X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=README;h=962755e2ae9775c88344e6df0fb17ebcf2866eee;hp=84bb3921b2bca567b929aafe0fc9c579e27fdaf0;hb=fd324867176088af7465146fe2ed272371782b65;hpb=b92d8e17fc23b0c034a2db47951d9fb2b2b1cbbf

diff --git a/README b/README
index 84bb392..962755e 100644
--- a/README
+++ b/README
@@ -319,6 +319,9 @@ site: dict argument
     their contact addresses might both change at once. [false]
   mobile-peers-max (integer): Maximum number of peer port/addr pairs we
     remember and send to.  Must be at least 1 and no more than 5.  [3]
+  static-peers-max (integer): Maximum number of peer port/addr pairs
+    we can try for a static site.  Must be at least 1 and no more
+    than 5.  [3]
   mobile-peer-expiry (integer): For "mobile" peers only, the length
     of time (in seconds) for which we will keep sending to multiple
     address/ports from which we have not seen incoming traffic. [120]
@@ -329,6 +332,19 @@ site: dict argument
     check that there are no links both ends of which are allegedly
     mobile (which is not supported, so those links are ignored) and
     to change some of the tuning parameter defaults. [false]
+  mtu-target (integer): Desired value of the inter-site MTU for this
+    peering.  This value will be advertised to the peer (which ought
+    to affect incoming packets), and if the peer advertises an MTU its
+    value will be combined with this setting to compute the inter-site
+    MTU.  (secnet will still accept packets which exceed the
+    (negotiated or assumed) inter-site MTU.)  Setting a lower
+    inter-site MTU can be used to try to restrict the sizes of the
+    packets sent over the underlying public network (e.g. to work
+    around network braindamage).  It is not normally useful to set a
+    larger value for mtu-target than the VPN's general MTU (which
+    should be reflected in the local private interface MTU, ie the mtu
+    parameter to netlink).  If this parameter is not set, or is set
+    to 0, the default is to use the local private link mtu.
 
 Links involving mobile peers have some different tuning parameter
 default values, which are generally more aggressive about retrying key
@@ -336,7 +352,12 @@ setup but more relaxed about using old keys.  These are noted with
 "mobile:", above, and apply whether the mobile peer is local or
 remote.
 
-** transform
+** transform-eax
+
+Defines:
+   eax-serpent (closure => transform closure)
+
+** transform-cbcmac
 
 Defines:
   serpent256-cbc (closure => transform closure)
@@ -370,7 +391,7 @@ a netlink closure:
       other tunnels as well as the host (used for mobile devices like laptops)
     soft: remove these routes from the host's routing table when
       the tunnel link quality is zero
-  mtu (integer): default MTU over this link; may be updated by tunnel code
+  mtu (integer): MTU of host's tunnel interface
 
 Netlink will dump its current routing table to the system/log on
 receipt of SIGUSR1.