Hi Jessie, the keep-alive interval can actually be configured, although, not on a per-connection basis, by setting the charon.keep_alive option in strongswan.conf. Regarding the IPsecWindowSize option, keep in mind that the maximum window size currently supported by the Linux kernel is 32, which is what strongSwan configures, by default.
As for adding options to ipsec.conf, you would have to change quite a lot of code. First there is the parsing in starter, then you would have to add the options to stroke and to one of the config objects in libcharon and then finally use them wherever appropriate, which would probably require additional changes (e.g. additional parameters in the kernel interface). Therefore, for daemon wide options it's a lot easier to just add them to strongswan.conf, which basically means you read the options wherever you actually need them. As an example, you can see how charon.keep_alive is read and used in src/libcharon/sa/ike_sa.c. Regards, Tobias Jessie Liu wrote: > Hi all, > I'd like to add setting the two parameters NATTKeepaliveTimer and > IPsecWindowSize in ipsec.conf. Which section should I add the two > parameters, such as "conn" part of ipsec.conf ? I want to modify source > codes to fit the configurations, but I have no idea which section I > should add. > The two parameters could be different with each connection? Thanks very > much. > > > > B.R. > Jessie _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users