CONFIG IPSEC UPDATE

Level

vpn+modify

History

Appears in 9.0.0
CRLrequired appears in 9.0.1
cfg_domain appears in 9.0.1
DoSProtection appears in 2.3.0
CookieThreshold appears in 2.3.0
BlockThreshold appears in 2.3.0
RetransmitTries appears in 2.3.0
RetransmitTimeout appears in 2.3.0
RetransmitBase appears in 2.3.0
MakeBeforeBreak appears in 3.0.0
NATKeepalive appears in 3.0.0
FragmentSize appears in 3.2.0
IKEDaemon appears in 3.3.0

Description

Update global information about a slot

Usage

slot=<1-10> [cfg_dns=<host>] [cfg_domain=<domain1,domain2,...>] [useoldsa=<0|1>] [retry=<num>] [interval=<num>] [ph1delay=<num>] [ph2delay=<num>] [bindall=<0|1>] [certNID=<num>] [LdapField=<str>] [CRLrequired=<0|1>] [UACServCert=<0|1>] [DoSProtection=<0|1>] [CookieThreshold=<num>] [BlockThreshold=<num>] [RetransmitTries=<num>] [RetransmitTimeout=<num>] [RetransmitBase=<float>] [MakeBeforeBreak=<0|1>] [NATKeepalive=<num>] [FragmentSize=<num>] [IKEDaemon=<auto|charon|racoon>] [BypassLocalTraffic=<0|1>] [global=<0|1>]
- cfg_domain: 32 domains max
- RetransmitBase: min is 1
- NATKeepalive: period in seconds between keepalive packets when NAT is detected (0 to disable)
- FragmentSize: min is 512
- BypassLocalTraffic: set to 1 to generate a bypass policy for each local IP addresses that are included in the remote IP addresses
- CRLRequired: certificate is checked with OCSP if available and CRL if needed. If all checks failed, no tunnel is negociated

Example

CONFIG IPSEC UPDATE slot=01 dnscfg=host5