From 0a954d678979624806a2d250208530291da34e32 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 1 Jun 2016 12:18:56 +0200
Subject: ike: Add configuration option to switch to preferring supplied
 proposals over local ones

---
 conf/options/charon.opt | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'conf')

diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 86279ec83..3970012d2 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -253,6 +253,11 @@ charon.port_nat_t = 4500
 	allocated.  Has to be different from **charon.port**, otherwise a random
 	port will be allocated.
 
+charon.prefer_configured_proposals = yes
+	Prefer locally configured proposals for	IKE/IPsec over supplied ones as
+	responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD
+	notifies).
+
 charon.prefer_temporary_addrs = no
 	By default public IPv6 addresses are preferred over temporary ones (RFC
 	4941), to make connections more stable. Enable this option to reverse this.
-- 
cgit v1.2.3