sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-03 00:00:24 -04:00
Code Issues Projects Releases Wiki Activity

swanctl: Document that IP-TFS mode is subject to mode negotiation

Browse Source
This commit is contained in:
Tobias Brunner 2025-06-06 14:19:09 +02:00
parent 9a6aa2530e
commit e58ef258b5
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/swanctl/swanctl.opt
View File

@ -926,12 +926,12 @@ connections.<conn>.children.<child>.mode = tunnel
IPsec Mode to establish CHILD_SA with. _tunnel_ negotiates the CHILD_SA IPsec Mode to establish CHILD_SA with. _tunnel_ negotiates the CHILD_SA
in IPsec Tunnel Mode, whereas _transport_ uses IPsec Transport Mode. in IPsec Tunnel Mode, whereas _transport_ uses IPsec Transport Mode.
_transport_proxy_ signifying the special Mobile IPv6 Transport Proxy Mode. _transport_proxy_ signifying the special Mobile IPv6 Transport Proxy Mode.
_iptfs_ is IP-TFS tunnel mode with aggregation and fragmentation, _iptfs_ is IP-TFS tunnel mode with aggregation and fragmentation.
_beet_ is the Bound End to End Tunnel mixture mode, working with fixed inner _beet_ is the Bound End to End Tunnel mixture mode, working with fixed inner
addresses without the need to include them in each packet. addresses without the need to include them in each packet.
Both _transport_ and _beet_ modes are subject to mode negotiation; _tunnel_ The _transport_, _iptfs_ and _beet_ modes are subject to mode negotiation;
mode is negotiated if the preferred mode is not available. _tunnel_ mode is negotiated if the preferred mode is not available.
_pass_ and _drop_ are used to install shunt policies which explicitly _pass_ and _drop_ are used to install shunt policies which explicitly
bypass the defined traffic from IPsec processing or drop it, respectively. bypass the defined traffic from IPsec processing or drop it, respectively.