- <dt><code>ipsec_psk</code></dt>
- <dd>Required. Specifies a pre-shared key for authentication
- that must be identical on both sides of the tunnel.</dd>
+ <dt><code>peer_cert</code></dt>
+ <dd>Required for certificate authentication. A string
+ containing the peer's certificate in PEM format.
+ Additionally the host's certificate must be specified
+ with the <code>certificate</code> option.</dd>
+ </dl>
+ <dl>
+ <dt><code>certificate</code></dt>
+ <dd>Required for certificate authentication. The name of a
+ PEM file containing a certificate that will be presented
+ to the peer during authentication.</dd>
+ </dl>
+ <dl>
+ <dt><code>private_key</code></dt>
+ <dd>Optional for certificate authentication. The name of
+ a PEM file containing the private key associated with
+ <code>certificate</code>. If <code>certificate</code>
+ contains the private key, this option may be omitted.</dd>
+ </dl>
+ <dl>
+ <dt><code>psk</code></dt>
+ <dd>Required for pre-shared key authentication. Specifies a
+ pre-shared key for authentication that must be identical on
+ both sides of the tunnel.</dd>