diff options
author | Martin Willi <martin@revosec.ch> | 2014-07-16 16:31:52 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2014-11-21 10:55:45 +0100 |
commit | 87888f99265b8617fd430f2adc6c6c5e59a47979 (patch) | |
tree | 061a5065e637a666fd771ff09c552c6b0073371a /conf | |
parent | 6f9df556ba504ce8504fd4802d8ce2fe9da1e661 (diff) | |
download | strongswan-87888f99265b8617fd430f2adc6c6c5e59a47979.tar.bz2 strongswan-87888f99265b8617fd430f2adc6c6c5e59a47979.tar.xz |
kernel-netlink: Alternatively support global port based IKE bypass policies
The socket based IKE bypass policies are usually superior, but not supported
on all networking stacks. The port based variant uses global policies for the
UDP ports we have IKE sockets for.
Diffstat (limited to 'conf')
-rw-r--r-- | conf/plugins/kernel-netlink.opt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt index c00a15fcc..0843678a2 100644 --- a/conf/plugins/kernel-netlink.opt +++ b/conf/plugins/kernel-netlink.opt @@ -24,6 +24,15 @@ charon.plugins.kernel-netlink.parallel_route = no charon.plugins.kernel-netlink.parallel_xfrm = no Whether to perform concurrent Netlink XFRM queries on a single socket. +charon.plugins.kernel-netlink.port_bypass = no + Whether to use port or socket based IKE XFRM bypass policies. + + Whether to use port or socket based IKE XFRM bypass policies. + IKE bypass policies are used to exempt IKE traffic from XFRM processing. + The default socket based policies are directly tied to the IKE UDP sockets, + port based policies use global XFRM bypass policies for the used IKE UDP + ports. + charon.plugins.kernel-netlink.roam_events = yes Whether to trigger roam events when interfaces, addresses or routes change. |