Use a connection specific option to en-/disable IKEv1 fragmentation

author: Tobias Brunner <tobias@strongswan.org> 2012-12-24 12:28:01 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2012-12-24 13:00:01 +0100
commit: 97973f860924e4472be9c842c34843cd95680642 (patch)
tree: c38e905182a7b5979fdb7848f3cf35635006544e /man/ipsec.conf.5.in
parent: e645c15b9c918303134b1be63d67dacf51e1945b (diff)
download: strongswan-97973f860924e4472be9c842c34843cd95680642.tar.bz2
strongswan-97973f860924e4472be9c842c34843cd95680642.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 303fb78fa..01c7c3848 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -403,6 +403,16 @@ force UDP encapsulation for ESP packets even if no NAT situation is detected.
 This may help to surmount restrictive firewalls. In order to force the peer to
 encapsulate packets, NAT detection payloads are faked.
 .TP
+.BR fragmentation " = yes | " no
+whether to use IKE fragmentation (proprietary IKEv1 extension).  Acceptable
+values are
+.B yes
+and
+.B no
+(the default). Fragmented messages sent by a peer are always accepted
+irrespective of the value of this option. If enabled, and the peer supports it,
+larger IKE messages will be sent in fragments.
+.TP
 .BR ike " = <cipher suites>"
 comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms
 to be used, e.g.
author	Tobias Brunner <tobias@strongswan.org>	2012-12-24 12:28:01 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2012-12-24 13:00:01 +0100
commit	97973f860924e4472be9c842c34843cd95680642 (patch)
tree	c38e905182a7b5979fdb7848f3cf35635006544e /man/ipsec.conf.5.in
parent	e645c15b9c918303134b1be63d67dacf51e1945b (diff)
download	strongswan-97973f860924e4472be9c842c34843cd95680642.tar.bz2 strongswan-97973f860924e4472be9c842c34843cd95680642.tar.xz