aboutsummaryrefslogtreecommitdiffstats
path: root/man/ipsec.conf.5.in
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2015-02-10 18:29:41 +0100
committerTobias Brunner <tobias@strongswan.org>2015-02-10 18:38:54 +0100
commitaaf9911aebc05ae3181ae4d8ef1d35bed6a92e91 (patch)
tree079ce91658f8fbe9abf6f60735d1905658b9c999 /man/ipsec.conf.5.in
parent482810141cdf7196e5dc5d30eb734de3584a6ba4 (diff)
downloadstrongswan-aaf9911aebc05ae3181ae4d8ef1d35bed6a92e91.tar.bz2
strongswan-aaf9911aebc05ae3181ae4d8ef1d35bed6a92e91.tar.xz
man: Document IKEv2 fragmentation in ipsec.conf(5)
Diffstat (limited to 'man/ipsec.conf.5.in')
-rw-r--r--man/ipsec.conf.5.in9
1 files changed, 5 insertions, 4 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 1c5ac0015..f84e3313e 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -446,19 +446,20 @@ This may help to surmount restrictive firewalls. In order to force the peer to
encapsulate packets, NAT detection payloads are faked.
.TP
.BR fragmentation " = yes | force | " no
-whether to use IKE fragmentation (proprietary IKEv1 extension). Acceptable
-values are
+whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2
+fragmentation as per RFC 7383). Acceptable values are
.BR yes ,
.B force
and
.B no
-(the default). Fragmented messages sent by a peer are always accepted
+(the default). Fragmented IKE messages sent by a peer are always accepted
irrespective of the value of this option. If set to
.BR yes ,
and the peer supports it, larger IKE messages will be sent in fragments.
If set to
.B force
-the initial IKE message will already be fragmented if required.
+(only supported for IKEv1) the initial IKE message will already be fragmented
+if required.
.TP
.BR ike " = <cipher suites>"
comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms