diff options
author | Martin Willi <martin@revosec.ch> | 2014-11-03 16:37:29 +0100 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2015-02-20 13:34:57 +0100 |
commit | 349f7f24120cf00d499a34abe01fc7c19ec39ecf (patch) | |
tree | 3479bd64665e3ae1c1d750b3fbf5066d92b5b2b2 /conf | |
parent | c8e7dbcb563fddda26f85110e0b46cdd6173651f (diff) | |
download | strongswan-349f7f24120cf00d499a34abe01fc7c19ec39ecf.tar.bz2 strongswan-349f7f24120cf00d499a34abe01fc7c19ec39ecf.tar.xz |
ikev2: Trigger make-before-break reauthentication instead of reauth task
Diffstat (limited to 'conf')
-rw-r--r-- | conf/options/charon.opt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 02629a3f4..fc38a1451 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -196,6 +196,16 @@ charon.load_modular = no charon.max_packet = 10000 Maximum packet size accepted by charon. +charon.make_before_break = no + Initiate IKEv2 reauthentication with a make-before-break scheme. + + Initiate IKEv2 reauthentication with a make-before-break instead of a + break-before-make scheme. Make-before-break uses overlapping IKE and + CHILD_SA during reauthentication by first recreating all new SAs before + deleting the old ones. This behavior can be beneficial to avoid connectivity + gaps during reauthentication, but requires support for overlapping SAs by + the peer. strongSwan can handle such overlapping SAs since version 5.3.0. + charon.mem-pool.reassign_online = no Reassign an online IP address lease from an in-memory address pool if a client with the same identity requests it explicitly. |