diff options
author | Tobias Brunner <tobias@strongswan.org> | 2015-08-03 19:26:54 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2015-08-21 18:19:26 +0200 |
commit | 8212f3d9a4ed356998efeace3952d0188d3ed4ba (patch) | |
tree | c8f1b0ef24e6bdce279513d02283f18bab6e14a6 /conf | |
parent | a5c07be0589af9dd65150d20fa421bcd017b85e9 (diff) | |
download | strongswan-8212f3d9a4ed356998efeace3952d0188d3ed4ba.tar.bz2 strongswan-8212f3d9a4ed356998efeace3952d0188d3ed4ba.tar.xz |
stroke: Add an option to disable side-swapping of configuration options
In some scenarios it might be preferred to ensure left is always local
and no unintended swaps occur.
Diffstat (limited to 'conf')
-rw-r--r-- | conf/plugins/stroke.opt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/conf/plugins/stroke.opt b/conf/plugins/stroke.opt index 4b49b1f04..ad5e62dc4 100644 --- a/conf/plugins/stroke.opt +++ b/conf/plugins/stroke.opt @@ -1,3 +1,8 @@ +charon.plugins.stroke.allow_swap = yes + Analyze addresses/hostnames in _left|right_ to detect which side is local + and swap configuration options if necessary. If disabled _left_ is always + _local_. + charon.plugins.stroke.ignore_missing_ca_basic_constraint = no Treat certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA certificates even if they don't contain a CA basic constraint. |