diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | man/ipsec.conf.5.in | 6 |
2 files changed, 9 insertions, 0 deletions
@@ -4,6 +4,9 @@ strongswan-4.5.3 - IMC/IMV test pair implementing the RFC 5792 PA-TNC (IF-M) protocol. (--enable-imc-test/--enable-imv-test). +- The IKEv2 close action does not use the same value as the ipsec.conf dpdaction + setting, but the value defined by its own closeaction keyword. The action + is triggered if the remote peer closes a CHILD_SA unexpectedly. strongswan-4.5.2 ---------------- diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 0390f0760..c80ad7fbf 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -367,6 +367,12 @@ See .IR strongswan.conf (5) for a description of the IKEv2 retransmission timeout. .TP +.BR closeaction " = " none " | clear | hold | restart" +defines the action to take if the remote peer unexpectedly closes a CHILD_SA +(IKEv2 only, see dpdaction for meaning of values). A closeaction should not be +used if the peer uses reauthentication or uniquids checking, as these events +might trigger a closeaction when not desired. +.TP .BR inactivity " = <time>" defines the timeout interval, after which a CHILD_SA is closed if it did not send or receive any traffic. Currently supported in IKEv2 connections only. |