man: Update description of the actions performed for different dpdaction values

For instance, charon does not unroute `auto=route` connections with `dpdaction=clear`.
author: Tobias Brunner <tobias@strongswan.org> 2015-11-18 14:51:13 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2015-11-18 14:55:15 +0100
commit: 45c5b992e04a6b25c29c4f5fbe0d4934876d8a07 (patch)
tree: 6f63470ba7d73e498ee5c3c71d58d569e63ebf64 /man
parent: 5461efe7b90f83099c42c8b922d6917a6c1757b6 (diff)
download: strongswan-45c5b992e04a6b25c29c4f5fbe0d4934876d8a07.tar.bz2
strongswan-45c5b992e04a6b25c29c4f5fbe0d4934876d8a07.tar.xz
1 files changed, 8 insertions, 7 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 6ddb05728..61804c8b3 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -349,13 +349,14 @@ liveliness of the IPsec peer. The values
 .BR hold ,
 and
 .B restart
-all activate DPD. If no activity is detected, all connections with a dead peer
-are stopped and unrouted
-.RB ( clear ),
-put in the hold state
-.RB ( hold )
-or restarted
-.RB ( restart ).
+all activate DPD and determine the action to perform on a timeout. With
+.B clear
+the connection is closed with no further actions taken.
+.B hold
+installs a trap policy, which will catch matching traffic and tries to
+re-negotiate the connection on demand.
+.B restart
+will immediately trigger an attempt to re-negotiation the connection.
 The default is
 .B none
 which disables the active sending of DPD messages.
author	Tobias Brunner <tobias@strongswan.org>	2015-11-18 14:51:13 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2015-11-18 14:55:15 +0100
commit	45c5b992e04a6b25c29c4f5fbe0d4934876d8a07 (patch)
tree	6f63470ba7d73e498ee5c3c71d58d569e63ebf64 /man
parent	5461efe7b90f83099c42c8b922d6917a6c1757b6 (diff)
download	strongswan-45c5b992e04a6b25c29c4f5fbe0d4934876d8a07.tar.bz2 strongswan-45c5b992e04a6b25c29c4f5fbe0d4934876d8a07.tar.xz