diff options
Diffstat (limited to 'man/ipsec.conf.5.in')
| -rw-r--r-- | man/ipsec.conf.5.in | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 9a789acef..60b6d173c 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -409,12 +409,20 @@ comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g. .BR aes128-sha256 . The notation is -.BR encryption-integrity-[dh-group] . +.BR encryption-integrity[-dhgroup][-esnmodes] . .br If .B dh-group is specified, CHILD_SA setup and rekeying include a separate diffe hellman -exchange (IKEv2 only). +exchange (IKEv2 only). Valid +.B esnmodes +(IKEv2 only) are +.B esn +and +.B noesn. +Specifying both negotiates Extended Sequence number support with the peer, +the defaut is +.B noesn. .TP .BR forceencaps " = yes | " no force UDP encapsulation for ESP packets even if no NAT situation is detected. |