diff options
author | Martin Willi <martin@revosec.ch> | 2011-04-18 16:11:40 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2011-04-20 12:26:58 +0200 |
commit | 378219546c0846157cbc01e08089f93343f263cd (patch) | |
tree | 8cce812ad68c4c4f92bc7e9b79c3554687456926 /man | |
parent | d3d21c29db4592e8588bd3e73dfae2792bd393cd (diff) | |
download | strongswan-378219546c0846157cbc01e08089f93343f263cd.tar.bz2 strongswan-378219546c0846157cbc01e08089f93343f263cd.tar.xz |
Updated ipsec.conf.5 with new ESN options
Diffstat (limited to 'man')
-rw-r--r-- | man/ipsec.conf.5.in | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 9a789acef..60b6d173c 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -409,12 +409,20 @@ comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g. .BR aes128-sha256 . The notation is -.BR encryption-integrity-[dh-group] . +.BR encryption-integrity[-dhgroup][-esnmodes] . .br If .B dh-group is specified, CHILD_SA setup and rekeying include a separate diffe hellman -exchange (IKEv2 only). +exchange (IKEv2 only). Valid +.B esnmodes +(IKEv2 only) are +.B esn +and +.B noesn. +Specifying both negotiates Extended Sequence number support with the peer, +the defaut is +.B noesn. .TP .BR forceencaps " = yes | " no force UDP encapsulation for ESP packets even if no NAT situation is detected. |