Added CDP support to mem_cred

[strongswan.git] / README

diff --git a/README b/README
index 625243c..1d186af 100644 (file)
--- a/README
+++ b/README
@@ -81,7 +81,7 @@ Contents
 strongSwan is an OpenSource IPsec solution for the Linux operating system
 and currently supports the following features:
 
-  * runs both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels.
+  * runs on Linux 2.6 (native IPsec) kernels.
 
   * strong 3DES, AES, Serpent, Twofish, or Blowfish encryption.
 
@@ -1505,12 +1505,16 @@ any certificates to the other end via the IKE Main Mode protocol. Especially
 if self-signed certificates are used which wouldn't be accepted any way by
 the other side. In these cases it is recommended to add
 
-          leftsendcert=never
+    leftsendcert=never
 
 to the connection definition[s] in order to avoid the sending of the host's
 own certificate. The default value is
 
-    leftsendcert=always.
+    leftsendcert=ifasked
+
+If a peer does not send a certificate request then use the setting
+
+    leftsendcert=always
 
 If a peer certificate contains a subjectAltName extension, then an alternative
 rightid type can be used, as the example "conn sun" shows. If no rightid
@@ -2652,9 +2656,6 @@ with the line
 
 and can be used when the following prerequisites are fulfilled:
 
-  - Linux 2.4.x kernel, KLIPS IPsec stack, and arbitrary iptables version.
-    Filtering of tunneled traffic is based on ipsecN interfaces.
-
   - Linux 2.6.16 kernel or newer, native NETKEY IPsec stack, and
     iptables-1.3.5 or newer. Filtering of tunneled traffic is based on
     IPsec policy matching rules.
@@ -3118,7 +3119,7 @@ by the pluto/xauth.h header file.
                       Copyright (c) 2000, Kai Martius
 
                   X.509, OCSP and smartcard functionality:
-�
+
   Copyright (c) 2000, Andreas Hess, Patric Lichtsteiner, Roger Wegmann
   Copyright (c) 2001, Marco Bertossa, Andreas Schleiss
   Copyright (c) 2002, Uli Galizzi, Ariane Seiler, Mario Strasser