setup-retries (integer): max number of times to transmit a key negotiation
packet [5]
setup-timeout (integer): time between retransmissions of key negotiation
- packets, in ms [1000]
+ packets, in ms [2000]
wait-time (integer): after failed key setup, wait this long (in ms) before
allowing another attempt [20000]
renegotiate-time (integer): if we see traffic on the link after this time
- then renegotiate another session key immediately [depends on key-lifetime]
- keepalive (bool): if True then attempt always to keep a valid session key
+ then renegotiate another session key immediately (in ms)
+ [half key-lifetime, or key-lifetime minus 5 mins, whichever is longer].
+ keepalive (bool): if True then attempt always to keep a valid session key.
+ Not actually currently implemented. [false]
log-events (string list): types of events to log for this site
unexpected: unexpected key setup packets (may be late retransmissions)
setup-init: start of attempt to setup a session key
null-netlink: dict argument
name (string): name for netlink device, used in log messages
networks (string list): networks on the host side of the netlink device
- exclude-remote-networks (string list): networks that may never be claimed
- by any remote site using this netlink device
+ remote-networks (string list): networks that may be claimed
+ by the remote site using this netlink device
local-address (string): IP address of host's tunnel interface
secnet-address (string): IP address of this netlink device
ptp-address (string): IP address of the other end of a point-to-point link
options (string list):
allow-route: allow packets coming from this tunnel to be routed to
other tunnels as well as the host (used for mobile devices like laptops)
- soft-route: remove these routes from the host's routing table when
+ soft: remove these routes from the host's routing table when
the tunnel link quality is zero
mtu (integer): default MTU over this link; may be updated by tunnel code
~ianmdlvl / secnet.git / blobdiff