Updated ipsec.conf.5 with new ESN options

author: Martin Willi <martin@revosec.ch> 2011-04-18 16:11:40 +0200
committer: Martin Willi <martin@revosec.ch> 2011-04-20 12:26:58 +0200
commit: 378219546c0846157cbc01e08089f93343f263cd (patch)
tree: 8cce812ad68c4c4f92bc7e9b79c3554687456926 /man
parent: d3d21c29db4592e8588bd3e73dfae2792bd393cd (diff)
download: strongswan-378219546c0846157cbc01e08089f93343f263cd.tar.bz2
strongswan-378219546c0846157cbc01e08089f93343f263cd.tar.xz
1 files changed, 10 insertions, 2 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 9a789acef..60b6d173c 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -409,12 +409,20 @@ comma-separated list of ESP encryption/authentication algorithms to be used
 for the connection, e.g.
 .BR aes128-sha256 .
 The notation is
-.BR encryption-integrity-[dh-group] .
+.BR encryption-integrity[-dhgroup][-esnmodes] .
 .br
 If
 .B dh-group
 is specified, CHILD_SA setup and rekeying include a separate diffe hellman
-exchange (IKEv2 only).
+exchange (IKEv2 only). Valid
+.B esnmodes
+(IKEv2 only) are
+.B esn
+and
+.B noesn.
+Specifying both negotiates Extended Sequence number support with the peer,
+the defaut is
+.B noesn.
 .TP
 .BR forceencaps " = yes | " no
 force UDP encapsulation for ESP packets even if no NAT situation is detected.
author	Martin Willi <martin@revosec.ch>	2011-04-18 16:11:40 +0200
committer	Martin Willi <martin@revosec.ch>	2011-04-20 12:26:58 +0200
commit	378219546c0846157cbc01e08089f93343f263cd (patch)
tree	8cce812ad68c4c4f92bc7e9b79c3554687456926 /man
parent	d3d21c29db4592e8588bd3e73dfae2792bd393cd (diff)
download	strongswan-378219546c0846157cbc01e08089f93343f263cd.tar.bz2 strongswan-378219546c0846157cbc01e08089f93343f263cd.tar.xz