persistent keepalive: use authenticated keepalives

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2016-07-08 20:34:32 +02:00
parent 2fd253ff1f
commit 46a6bf3a52

View file

@ -68,12 +68,12 @@ public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP
is specified, but the value is the empty string, all allowed ips are removed is specified, but the value is the empty string, all allowed ips are removed
from the peer. The use of \fIpersistent-keepalive\fP is optional and is by from the peer. The use of \fIpersistent-keepalive\fP is optional and is by
default off; setting it to 0 or "off", disables it. Otherwise it represents, default off; setting it to 0 or "off", disables it. Otherwise it represents,
in seconds, between 10 and 3600 inclusive, how often to send an empty UDP in seconds, between 10 and 3600 inclusive, how often to send an authenticated
packet to the peer, for the purpose of keeping a stateful firewall or NAT empty packet to the peer, for the purpose of keeping a stateful firewall or NAT
mapping valid persistently. For example, if the interface very rarely sends mapping valid persistently. For example, if the interface very rarely sends
traffic, but it might at anytime receive traffic from a peer, and it is behind traffic, but it might at anytime receive traffic from a peer, and it is behind
NAT, the interface might benefit from having a persistent keepalive interval NAT, the interface might benefit from having a persistent keepalive interval
of 25 seconds. of 25 seconds; however, most users will not need this.
.TP .TP
\fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP \fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
Sets the current configuration of \fI<interface>\fP to the contents of Sets the current configuration of \fI<interface>\fP to the contents of
@ -143,12 +143,12 @@ source IP address and port of correctly authenticated packets from the peer.
Optional. Optional.
.IP \(bu .IP \(bu
PersistentKeepalive \(em a seconds interval, between 10 and 3600 inclusive, of PersistentKeepalive \(em a seconds interval, between 10 and 3600 inclusive, of
how often to send an empty UDP packet to the peer for the purpose of keeping a how often to send an authenticated empty packet to the peer for the purpose of keeping a
stateful firewall or NAT mapping valid persistently. For example, if the interface stateful firewall or NAT mapping valid persistently. For example, if the interface
very rarely sends traffic, but it might at anytime receive traffic from a peer, very rarely sends traffic, but it might at anytime receive traffic from a peer,
and it is behind NAT, the interface might benefit from having a persistent keepalive and it is behind NAT, the interface might benefit from having a persistent keepalive
interval of 25 seconds. If set to 0 or "off", this option is disabled. By default or interval of 25 seconds. If set to 0 or "off", this option is disabled. By default or
when unspecified, this option is off. Optional. when unspecified, this option is off. Most users will not need this. Optional.
.SH CONFIGURATION FILE FORMAT EXAMPLE .SH CONFIGURATION FILE FORMAT EXAMPLE
This example may be used as a model for writing configuration files. This example may be used as a model for writing configuration files.