Updated ipsec.conf.5 with new ESN options

author Martin Willi <martin@revosec.ch>

Mon, 18 Apr 2011 14:11:40 +0000 (16:11 +0200)

committer Martin Willi <martin@revosec.ch>

Wed, 20 Apr 2011 10:26:58 +0000 (12:26 +0200)
author Martin Willi <martin@revosec.ch>
Mon, 18 Apr 2011 14:11:40 +0000 (16:11 +0200)
committer Martin Willi <martin@revosec.ch>
Wed, 20 Apr 2011 10:26:58 +0000 (12:26 +0200)
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in

index 9a789ac..60b6d17 100644 (file)
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -409,12 +409,20 @@ comma-separated list of ESP encryption/authentication algorithms to be used
  for the connection, e.g.
  .BR aes128-sha256 .
  The notation is
-.BR encryption-integrity-[dh-group] .
+.BR encryption-integrity[-dhgroup][-esnmodes] .
  .br
  If
  .B dh-group
  is specified, CHILD_SA setup and rekeying include a separate diffe hellman
-exchange (IKEv2 only).
+exchange (IKEv2 only). Valid
+.B esnmodes
+(IKEv2 only) are
+.B esn
+and
+.B noesn.
+Specifying both negotiates Extended Sequence number support with the peer,
+the defaut is
+.B noesn.
  .TP
  .BR forceencaps " = yes | " no
  force UDP encapsulation for ESP packets even if no NAT situation is detected.
author	Martin Willi <martin@revosec.ch>
	Mon, 18 Apr 2011 14:11:40 +0000 (16:11 +0200)
committer	Martin Willi <martin@revosec.ch>
	Wed, 20 Apr 2011 10:26:58 +0000 (12:26 +0200)