CONFIG IPSEC UPDATE

Level

vpn,modify

History

Appears in 9.0.0
CRLrequired appears in 9.0.1
cfg_domain appears in 9.0.1
DoSProtection appears in 2.3.0
CookieThreshold appears in 2.3.0
BlockThreshold appears in 2.3.0
RetransmitTries appears in 2.3.0
RetransmitTimeout appears in 2.3.0
RetransmitBase appears in 2.3.0
MakeBeforeBreak appears in 3.0.0
NATKeepalive appears in 3.0.0
FragmentSize appears in 3.2.0
IKEDaemon appears in 3.3.0
PMTUD appears in 3.11.0 UniqueIDs appears in 3.11.17

Description

Update global information about a slot

Usage

slot=<1-10> [cfg_dns=<host>] [cfg_domain=<domain1,domain2,...>] [useoldsa=<0|1>] [retry=<num>] [interval=<num>] [ph1delay=<num>] [ph2delay=<num>] [bindall=<0|1>] [certNID=<num>] [LdapField=<str>] [CRLrequired=<0|1>] [UACServCert=<0|1>] [DoSProtection=<0|1>] [CookieThreshold=<num>] [BlockThreshold=<num>] [RetransmitTries=<num>] [RetransmitTimeout=<num>] [RetransmitBase=<float>] [MakeBeforeBreak=<0|1>] [NATKeepalive=<num>] [FragmentSize=<num>] [IKEDaemon=<auto|charon|racoon>] [BypassLocalTraffic=<0|1>] [global=<0|1>] [PMTUD=<0|1|2>] [UniqueIDs=<yes|no|never>]
- cfg_domain: 32 domains max
- RetransmitBase: min is 1
- NATKeepalive: period in seconds between keepalive packets when NAT is detected (0 to disable)
- FragmentSize: min is 512
- BypassLocalTraffic: set to 1 to generate a bypass policy for each local IP addresses that are included in the remote IP addresses
- CRLRequired: certificate is checked with OCSP if available and CRL if needed. If all checks failed, no tunnel is negociated
- PMTUD: 0 to disable IPsec dfbit, 1 to force dfbit, 2 to enable dfbit if dfbit is set on clear traffic - UniqueIDs: Whether to keep participant IDs unique. yes to use INITIAL_CONTACT notifies both ways, no to handle incoming INITIAL_CONTACT notifies only, never to ignore INITIAL_CONTACT notifies

Example

CONFIG IPSEC UPDATE slot=01 dnscfg=host5