From: Tobias Brunner Date: Tue, 25 Sep 2012 10:22:05 +0000 (+0200) Subject: Added description for flush_auth_cfg and acct_port plus some minor editorial changes X-Git-Tag: 5.0.1~41 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=358104a47f18415aeedf38e2ba1ee17a1b40227e;p=thirdparty%2Fstrongswan.git Added description for flush_auth_cfg and acct_port plus some minor editorial changes --- diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index 73d92b35d3..217d7d739b 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -159,7 +159,10 @@ Enable Denial of Service protection using cookies and aggressiveness checks Section to define file loggers, see LOGGER CONFIGURATION .TP .BR charon.flush_auth_cfg " [no]" - +If enabled objects used during authentication (certificates, identities etc.) +are released to free memory once an IKE_SA is established. +Enabling this might conflict with plugins that later need access to e.g. the +used certificates. .TP .BR charon.half_open_timeout " [30]" Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING). @@ -204,10 +207,11 @@ If not specified the addresses will be installed on the outbound interface. .TP .BR charon.interfaces_ignore A comma-separated list of network interfaces that should be ignored, if -charon.interfaces_use is specified this option has no effect. +.B charon.interfaces_use +is specified this option has no effect. .TP .BR charon.interfaces_use -A comma-separated list of network interfaces that sould be used by charon. +A comma-separated list of network interfaces that should be used by charon. All other interfaces are ignored. .TP .BR charon.keep_alive " [20s]" @@ -391,7 +395,6 @@ Start phase2 EAP TNC protocol after successful client authentication .TP .BR charon.plugins.eap-peap.request_peer_auth " [no]" Request peer authentication based on a client certificate - .TP .BR charon.plugins.eap-radius.accounting " [no]" Send RADIUS accounting information to RADIUS servers. @@ -439,7 +442,9 @@ name or attribute number, a colon can be used to specify vendor-specific attributes, e.g. Reply-Message, or 11, or 36906:12). .TP .BR charon.plugins.eap-radius.forward.radius_to_ike -Same as charon.plugins.eap-radius.forward.ike_to_radius but from RADIUS to +Same as +.B charon.plugins.eap-radius.forward.ike_to_radius +but from RADIUS to IKEv2, a strongSwan specific private notify (40969) is used to transmit the attributes. .TP @@ -466,10 +471,15 @@ Section to specify multiple RADIUS servers. The .B sockets and .B port +(or +.BR auth_port ) options can be specified for each server. A server's IP/Hostname can be configured using the .B address -option. For each RADIUS server a priority can be specified using the +option. The +.BR acct_port " [1813]" +option can be used to specify the port used for RADIUS accounting. +For each RADIUS server a priority can be specified using the .BR preference " [0]" option. .TP