diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-09-25 12:22:05 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-09-25 12:22:05 +0200 |
| commit | 358104a47f18415aeedf38e2ba1ee17a1b40227e (patch) | |
| tree | c7a4586dca5c8bbf826d5915323817305bbe88e5 | |
| parent | 2d39f79b9bd935784fd99c90044569d5ed5ed961 (diff) | |
| download | strongswan-358104a47f18415aeedf38e2ba1ee17a1b40227e.tar.bz2 strongswan-358104a47f18415aeedf38e2ba1ee17a1b40227e.tar.xz | |
Added description for flush_auth_cfg and acct_port plus some minor editorial changes
| -rw-r--r-- | man/strongswan.conf.5.in | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index 73d92b35d..217d7d739 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -159,7 +159,10 @@ Enable Denial of Service protection using cookies and aggressiveness checks Section to define file loggers, see LOGGER CONFIGURATION .TP .BR charon.flush_auth_cfg " [no]" - +If enabled objects used during authentication (certificates, identities etc.) +are released to free memory once an IKE_SA is established. +Enabling this might conflict with plugins that later need access to e.g. the +used certificates. .TP .BR charon.half_open_timeout " [30]" Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING). @@ -204,10 +207,11 @@ If not specified the addresses will be installed on the outbound interface. .TP .BR charon.interfaces_ignore A comma-separated list of network interfaces that should be ignored, if -charon.interfaces_use is specified this option has no effect. +.B charon.interfaces_use +is specified this option has no effect. .TP .BR charon.interfaces_use -A comma-separated list of network interfaces that sould be used by charon. +A comma-separated list of network interfaces that should be used by charon. All other interfaces are ignored. .TP .BR charon.keep_alive " [20s]" @@ -391,7 +395,6 @@ Start phase2 EAP TNC protocol after successful client authentication .TP .BR charon.plugins.eap-peap.request_peer_auth " [no]" Request peer authentication based on a client certificate - .TP .BR charon.plugins.eap-radius.accounting " [no]" Send RADIUS accounting information to RADIUS servers. @@ -439,7 +442,9 @@ name or attribute number, a colon can be used to specify vendor-specific attributes, e.g. Reply-Message, or 11, or 36906:12). .TP .BR charon.plugins.eap-radius.forward.radius_to_ike -Same as charon.plugins.eap-radius.forward.ike_to_radius but from RADIUS to +Same as +.B charon.plugins.eap-radius.forward.ike_to_radius +but from RADIUS to IKEv2, a strongSwan specific private notify (40969) is used to transmit the attributes. .TP @@ -466,10 +471,15 @@ Section to specify multiple RADIUS servers. The .B sockets and .B port +(or +.BR auth_port ) options can be specified for each server. A server's IP/Hostname can be configured using the .B address -option. For each RADIUS server a priority can be specified using the +option. The +.BR acct_port " [1813]" +option can be used to specify the port used for RADIUS accounting. +For each RADIUS server a priority can be specified using the .BR preference " [0]" option. .TP |