From: Tobias Brunner Date: Tue, 10 Feb 2015 17:29:41 +0000 (+0100) Subject: man: Document IKEv2 fragmentation in ipsec.conf(5) X-Git-Tag: 5.3.0dr1~85 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aaf9911aebc05ae3181ae4d8ef1d35bed6a92e91;p=thirdparty%2Fstrongswan.git man: Document IKEv2 fragmentation in ipsec.conf(5) --- diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 1c5ac00150..f84e3313ec 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -446,19 +446,20 @@ This may help to surmount restrictive firewalls. In order to force the peer to encapsulate packets, NAT detection payloads are faked. .TP .BR fragmentation " = yes | force | " no -whether to use IKE fragmentation (proprietary IKEv1 extension). Acceptable -values are +whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2 +fragmentation as per RFC 7383). Acceptable values are .BR yes , .B force and .B no -(the default). Fragmented messages sent by a peer are always accepted +(the default). Fragmented IKE messages sent by a peer are always accepted irrespective of the value of this option. If set to .BR yes , and the peer supports it, larger IKE messages will be sent in fragments. If set to .B force -the initial IKE message will already be fragmented if required. +(only supported for IKEv1) the initial IKE message will already be fragmented +if required. .TP .BR ike " = " comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms