diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-03-23 17:29:47 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-03-23 18:29:19 +0100 |
commit | db12675ec45c9c9bfe5b6ae000a38c76bdf6aad5 (patch) | |
tree | 974e5e792a251eff475bc812ba25a6cbff4b6280 | |
parent | 93700d93fa4afaf28c9fe6e9d948ba13edfc8e79 (diff) | |
download | strongswan-db12675ec45c9c9bfe5b6ae000a38c76bdf6aad5.tar.bz2 strongswan-db12675ec45c9c9bfe5b6ae000a38c76bdf6aad5.tar.xz |
conf: Document recommended lower limit for SPIs
-rw-r--r-- | conf/options/charon.opt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 493d73f16..4c4311e81 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -353,6 +353,10 @@ charon.signature_authentication_constraints = yes charon.spi_min = 0xc0000000 The lower limit for SPIs requested from the kernel for IPsec SAs. + The lower limit for SPIs requested from the kernel for IPsec SAs. Should not + be set lower than 0x00000100 (256), as SPIs between 1 and 255 are reserved + by IANA. + charon.spi_max = 0xcfffffff The upper limit for SPIs requested from the kernel for IPsec SAs. |