conf: Document recommended lower limit for SPIs

author: Tobias Brunner <tobias@strongswan.org> 2017-03-23 17:29:47 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2017-03-23 18:29:19 +0100
commit: db12675ec45c9c9bfe5b6ae000a38c76bdf6aad5 (patch)
tree: 974e5e792a251eff475bc812ba25a6cbff4b6280
parent: 93700d93fa4afaf28c9fe6e9d948ba13edfc8e79 (diff)
download: strongswan-db12675ec45c9c9bfe5b6ae000a38c76bdf6aad5.tar.bz2
strongswan-db12675ec45c9c9bfe5b6ae000a38c76bdf6aad5.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 493d73f16..4c4311e81 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -353,6 +353,10 @@ charon.signature_authentication_constraints = yes
 charon.spi_min = 0xc0000000
 	The lower limit for SPIs requested from the kernel for IPsec SAs.
 
+	The lower limit for SPIs requested from the kernel for IPsec SAs. Should not
+	be set lower than 0x00000100 (256), as SPIs between 1 and 255 are reserved
+	by IANA.
+
 charon.spi_max = 0xcfffffff
 	The upper limit for SPIs requested from the kernel for IPsec SAs.
author	Tobias Brunner <tobias@strongswan.org>	2017-03-23 17:29:47 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2017-03-23 18:29:19 +0100
commit	db12675ec45c9c9bfe5b6ae000a38c76bdf6aad5 (patch)
tree	974e5e792a251eff475bc812ba25a6cbff4b6280
parent	93700d93fa4afaf28c9fe6e9d948ba13edfc8e79 (diff)
download	strongswan-db12675ec45c9c9bfe5b6ae000a38c76bdf6aad5.tar.bz2 strongswan-db12675ec45c9c9bfe5b6ae000a38c76bdf6aad5.tar.xz