diff options
author | Martin Willi <martin@revosec.ch> | 2012-08-31 12:55:56 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2012-08-31 12:55:56 +0200 |
commit | 1323dc1138246a6e2819bcc20b167b75d52e6d7c (patch) | |
tree | 5081fcc1d015a8cd0ec6dfe39a8df14f12d86ac5 /man/ipsec.conf.5.in | |
parent | 868409139b00f24607baab2d81b873cb1a5a9e5b (diff) | |
parent | 69e056a2c13ac7da9ed4e48f846d642aa01a362b (diff) | |
download | strongswan-1323dc1138246a6e2819bcc20b167b75d52e6d7c.tar.bz2 strongswan-1323dc1138246a6e2819bcc20b167b75d52e6d7c.tar.xz |
Merge branch 'multi-vip'
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
Diffstat (limited to 'man/ipsec.conf.5.in')
-rw-r--r-- | man/ipsec.conf.5.in | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 837a2055a..7c336c451 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -586,6 +586,16 @@ Comma separated list of certificate policy OIDs the peer's certificate must have. OIDs are specified using the numerical dotted representation. .TP +.BR leftdns " = <servers>" +Comma separated list of DNS server addresses to exchange as configuration +attributes. On the initiator, a server is a fixed IPv4 / IPv6 address, or +.B %config4 +/ +.B %config6 +to request attributes without an address. On the responder, +only fixed IPv4 /IPv6 addresses are allowed and define DNS servers assigned +to the client. +.TP .BR leftfirewall " = yes | " no whether the left participant is doing forwarding-firewalling (including masquerading) using iptables for traffic from \fIleftsubnet\fR, @@ -691,19 +701,19 @@ and the latter meaning that the peer must send a certificate request payload in order to get a certificate in return. .TP -.BR leftsourceip " = %config | %cfg | %modeconfig | %modecfg | <ip address>" -The internal source IP to use in a tunnel, also known as virtual IP. If the -value is one of the synonyms +.BR leftsourceip " = %config4 | %config6 | <ip address>" +Comma separated list of internal source IPs to use in a tunnel, also known as +virtual IP. If the value is one of the synonyms .BR %config , .BR %cfg , .BR %modeconfig , or .BR %modecfg , -an address is requested from the peer. +an address (from the tunnel address family) is requested from the peer. .TP .BR rightsourceip " = %config | <network>/<netmask> | %poolname" -The internal source IP to use in a tunnel for the remote peer. If the -value is +Comma separated list of internal source IPs to use in a tunnel for the remote +peer. If the value is .B %config on the responder side, the initiator must propose an address which is then echoed back. Also supported are address pools expressed as |