aboutsummaryrefslogtreecommitdiffstats
path: root/conf/options/charon.opt
diff options
context:
space:
mode:
Diffstat (limited to 'conf/options/charon.opt')
-rw-r--r--conf/options/charon.opt10
1 files changed, 10 insertions, 0 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index a5f03f272..3593c6a5f 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -75,6 +75,16 @@ charon.delete_rekeyed = no
However, this might cause problems with implementations that continue to
use rekeyed SAs until they expire.
+charon.delete_rekeyed_delay = 5
+ Delay in seconds until inbound IPsec SAs are deleted after rekeyings (IKEv2
+ only).
+
+ Delay in seconds until inbound IPsec SAs are deleted after rekeyings (IKEv2
+ only). To process delayed packets the inbound part of a CHILD_SA is kept
+ installed up to the configured number of seconds after it got replaced
+ during a rekeying. If set to 0 the CHILD_SA will be kept installed until it
+ expires (if no lifetime is set it will be destroyed immediately).
+
charon.dh_exponent_ansi_x9_42 = yes
Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
strength.
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 11:47:45 +0000