List of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config

If the default of yes is used, Mode Config works in pull mode, where the initiator actively requests a virtual IP

XFRM interface ID set on inbound policies/SA, can be overridden by child config, see there for details

XFRM interface ID set on outbound policies/SA, can be overridden by child config, see there for details

Time to schedule IKE reauthentication

IKE rekeying refreshes key material using a Diffie-Hellman exchange, but does not re-check associated credentials

Interval to check the liveness of a peer actively using IKEv2 INFORMATIONAL exchanges or IKEv1 R_U_THERE messages

Time range from which to choose a random value to subtract from rekey/reauth times

Number of retransmission sequences to perform during initial connect

A proposal is a set of algorithms

CHILD_SA configuration sub-section

List of named IP pools to allocate virtual IP addresses and other configuration attributes from

Local address(es) to use for IKE communication

Remote address(es) to use for IKE communication