if starter was compiled with IKEv2 support. if starter was compiled with IKEv2 support.
.TP .TP
.B dumpdir
in what directory should things started by \fBipsec starter\fR
(notably the Pluto and Charon daemons) be allowed to dump core?
The empty value (the default) means they are not
allowed to.
This feature is currently not yet supported by \fBipsec starter\fR.
.TP
.B plutostart .B plutostart
whether to start the IKEv1 Pluto daemon or not. whether to start the IKEv1 Pluto daemon or not.
Accepted values are Accepted values are
@ -1276,50 +1265,6 @@ Acceptable values for types are
and the level is one of and the level is one of
.B -1, 0, 1, 2, 3, 4 .B -1, 0, 1, 2, 3, 4
(for silent, audit, control, controlmore, raw, private). (for silent, audit, control, controlmore, raw, private).
.PP
The following
.B config section
parameters only make sense if the KLIPS IPsec stack
is used instead of the default NETKEY stack of the Linux 2.6 kernel:
.TP
.B fragicmp
whether a tunnel's need to fragment a packet should be reported
back with an ICMP message,
in an attempt to make the sender lower his PMTU estimate;
acceptable values are
.B yes
(the default)
and
.BR no .
.TP
.B hidetos
whether a tunnel packet's TOS field should be set to
.B 0
rather than copied from the user packet inside;
acceptable values are
.B yes
(the default)
and
.BR no
.TP
.B interfaces
virtual and physical interfaces for IPsec to use:
a single
\fIvirtual\fB=\fIphysical\fR pair, a (quoted!) list of pairs separated
by white space, or
.BR %none .
One of the pairs may be written as
.BR %defaultroute ,
which means: find the interface \fId\fR that the default route points to,
and then act as if the value was ``\fBipsec0=\fId\fR''.
.B %defaultroute
is the default;
.B %none
must be used to denote no interfaces.
.TP
.B overridemtu
value that the MTU of the ipsec\fIn\fR interface(s) should be set to,
overriding IPsec's (large) default.
.SH IKEv2 EXPIRY/REKEY .SH IKEv2 EXPIRY/REKEY
The IKE SAs and IPsec SAs negotiated by the daemon can be configured to expire The IKE SAs and IPsec SAs negotiated by the daemon can be configured to expire
after a specific amount of time. For IPsec SAs this can also happen after a after a specific amount of time. For IPsec SAs this can also happen after a