CONFIG IPSEC UPDATE

Level

vpn+modify

History

Appears in 9 0 0
CRLrequired appears in 9 0 1
cfg_domain appears in 9 0 1
DoSProtection appears in 2 3 0
CookieThreshold appears in 2 3 0
BlockThreshold appears in 2 3 0
RetransmitTries appears in 2 3 0
RetransmitTimeout appears in 2 3 0
RetransmitBase appears in 2 3 0
MakeBeforeBreak appears in 3 0 0
NATKeepalive appears in 3 0 0
FragmentSize appears in 3 2 0
IKEDaemon appears in 3 3 0

Description

Update global information about a slot

Usage

slot=<1-10> [cfg_dns=<host>] [cfg_domain=<domain1,domain2, >] [useoldsa=<0|1>] [retry=<num>] [interval=<num>] [ph1delay=<num>] [ph2delay=<num>] [bindall=<0|1>] [certNID=<num>] [LdapField=<str>] [CRLrequired=<0|1>] [UACServCert=<0|1>] [DoSProtection=<0|1>] [CookieThreshold=<num>] [BlockThreshold=<num>] [RetransmitTries=<num>] [RetransmitTimeout=<num>] [RetransmitBase=<float>] [MakeBeforeBreak=<0|1>] [NATKeepalive=<num>] [FragmentSize=<num>] [IKEDaemon=<auto|charon|racoon>] [BypassLocalTraffic=<0|1>] [global=<0|1>]
- cfg_domain: 32 domains max
- RetransmitBase: min is 1
- NATKeepalive: period in seconds between keepalive packets when NAT is detected (0 to disable)
- FragmentSize: min is 512
- BypassLocalTraffic: set to 1 to generate a bypass policy for each local IP addresses that are included in the remote IP addresses
- CRLRequired: certificate is checked with OCSP if available and CRL if needed If all checks failed, no tunnel is negociated

Example

CONFIG IPSEC UPDATE slot=01 dnscfg=host5