Showing entries 1-38 out of 38.
Enables Aggressive Mode instead of Main Mode with Identity Protection
Use childless IKE_SA initiation (allow, prefer, force or never).Use childless IKE_SA initiation (R…
CHILD_SA configuration sub-section
Interval to check the liveness of a peer actively using IKEv2 INFORMATIONAL exchanges or IKEv1 R_U…
Charon by default uses the normal retransmission mechanism and timeouts to check the liveness of a…
Differentiated Services Field Codepoint to set on outgoing IKE packets for this connection
To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the NAT detection payloads
Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2 fragmentation)
XFRM interface ID set on inbound policies/SA, can be overridden by child config, see there for det…
XFRM interface ID set on outbound policies/SA, can be overridden by child config, see there for de…
Number of retransmission sequences to perform during initial connect
Section for a local authentication round
Local address(es) to use for IKE communication
Local UDP port for IKE communication
The name of the connection to mediate this connection through
Whether this connection is a mediation connection, that is, whether this connection is used to med…
Identity under which the peer is registered at the mediation server, that is, the IKE identity the…
Enables MOBIKE on IKEv2 connections
Hard IKE_SA lifetime if rekey/reauth does not complete, as time
List of named IP pools to allocate virtual IP addresses and other configuration attributes from
String identifying the Postquantum Preshared Key (PPK) to be used
Whether a Postquantum Preshared Key (PPK) is required for this connection
A proposal is a set of algorithms
If the default of yes is used, Mode Config works in pull mode, where the initiator actively reques…
Time range from which to choose a random value to subtract from rekey/reauth times
Time to schedule IKE reauthentication
IKE rekeying refreshes key material using a Diffie-Hellman exchange, but does not re-check associa…
Section for a remote authentication round
Remote address(es) to use for IKE communication
Remote UDP port for IKE communication
Send certificate payloads when using certificate authentication
Send certificate request payloads to offer trusted root CA certificates to the peer
Connection uniqueness policy to enforce
IKE major version to use for connection.1 uses IKEv1 aka ISAKMP,2 uses IKEv2.A connection using th…
List of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config