sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-03 00:00:24 -04:00
Code Issues Projects Releases Wiki Activity
strongswan/conf/options/charon-nm.opt
Tobias Brunner de30b6b385 charon-nm: Lower default retransmission settings to restore SAs more quickly 
These are the same values we use for the Android app.

References strongswan/strongswan#2696
2025-02-28 16:47:05 +01:00

56 lines
2.1 KiB
Plaintext
Raw Blame History

charon-nm {}
Section with settings specific to the NetworkManager backend `charon-nm`.
Settings from the `charon` section are not inherited, but many can be used
here as well. Defaults for some settings are chosen very deliberately and
should only be changed in case of conflicts.
charon-nm.ca_dir = <default>
Directory from which to load CA certificates if no certificate is
configured.
charon-nm.install_virtual_ip_on = lo
Interface on which virtual IP addresses are installed. Note that NM
also installs the virtual IPs on the XFRM interface.
charon-nm.mtu = 1400
MTU for XFRM interfaces created by the NM plugin.
charon-nm.port = 0
Source port when sending packets to port 500. Defaults to an ephemeral
port. May be set to 500 if firewall rules require a static port.
charon-nm.port_nat_t = 0
Source port when sending packets to port 4500 or a custom server port.
Defaults to an ephemeral port. May be set to e.g. 4500 if firewall rules
require a static port.
charon-nm.retransmit_base = 1.4
Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
in **strongswan.conf**(5). Default retransmission settings for charon-nm are
deliberately lower to fail and possibly reestablish SAs more quickly.
charon-nm.retransmit_timeout = 2.0
Timeout in seconds before sending first retransmit.
charon-nm.retransmit_tries = 3
Number of times to retransmit a packet before giving up.
charon-nm.routing_table = 210
Table where routes via XFRM interface are installed. Should be different
than the table used for the regular IKE daemon due to the mark.
charon-nm.routing_table_prio = 210
Priority of the routing table. Higher than the default priority used for the
regular IKE daemon.
charon-nm.plugins.kernel-netlink.fwmark = !210
Make packets with this mark ignore the routing table. Must be the same mark
set in charon-nm.plugins.socket-default.fwmark.
charon-nm.plugins.socket-default.fwmark = 210
Mark applied to IKE and ESP packets to ignore the routing table and avoid
routing loops when using XFRM interfaces.
charon-nm.syslog.daemon.default = 1
Default to logging via syslog's daemon facility on level 1.
Reference in New Issue View Git Blame Copy Permalink