Use a connection specific option to en-/disable IKEv1 fragmentation

2 files changed, 10 insertions, 5 deletions

diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 303fb78fa..01c7c3848 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -403,6 +403,16 @@ force UDP encapsulation for ESP packets even if no NAT situation is detected.
 This may help to surmount restrictive firewalls. In order to force the peer to
 encapsulate packets, NAT detection payloads are faked.
 .TP
+.BR fragmentation " = yes | " no
+whether to use IKE fragmentation (proprietary IKEv1 extension).  Acceptable
+values are
+.B yes
+and
+.B no
+(the default). Fragmented messages sent by a peer are always accepted
+irrespective of the value of this option. If enabled, and the peer supports it,
+larger IKE messages will be sent in fragments.
+.TP
 .BR ike " = <cipher suites>"
 comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms
 to be used, e.g.
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index 14caccb3a..8000951ab 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -178,11 +178,6 @@ openly transmitted hash of the PSK)
 .BR charon.ignore_routing_tables
 A space-separated list of routing tables to be excluded from route lookups
 .TP
-.BR charon.ike_fragmentation " [no]"
-Enables IKE fragmentation (proprietary IKEv1 extension). Fragmented messages
-are always accepted irrespective of the value of this option. If the peer
-supports it larger messages will be sent in fragments.
-.TP
 .BR charon.ikesa_table_segments " [1]"
 Number of exclusively locked segments in the hash table
 .TP