The available IPSec implementation supports a wide range of additional settings which can be used to adjust the behavior and security. The samples in this guide only highlight the basics.
Below is a list of some additional settings which can be used.
|ike||aes256-sha2;dh21||IKE encryption/authentication algorithm to be used for the connection|
IKEv2 (RFC 7296) settings to be used.
|dpddelay||2||Set the delay (in time units, defaults to seconds) between Dead Peer Detection or IKEv2 Liveness keepalives that are sent for this connection (default 0 seconds). If dpddelay is set, dpdtimeout also needs to be set.|
|dpdtimeout||6||Set the length of time that we will idle without hearing back from our peer.|
|salifetime||24h||how long a particular instance of a connection should last, from successful negotiation to expiry (default 8h, maximum 24h). Normally, the connection is renegotiated (via the keying channel) before it expires.|
|ikelifetime|| || |
|metric||100||Set the metric for the routes to the ipsecX or mastX interface.|