aboutsummaryrefslogtreecommitdiffstats
path: root/conf
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2016-06-01 12:18:56 +0200
committerTobias Brunner <tobias@strongswan.org>2016-06-17 18:48:07 +0200
commit0a954d678979624806a2d250208530291da34e32 (patch)
tree96daddf9186cb030b621fdf8bd5ba5e750994aa3 /conf
parentf2ea230b91d050a4fddc84a55068107046b1708f (diff)
downloadstrongswan-0a954d678979624806a2d250208530291da34e32.tar.bz2
strongswan-0a954d678979624806a2d250208530291da34e32.tar.xz
ike: Add configuration option to switch to preferring supplied proposals over local ones
Diffstat (limited to 'conf')
-rw-r--r--conf/options/charon.opt5
1 files changed, 5 insertions, 0 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 86279ec83..3970012d2 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -253,6 +253,11 @@ charon.port_nat_t = 4500
allocated. Has to be different from **charon.port**, otherwise a random
port will be allocated.
+charon.prefer_configured_proposals = yes
+ Prefer locally configured proposals for IKE/IPsec over supplied ones as
+ responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD
+ notifies).
+
charon.prefer_temporary_addrs = no
By default public IPv6 addresses are preferred over temporary ones (RFC
4941), to make connections more stable. Enable this option to reverse this.