diff options
author | Tobias Brunner <tobias@strongswan.org> | 2015-02-10 18:29:41 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2015-02-10 18:38:54 +0100 |
commit | aaf9911aebc05ae3181ae4d8ef1d35bed6a92e91 (patch) | |
tree | 079ce91658f8fbe9abf6f60735d1905658b9c999 /man/ipsec.conf.5.in | |
parent | 482810141cdf7196e5dc5d30eb734de3584a6ba4 (diff) | |
download | strongswan-aaf9911aebc05ae3181ae4d8ef1d35bed6a92e91.tar.bz2 strongswan-aaf9911aebc05ae3181ae4d8ef1d35bed6a92e91.tar.xz |
man: Document IKEv2 fragmentation in ipsec.conf(5)
Diffstat (limited to 'man/ipsec.conf.5.in')
-rw-r--r-- | man/ipsec.conf.5.in | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 1c5ac0015..f84e3313e 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -446,19 +446,20 @@ This may help to surmount restrictive firewalls. In order to force the peer to encapsulate packets, NAT detection payloads are faked. .TP .BR fragmentation " = yes | force | " no -whether to use IKE fragmentation (proprietary IKEv1 extension). Acceptable -values are +whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2 +fragmentation as per RFC 7383). Acceptable values are .BR yes , .B force and .B no -(the default). Fragmented messages sent by a peer are always accepted +(the default). Fragmented IKE messages sent by a peer are always accepted irrespective of the value of this option. If set to .BR yes , and the peer supports it, larger IKE messages will be sent in fragments. If set to .B force -the initial IKE message will already be fragmented if required. +(only supported for IKEv1) the initial IKE message will already be fragmented +if required. .TP .BR ike " = <cipher suites>" comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms |