The available IPSec implementation supports a wide range of additional settings which can be used to adjust the behavior and security. The samples in this guide only highlight the basics.
Below is a list of some additional settings which can be used.
|IKE encryption/authentication algorithm to be used for the connection
IKEv2 (RFC 7296) settings to be used.
|Set the delay (in time units, defaults to seconds) between Dead Peer Detection or IKEv2 Liveness keepalives that are sent for this connection (default 0 seconds). If dpddelay is set, dpdtimeout also needs to be set.
|Set the length of time that we will idle without hearing back from our peer.
|how long a particular instance of a connection should last, from successful negotiation to expiry (default 8h, maximum 24h). Normally, the connection is renegotiated (via the keying channel) before it expires.
|Set the metric for the routes to the ipsecX or mastX interface.