Annotation of embedaddon/strongswan/src/swanctl/swanctl.opt, revision 1.1.1.1

1.1       misho       1: connections { # }
                      2:        Section defining IKE connection configurations.
                      3: 
                      4:        Section defining IKE connection configurations.
                      5: 
                      6:        The connections section defines IKE connection configurations, each in
                      7:        its own subsections. In the keyword description below, the connection
                      8:        is named _<conn>_, but an arbitrary yet unique connection name can be
                      9:        chosen for each connection subsection.
                     10: 
                     11: connections.<conn> { # }
                     12:        Section for an IKE connection named <conn>.
                     13: 
                     14: connections.<conn>.version = 0
                     15:        IKE major version to use for connection.
                     16: 
                     17:        IKE major version to use for connection. _1_ uses IKEv1 aka ISAKMP, _2_
                     18:        uses IKEv2. A connection using the default of _0_ accepts both IKEv1
                     19:        and IKEv2 as responder, and initiates the connection actively with IKEv2.
                     20: 
                     21: connections.<conn>.local_addrs = %any
                     22:        Local address(es) to use for IKE communication, comma separated.
                     23: 
                     24:        Local address(es) to use for IKE communication, comma separated. Takes
                     25:        single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
                     26: 
                     27:        As initiator, the first non-range/non-subnet is used to initiate the
                     28:        connection from. As responder, the local destination address must match at
                     29:        least to one of the specified addresses, subnets or ranges.
                     30: 
                     31:        If FQDNs are assigned they are resolved every time a configuration lookup
                     32:        is done. If DNS resolution times out, the lookup is delayed for that time.
                     33: 
                     34: connections.<conn>.remote_addrs = %any
                     35:        Remote address(es) to use for IKE communication, comma separated.
                     36: 
                     37:        Remote address(es) to use for IKE communication, comma separated. Takes
                     38:        single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
                     39: 
                     40:        As initiator, the first non-range/non-subnet is used to initiate the
                     41:        connection to. As responder, the initiator source address must match at
                     42:        least to one of the specified addresses, subnets or ranges.
                     43: 
                     44:        If FQDNs are assigned they are resolved every time a configuration lookup
                     45:        is done. If DNS resolution times out, the lookup is delayed for that time.
                     46: 
                     47:        To initiate a connection, at least one specific address or DNS name must
                     48:        be specified.
                     49: 
                     50: connections.<conn>.local_port = 500
                     51:        Local UDP port for IKE communication.
                     52: 
                     53:        Local UDP port for IKE communication. By default the port of the socket
                     54:        backend is used, which is usually _500_. If port _500_ is used, automatic
                     55:        IKE port floating to port 4500 is used to work around NAT issues.
                     56: 
                     57:        Using a non-default local IKE port requires support from the socket backend
                     58:        in use (socket-dynamic).
                     59: 
                     60: connections.<conn>.remote_port = 500
                     61:        Remote UDP port for IKE communication.
                     62: 
                     63:        Remote UDP port for IKE communication. If the default of port _500_ is used,
                     64:        automatic IKE port floating to port 4500 is used to work around NAT issues.
                     65: 
                     66: connections.<conn>.proposals = default
                     67:        Comma separated proposals to accept for IKE.
                     68: 
                     69:        A proposal is a set of algorithms. For non-AEAD algorithms, this includes
                     70:        for IKE an encryption algorithm, an integrity algorithm, a pseudo random
                     71:        function and a Diffie-Hellman group. For AEAD algorithms, instead of
                     72:        encryption and integrity algorithms, a combined algorithm is used.
                     73: 
                     74:        In IKEv2, multiple algorithms of the same kind can be specified in a single
                     75:        proposal, from which one gets selected. In IKEv1, only one algorithm per
                     76:        kind is allowed per proposal, more algorithms get implicitly stripped. Use
                     77:        multiple proposals to offer different algorithms combinations in IKEv1.
                     78: 
                     79:        Algorithm keywords get separated using dashes. Multiple proposals may be
                     80:        separated by commas. The special value _default_ forms a default proposal
                     81:        of supported algorithms considered safe, and is usually a good choice
                     82:        for interoperability.
                     83: 
                     84: connections.<conn>.vips =
                     85:        Virtual IPs to request in configuration payload / Mode Config.
                     86: 
                     87:        Comma separated list of virtual IPs to request in IKEv2 configuration
                     88:        payloads or IKEv1 Mode Config. The wildcard addresses _0.0.0.0_ and _::_
                     89:        request an arbitrary address, specific addresses may be defined. The
                     90:        responder may return a different address, though, or none at all.
                     91: 
                     92: connections.<conn>.aggressive = no
                     93:        Use Aggressive Mode in IKEv1.
                     94: 
                     95:        Enables Aggressive Mode instead of Main Mode with Identity Protection.
                     96:        Aggressive Mode is considered less secure, because the ID and HASH
                     97:        payloads are exchanged unprotected. This allows a passive attacker to
                     98:        snoop peer identities, and even worse, start dictionary attacks on the
                     99:        Preshared Key.
                    100: 
                    101: connections.<conn>.pull = yes
                    102:        Set the Mode Config mode to use.
                    103: 
                    104:        If the default of _yes_ is used, Mode Config works in pull mode, where
                    105:        the initiator actively requests a virtual IP. With _no_, push mode is used,
                    106:        where the responder pushes down a virtual IP to the initiating peer.
                    107: 
                    108:        Push mode is currently supported for IKEv1, but not in IKEv2. It is used
                    109:        by a few implementations only, pull mode is recommended.
                    110: 
                    111: connections.<conn>.dscp = 000000
                    112:        Differentiated Services Field Codepoint to set on outgoing IKE packets (six
                    113:        binary digits).
                    114: 
                    115:        Differentiated Services Field Codepoint to set on outgoing IKE packets for
                    116:        this connection. The value is a six digit binary encoded string specifying
                    117:        the Codepoint to set, as defined in RFC 2474.
                    118: 
                    119: connections.<conn>.encap = no
                    120:        Enforce UDP encapsulation by faking NAT-D payloads.
                    121: 
                    122:        To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
                    123:        NAT detection payloads. This makes the peer believe that NAT takes
                    124:        place on the path, forcing it to encapsulate ESP packets in UDP.
                    125: 
                    126:        Usually this is not required, but it can help to work around connectivity
                    127:        issues with too restrictive intermediary firewalls.
                    128: 
                    129: connections.<conn>.mobike = yes
                    130:        Enables MOBIKE on IKEv2 connections.
                    131: 
                    132:        Enables MOBIKE on IKEv2 connections. MOBIKE is enabled by default on IKEv2
                    133:        connections, and allows mobility of clients and multi-homing on servers by
                    134:        migrating active IPsec tunnels.
                    135: 
                    136:        Usually keeping MOBIKE enabled is unproblematic, as it is not used if the
                    137:        peer does not indicate support for it. However, due to the design of MOBIKE,
                    138:        IKEv2 always floats to port 4500 starting from the second exchange. Some
                    139:        implementations don't like this behavior, hence it can be disabled.
                    140: 
                    141: connections.<conn>.dpd_delay = 0s
                    142:        Interval of liveness checks (DPD).
                    143: 
                    144:        Interval to check the liveness of a peer actively using IKEv2 INFORMATIONAL
                    145:        exchanges or IKEv1 R_U_THERE messages. Active DPD checking is only enforced
                    146:        if no IKE or ESP/AH packet has been received for the configured DPD delay.
                    147: 
                    148: connections.<conn>.dpd_timeout = 0s
                    149:        Timeout for DPD checks (IKEV1 only).
                    150: 
                    151:        Charon by default uses the normal retransmission mechanism and timeouts to
                    152:        check the liveness of a peer, as all messages are used for liveness
                    153:        checking. For compatibility reasons, with IKEv1 a custom interval may be
                    154:        specified; this option has no effect on connections using IKE2.
                    155: 
                    156: connections.<conn>.fragmentation = yes
                    157:        Use IKE UDP datagram fragmentation (_yes_, _accept_, _no_ or _force_).
                    158: 
                    159:        Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
                    160:        fragmentation).  Acceptable  values  are _yes_ (the     default), _accept_,
                    161:        _force_ and _no_. If set to _yes_, and the peer supports it, oversized IKE
                    162:        messages will be sent in fragments. If set to _accept_, support for
                    163:        fragmentation is announced to the peer but the daemon does not send its own
                    164:        messages in fragments.  If set to _force_ (only supported for IKEv1) the
                    165:        initial IKE message will already be fragmented if required. Finally, setting
                    166:        the option to _no_ will disable announcing support for this feature.
                    167: 
                    168:        Note that fragmented IKE messages sent by a peer are always accepted
                    169:        irrespective of the value of this option (even when set to _no_).
                    170: 
                    171: connections.<conn>.childless = allow
                    172:        Use childless IKE_SA initiation (_allow_, _force_ or _never_).
                    173: 
                    174:        Use childless IKE_SA initiation (RFC 6023) for IKEv2.  Acceptable values
                    175:        are _allow_ (the default), _force_ and _never_. If set to _allow_,
                    176:        responders will accept childless IKE_SAs (as indicated via notify in the
                    177:        IKE_SA_INIT response) while initiators continue to create regular IKE_SAs
                    178:        with the first CHILD_SA created during IKE_AUTH, unless the IKE_SA is
                    179:        initiated explicitly without any children (which will fail if the responder
                    180:        does not support or has disabled this extension).  If set to _force_, only
                    181:        childless initiation is accepted and the first CHILD_SA is created with a
                    182:        separate CREATE_CHILD_SA exchange (e.g. to use an independent DH exchange
                    183:        for all CHILD_SAs).  Finally, setting the option to _never_ disables support
                    184:        for childless IKE_SAs as responder.
                    185: 
                    186: connections.<conn>.send_certreq = yes
                    187:        Send certificate requests payloads (_yes_ or _no_).
                    188: 
                    189:        Send certificate request payloads to offer trusted root CA certificates
                    190:        to the peer. Certificate requests help the peer to choose an appropriate
                    191:        certificate/private key for authentication and are enabled by default.
                    192: 
                    193:        Disabling certificate requests can be useful if too many trusted root CA
                    194:        certificates are installed, as each certificate request increases the size
                    195:        of the initial IKE packets.
                    196: 
                    197: connections.<conn>.send_cert = ifasked
                    198:        Send certificate payloads (_always_, _never_ or _ifasked_).
                    199: 
                    200:        Send certificate payloads when using certificate authentication. With the
                    201:        default of _ifasked_ the daemon sends certificate payloads only if
                    202:        certificate requests have been received. _never_ disables sending of
                    203:        certificate payloads altogether, _always_ causes certificate payloads to be
                    204:        sent unconditionally whenever certificate authentication is used.
                    205: 
                    206: connections.<conn>.ppk_id =
                    207:        String identifying the Postquantum Preshared Key (PPK) to be used.
                    208: 
                    209: connections.<conn>.ppk_required = no
                    210:        Whether a Postquantum Preshared Key (PPK) is required for this connection.
                    211: 
                    212: connections.<conn>.keyingtries = 1
                    213:        Number of retransmission sequences to perform during initial connect.
                    214: 
                    215:        Number of retransmission sequences to perform during initial connect.
                    216:        Instead of giving up initiation after the first retransmission sequence with
                    217:        the default value of _1_, additional sequences may be started according to
                    218:        the configured value. A value of _0_ initiates a new sequence until the
                    219:        connection establishes or fails with a permanent error.
                    220: 
                    221: connections.<conn>.unique = no
                    222:        Connection uniqueness policy (_never_, _no_, _keep_ or _replace_).
                    223: 
                    224:        Connection uniqueness policy to enforce. To avoid multiple connections
                    225:        from the same user, a uniqueness policy can be enforced. The value _never_
                    226:        does never enforce such a policy, even if a peer included INITIAL_CONTACT
                    227:        notification messages, whereas _no_ replaces existing connections for the
                    228:        same identity if a new one has the INITIAL_CONTACT notify. _keep_ rejects
                    229:        new connection attempts if the same user already has an active connection,
                    230:        _replace_ deletes any existing connection if a new one for the same user
                    231:        gets established.
                    232: 
                    233:        To compare connections for uniqueness, the remote IKE identity is used. If
                    234:        EAP or XAuth authentication is involved, the EAP-Identity or XAuth username
                    235:        is used to enforce the uniqueness policy instead.
                    236: 
                    237:        On initiators this setting specifies whether an INITIAL_CONTACT notify is
                    238:        sent during IKE_AUTH if no existing connection is found with the remote
                    239:        peer (determined by the identities of the first authentication round).
                    240:        Unless set to _never_ the client will send a notify.
                    241: 
                    242: connections.<conn>.reauth_time = 0s
                    243:        Time to schedule IKE reauthentication.
                    244: 
                    245:        Time to schedule IKE reauthentication. IKE reauthentication recreates the
                    246:        IKE/ISAKMP SA from scratch and re-evaluates the credentials. In asymmetric
                    247:        configurations (with EAP or configuration payloads) it might not be possible
                    248:        to actively reauthenticate as responder. The IKEv2 reauthentication lifetime
                    249:        negotiation can instruct the client to perform reauthentication.
                    250: 
                    251:        Reauthentication is disabled by default. Enabling it usually may lead
                    252:        to small connection interruptions, as strongSwan uses a break-before-make
                    253:        policy with IKEv2 to avoid any conflicts with associated tunnel resources.
                    254: 
                    255: connections.<conn>.rekey_time = 4h
                    256:        Time to schedule IKE rekeying.
                    257: 
                    258:        IKE rekeying refreshes key material using a Diffie-Hellman exchange, but
                    259:        does not re-check associated credentials. It is supported in IKEv2 only,
                    260:        IKEv1 performs a reauthentication procedure instead.
                    261: 
                    262:        With the default value IKE rekeying is scheduled every 4 hours, minus the
                    263:        configured **rand_time**. If a **reauth_time** is configured, **rekey_time**
                    264:        defaults to zero disabling rekeying; explicitly set both to enforce
                    265:        rekeying and reauthentication.
                    266: 
                    267: connections.<conn>.over_time = 10% of rekey_time/reauth_time
                    268:        Hard IKE_SA lifetime if rekey/reauth does not complete, as time.
                    269: 
                    270:        Hard IKE_SA lifetime if rekey/reauth does not complete, as time.
                    271:        To avoid having an IKE/ISAKMP kept alive if IKE reauthentication or rekeying
                    272:        fails perpetually, a maximum hard lifetime may be specified. If the
                    273:        IKE_SA fails to rekey or reauthenticate within the specified time, the
                    274:        IKE_SA gets closed.
                    275: 
                    276:        In contrast to CHILD_SA rekeying, **over_time** is relative in time to the
                    277:        **rekey_time** _and_ **reauth_time** values, as it applies to both.
                    278: 
                    279:        The default is 10% of the longer of **rekey_time** and **reauth_time**.
                    280: 
                    281: connections.<conn>.rand_time = over_time
                    282:        Range of random time to subtract from rekey/reauth times.
                    283: 
                    284:        Time range from which to choose a random value to subtract from
                    285:        rekey/reauth times. To avoid having both peers initiating the rekey/reauth
                    286:        procedure simultaneously, a random time gets subtracted from the
                    287:        rekey/reauth times.
                    288: 
                    289:        The default is equal to the configured **over_time**.
                    290: 
                    291: connections.<conn>.pools =
                    292:        Comma separated list of named IP pools.
                    293: 
                    294:        Comma separated list of named IP pools to allocate virtual IP addresses and
                    295:        other configuration attributes from. Each name references a pool by name
                    296:        from either the **pools** section or an external pool.
                    297: 
                    298: connections.<conn>.if_id_in = 0
                    299:        Default inbound XFRM interface ID for children.
                    300: 
                    301:        XFRM interface ID set on inbound policies/SA, can be overridden by child
                    302:        config, see there for details.
                    303: 
                    304: connections.<conn>.if_id_out = 0
                    305:        Default outbound XFRM interface ID for children.
                    306: 
                    307:        XFRM interface ID set on outbound policies/SA, can be overridden by child
                    308:        config, see there for details.
                    309: 
                    310: connections.<conn>.mediation = no
                    311:        Whether this connection is a mediation connection.
                    312: 
                    313:        Whether this connection is a mediation connection, that is, whether this
                    314:        connection is used to mediate other connections using the IKEv2 Mediation
                    315:        Extension.  Mediation connections create no CHILD_SA.
                    316: 
                    317: connections.<conn>.mediated_by =
                    318:        The name of the connection to mediate this connection through.
                    319: 
                    320:        The name of the connection to mediate this connection through. If given, the
                    321:        connection will be mediated through the named mediation connection.
                    322:        The     mediation connection must have **mediation** enabled.
                    323: 
                    324: connections.<conn>.mediation_peer =
                    325:        Identity under which the peer is registered at the mediation server.
                    326: 
                    327:        Identity under which the peer is registered at the mediation server, that
                    328:        is, the IKE identity the other end of this connection uses as its local
                    329:        identity on its connection to the mediation server. This is the identity we
                    330:        request the mediation server to mediate us with. Only relevant on
                    331:        connections that set **mediated_by**. If it is not given, the remote IKE
                    332:        identity of the first authentication round of this connection will be used.
                    333: 
                    334: connections.<conn>.local<suffix> {}
                    335:        Section for a local authentication round.
                    336: 
                    337:        Section for a local authentication round. A local authentication round
                    338:        defines the rules how authentication is performed for the local peer.
                    339:        Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple Authentication
                    340:        or IKEv1 XAuth.
                    341: 
                    342:        Each round is defined in a section having _local_ as prefix, and an optional
                    343:        unique suffix. To define a single authentication round, the suffix may be
                    344:        omitted.
                    345: 
                    346: connections.<conn>.local<suffix>.round = 0
                    347:        Optional numeric identifier by which authentication rounds are sorted.  If
                    348:        not specified rounds are ordered by their position in the config file/VICI
                    349:        message.
                    350: 
                    351: connections.<conn>.local<suffix>.certs =
                    352:        Comma separated list of certificate candidates to use for authentication.
                    353: 
                    354:        Comma separated list of certificate candidates to use for authentication.
                    355:        The certificates may use a relative path from the **swanctl** _x509_
                    356:        directory or an absolute path.
                    357: 
                    358:        The certificate used for authentication is selected based on the received
                    359:        certificate request payloads. If no appropriate CA can be located, the
                    360:        first certificate is used.
                    361: 
                    362: connections.<conn>.local<suffix>.cert<suffix> =
                    363:        Section for a certificate candidate to use for authentication.
                    364: 
                    365:        Section for a certificate candidate to use for authentication. Certificates
                    366:        in _certs_ are transmitted as binary blobs, these sections offer more
                    367:        flexibility.
                    368: 
                    369: connections.<conn>.local<suffix>.cert<suffix>.file =
                    370:        Absolute path to the certificate to load.
                    371: 
                    372:        Absolute path to the certificate to load. Passed as-is to the daemon, so it
                    373:        must be readable by it.
                    374: 
                    375:        Configure either this or _handle_, but not both, in one section.
                    376: 
                    377: connections.<conn>.local<suffix>.cert<suffix>.handle =
                    378:        Hex-encoded CKA_ID of the certificate on a token.
                    379: 
                    380:        Hex-encoded CKA_ID of the certificate on a token.
                    381: 
                    382:        Configure either this or _file_, but not both, in one section.
                    383: 
                    384: connections.<conn>.local<suffix>.cert<suffix>.slot =
                    385:        Optional slot number of the token that stores the certificate.
                    386: 
                    387: connections.<conn>.local<suffix>.cert<suffix>.module =
                    388:        Optional PKCS#11 module name.
                    389: 
                    390: connections.<conn>.local<suffix>.pubkeys =
                    391:        Comma separated list of raw public key candidates to use for authentication.
                    392: 
                    393:        Comma separated list of raw public key candidates to use for authentication.
                    394:        The public keys may use a relative path from the **swanctl** _pubkey_
                    395:        directory or an absolute path.
                    396: 
                    397:        Even though multiple local public keys could be defined in principle, only
                    398:        the     first public key in the list is used for authentication.
                    399: 
                    400: connections.<conn>.local<suffix>.auth = pubkey
                    401:        Authentication to perform locally (_pubkey_, _psk_, _xauth[-backend]_ or
                    402:        _eap[-method]_).
                    403: 
                    404:        Authentication to perform locally. _pubkey_ uses public key authentication
                    405:        using a private key associated to a usable certificate. _psk_ uses
                    406:        pre-shared key authentication. The IKEv1 specific _xauth_ is used for
                    407:        XAuth or Hybrid authentication, while the IKEv2 specific _eap_ keyword
                    408:        defines EAP authentication.
                    409: 
                    410:        For _xauth_, a specific backend name may be appended, separated by a dash.
                    411:        The appropriate _xauth_ backend is selected to perform the XAuth exchange.
                    412:        For traditional XAuth, the _xauth_ method is usually defined in the second
                    413:        authentication round following an initial _pubkey_ (or _psk_) round. Using
                    414:        _xauth_ in the first round performs Hybrid Mode client authentication.
                    415: 
                    416:        For _eap_, a specific EAP method name may be appended, separated by a dash.
                    417:        An EAP module implementing the appropriate method is selected to perform
                    418:        the EAP conversation.
                    419: 
                    420:        If both peers support RFC 7427 ("Signature Authentication in IKEv2")
                    421:        specific hash algorithms to be used during IKEv2 authentication may be
                    422:        configured. To do so use _ike:_ followed by a trust chain signature scheme
                    423:        constraint (see description of the **remote** section's **auth** keyword).
                    424:        For example, with _ike:pubkey-sha384-sha256_ a public key signature scheme
                    425:        with either SHA-384 or SHA-256 would get used for authentication, in that
                    426:        order and depending on the hash algorithms supported by the peer. If no
                    427:        specific hash algorithms are configured, the default is to prefer an
                    428:        algorithm that matches or exceeds the strength of the signature key.
                    429:        If no constraints with _ike:_ prefix are configured any signature scheme
                    430:        constraint (without _ike:_ prefix) will also apply to IKEv2 authentication,
                    431:        unless this is disabled in **strongswan.conf**(5). To use RSASSA-PSS
                    432:        signatures use _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g.
                    433:        _ike:rsa/pss-sha256_. If _pubkey_ or _rsa_ constraints are configured
                    434:        RSASSA-PSS signatures will only be used if enabled in
                    435:        **strongswan.conf**(5).
                    436: 
                    437: connections.<conn>.local<suffix>.id =
                    438:        IKE identity to use for authentication round.
                    439: 
                    440:        IKE identity to use for authentication round. When using certificate
                    441:        authentication, the IKE identity must be contained in the certificate,
                    442:        either as subject or as subjectAltName.
                    443: 
                    444:        The identity can be an IP address, a fully-qualified domain name, an email
                    445:        address or a Distinguished Name for which the ID type is determined
                    446:        automatically and the string is converted to the appropriate encoding. To
                    447:        enforce a specific identity type, a prefix may be used, followed by a colon
                    448:        (:). If the number sign (#) follows the colon, the remaining data is
                    449:        interpreted as hex encoding, otherwise the string is used as-is as the
                    450:        identification data. Note that this implies that no conversion is performed
                    451:        for non-string identities. For example, _ipv4:10.0.0.1_ does not create a
                    452:        valid ID_IPV4_ADDR IKE identity, as it does not get converted to binary
                    453:        0x0a000001. Instead, one could use _ipv4:#0a000001_ to get a valid identity,
                    454:        but just using the implicit type with automatic conversion is usually
                    455:        simpler. The same applies to the ASN1 encoded types. The following prefixes
                    456:        are known: _ipv4_, _ipv6_, _rfc822_, _email_, _userfqdn_, _fqdn_, _dns_,
                    457:        _asn1dn_, _asn1gn_ and _keyid_. Custom type prefixes may be specified by
                    458:        surrounding the numerical type value by curly brackets.
                    459: 
                    460: connections.<conn>.local<suffix>.eap_id = id
                    461:        Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
                    462: 
                    463: connections.<conn>.local<suffix>.aaa_id = remote-id
                    464:        Server side EAP-Identity to expect in the EAP method.
                    465: 
                    466:        Server side EAP-Identity to expect in the EAP method. Some EAP methods, such
                    467:        as EAP-TLS, use an identity for the server to perform mutual authentication.
                    468:        This identity may differ from the IKE identity, especially when EAP
                    469:        authentication is delegated from the IKE responder to an AAA backend.
                    470: 
                    471:        For EAP-(T)TLS, this defines the identity for which the server must provide
                    472:        a certificate in the TLS exchange.
                    473: 
                    474: connections.<conn>.local<suffix>.xauth_id = id
                    475:        Client XAuth username used in the XAuth exchange.
                    476: 
                    477: connections.<conn>.remote<suffix> {}
                    478:        Section for a remote authentication round.
                    479: 
                    480:        Section for a remote authentication round. A remote authentication round
                    481:        defines the constraints how the peers must authenticate to use this
                    482:        connection. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple
                    483:        Authentication or IKEv1 XAuth.
                    484: 
                    485:        Each round is defined in a section having _remote_ as prefix, and an
                    486:        optional unique suffix. To define a single authentication round, the suffix
                    487:        may be omitted.
                    488: 
                    489: connections.<conn>.remote<suffix>.round = 0
                    490:        Optional numeric identifier by which authentication rounds are sorted.  If
                    491:        not specified rounds are ordered by their position in the config file/VICI
                    492:        message.
                    493: 
                    494: connections.<conn>.remote<suffix>.id = %any
                    495:        IKE identity to expect for authentication round.
                    496: 
                    497:        IKE identity to expect for authentication round. Refer to the **local**
                    498:        section's **id** keyword for details.
                    499: 
                    500:        It's possible to use wildcards to match remote identities (e.g.
                    501:        _*@strongswan.org_, _*.strongswan.org_, or _C=CH,O=strongSwan,CN=*_).
                    502:        Connections with exact matches are preferred. When using distinguished names
                    503:        with wildcards, the _charon.rdn_matching_ option in **strongswan.conf**(5)
                    504:        specifies how RDNs are matched.
                    505: 
                    506: connections.<conn>.remote<suffix>.eap_id = id
                    507:        Identity to use as peer identity during EAP authentication.
                    508: 
                    509:        Identity to use as peer identity during EAP authentication. If set to _%any_
                    510:        the EAP-Identity method will be used to ask the client for an identity.
                    511: 
                    512: connections.<conn>.remote<suffix>.groups =
                    513:        Authorization group memberships to require.
                    514: 
                    515:        Comma separated authorization group memberships to require. The peer must
                    516:        prove membership to at least one of the specified groups. Group membership
                    517:        can be certified by different means, for example by appropriate Attribute
                    518:        Certificates or by an AAA backend involved in the authentication.
                    519: 
                    520: connections.<conn>.remote<suffix>.cert_policy =
                    521:        Certificate policy OIDs the peer's certificate must have.
                    522: 
                    523:        Comma separated list of certificate policy OIDs the peer's certificate must
                    524:        have. OIDs are specified using the numerical dotted representation.
                    525: 
                    526: connections.<conn>.remote<suffix>.certs =
                    527:        Comma separated list of certificate to accept for authentication.
                    528: 
                    529:        Comma separated list of certificates to accept for authentication.
                    530:        The certificates may use a relative path from the **swanctl** _x509_
                    531:        directory or an absolute path.
                    532: 
                    533: connections.<conn>.remote<suffix>.cert<suffix> =
                    534:        Section for a certificate to accept for authentication.
                    535: 
                    536:        Section for a certificate to accept for authentication. Certificates
                    537:        in _certs_ are transmitted as binary blobs, these sections offer more
                    538:        flexibility.
                    539: 
                    540: connections.<conn>.remote<suffix>.cert<suffix>.file =
                    541:        Absolute path to the certificate to load.
                    542: 
                    543:        Absolute path to the certificate to load. Passed as-is to the daemon, so it
                    544:        must be readable by it.
                    545: 
                    546:        Configure either this or _handle_, but not both, in one section.
                    547: 
                    548: connections.<conn>.remote<suffix>.cert<suffix>.handle =
                    549:        Hex-encoded CKA_ID of the certificate on a token.
                    550: 
                    551:        Hex-encoded CKA_ID of the certificate on a token.
                    552: 
                    553:        Configure either this or _file_, but not both, in one section.
                    554: 
                    555: connections.<conn>.remote<suffix>.cert<suffix>.slot =
                    556:        Optional slot number of the token that stores the certificate.
                    557: 
                    558: connections.<conn>.remote<suffix>.cert<suffix>.module =
                    559:        Optional PKCS#11 module name.
                    560: 
                    561: connections.<conn>.remote<suffix>.cacerts =
                    562:        Comma separated list of CA certificates to accept for authentication.
                    563: 
                    564:        Comma separated list of CA certificates to accept for authentication.
                    565:        The certificates may use a relative path from the **swanctl** _x509ca_
                    566:        directory or an absolute path.
                    567: 
                    568: connections.<conn>.remote<suffix>.cacert<suffix> =
                    569:        Section for a CA certificate to accept for authentication.
                    570: 
                    571:        Section for a CA certificate to accept for authentication. Certificates
                    572:        in _cacerts_ are transmitted as binary blobs, these sections offer more
                    573:        flexibility.
                    574: 
                    575: connections.<conn>.remote<suffix>.cacert<suffix>.file =
                    576:        Absolute path to the certificate to load.
                    577: 
                    578:        Absolute path to the certificate to load. Passed as-is to the daemon, so it
                    579:        must be readable by it.
                    580: 
                    581:        Configure either this or _handle_, but not both, in one section.
                    582: 
                    583: connections.<conn>.remote<suffix>.cacert<suffix>.handle =
                    584:        Hex-encoded CKA_ID of the CA certificate on a token.
                    585: 
                    586:        Hex-encoded CKA_ID of the CA certificate on a token.
                    587: 
                    588:        Configure either this or _file_, but not both, in one section.
                    589: 
                    590: connections.<conn>.remote<suffix>.cacert<suffix>.slot =
                    591:        Optional slot number of the token that stores the CA certificate.
                    592: 
                    593: connections.<conn>.remote<suffix>.cacert<suffix>.module =
                    594:        Optional PKCS#11 module name.
                    595: 
                    596: connections.<conn>.remote<suffix>.ca_id =
                    597:        Identity in CA certificate to accept for authentication.
                    598: 
                    599:        The specified identity must be contained in one (intermediate) CA
                    600:        of the remote peer trustchain, either as subject or as subjectAltName.
                    601:        This has the same effect as specifying _cacerts_ to force clients under
                    602:        a CA to specific connections; it does not require the CA certificate to
                    603:        be available locally, and can be received from the peer during the
                    604:        IKE exchange.
                    605: 
                    606: connections.<conn>.remote<suffix>.pubkeys =
                    607:        Comma separated list of raw public keys to accept for authentication.
                    608: 
                    609:        Comma separated list of raw public keys to accept for authentication.
                    610:        The public keys may use a relative path from the **swanctl** _pubkey_
                    611:        directory or an absolute path.
                    612: 
                    613: connections.<conn>.remote<suffix>.revocation = relaxed
                    614:        Certificate revocation policy, (_strict_, _ifuri_ or _relaxed_).
                    615: 
                    616:        Certificate revocation policy for CRL or OCSP revocation.
                    617: 
                    618:        A _strict_ revocation policy fails if no revocation information is
                    619:        available, i.e. the certificate is not known to be unrevoked.
                    620: 
                    621:        _ifuri_ fails only if a CRL/OCSP URI is available, but certificate
                    622:        revocation checking fails, i.e. there should be revocation information
                    623:        available, but it could not be obtained.
                    624: 
                    625:        The default revocation policy _relaxed_ fails only if a certificate
                    626:        is revoked, i.e. it is explicitly known that it is bad.
                    627: 
                    628: connections.<conn>.remote<suffix>.auth = pubkey
                    629:        Authentication to expect from remote (_pubkey_, _psk_, _xauth[-backend]_ or
                    630:        _eap[-method]_).
                    631: 
                    632:        Authentication to expect from remote. See the **local** section's **auth**
                    633:        keyword description about the details of supported mechanisms.
                    634: 
                    635:        To require a trustchain public key strength for the remote side, specify the
                    636:        key type followed by the minimum strength in bits (for example _ecdsa-384_
                    637:        or _rsa-2048-ecdsa-256_). To limit the acceptable set of hashing algorithms
                    638:        for trustchain validation, append hash algorithms to _pubkey_ or a key
                    639:        strength definition (for example _pubkey-sha256-sha512_,
                    640:        _rsa-2048-sha256-sha384-sha512_ or
                    641:        _rsa-2048-sha256-ecdsa-256-sha256-sha384_).
                    642:        Unless disabled in **strongswan.conf**(5), or explicit IKEv2 signature
                    643:        constraints are configured (refer to the description of the **local**
                    644:        section's **auth** keyword for details), such key types and hash algorithms
                    645:        are also applied as constraints against IKEv2 signature authentication
                    646:        schemes used by the remote side. To require RSASSA-PSS signatures use
                    647:        _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g. _rsa/pss-sha256_. If
                    648:        _pubkey_ or _rsa_ constraints are configured RSASSA-PSS signatures will only
                    649:        be accepted if enabled in **strongswan.conf**(5).
                    650: 
                    651:        To specify trust chain constraints for EAP-(T)TLS, append a colon to the
                    652:        EAP method, followed by the key type/size and hash algorithm as discussed
                    653:        above (e.g. _eap-tls:ecdsa-384-sha384_).
                    654: 
                    655: connections.<conn>.children.<child> {}
                    656:        CHILD_SA configuration sub-section.
                    657: 
                    658:        CHILD_SA configuration sub-section. Each connection definition may have
                    659:        one or more sections in its _children_ subsection. The section name
                    660:        defines the name of the CHILD_SA configuration, which must be unique within
                    661:        the connection.
                    662: 
                    663: connections.<conn>.children.<child>.ah_proposals =
                    664:        AH proposals to offer for the CHILD_SA.
                    665: 
                    666:        AH proposals to offer for the CHILD_SA. A proposal is a set of algorithms.
                    667:        For AH, this includes an integrity algorithm and an optional Diffie-Hellman
                    668:        group. If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial
                    669:        negotiation uses a separate Diffie-Hellman exchange using the specified
                    670:        group (refer to _esp_proposals_ for details).
                    671: 
                    672:        In IKEv2, multiple algorithms of the same kind can be specified in a single
                    673:        proposal, from which one gets selected. In IKEv1, only one algorithm per
                    674:        kind is allowed per proposal, more algorithms get implicitly stripped. Use
                    675:        multiple proposals to offer different algorithms combinations in IKEv1.
                    676: 
                    677:        Algorithm keywords get separated using dashes. Multiple proposals may be
                    678:        separated by commas. The special value _default_ forms a default proposal
                    679:        of supported algorithms considered safe, and is usually a good choice
                    680:        for interoperability. By default no AH proposals are included, instead ESP
                    681:        is proposed.
                    682: 
                    683: connections.<conn>.children.<child>.esp_proposals = default
                    684:        ESP proposals to offer for the CHILD_SA.
                    685: 
                    686:        ESP proposals to offer for the CHILD_SA. A proposal is a set of algorithms.
                    687:        For ESP non-AEAD proposals, this includes an integrity algorithm, an
                    688:        encryption algorithm, an optional Diffie-Hellman group and an optional
                    689:        Extended Sequence Number Mode indicator. For AEAD proposals, a combined
                    690:        mode algorithm is used instead of the separate encryption/integrity
                    691:        algorithms.
                    692: 
                    693:        If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial
                    694:        negotiation use a separate Diffie-Hellman exchange using the specified
                    695:        group. However, for IKEv2, the keys of the CHILD_SA created implicitly with
                    696:        the IKE_SA will always be derived from the IKE_SA's key material. So any DH
                    697:        group specified here will only apply when the CHILD_SA is later rekeyed or
                    698:        is created with a separate CREATE_CHILD_SA exchange. A proposal mismatch
                    699:        might, therefore, not immediately be noticed when the SA is established, but
                    700:        may later cause rekeying to fail.
                    701: 
                    702:        Extended Sequence Number support may be indicated with the _esn_ and _noesn_
                    703:        values, both may be included to indicate support for both modes. If omitted,
                    704:        _noesn_ is assumed.
                    705: 
                    706:        In IKEv2, multiple algorithms of the same kind can be specified in a single
                    707:        proposal, from which one gets selected. In IKEv1, only one algorithm per
                    708:        kind is allowed per proposal, more algorithms get implicitly stripped. Use
                    709:        multiple proposals to offer different algorithms combinations in IKEv1.
                    710: 
                    711:        Algorithm keywords get separated using dashes. Multiple proposals may be
                    712:        separated by commas. The special value _default_ forms a default proposal
                    713:        of supported algorithms considered safe, and is usually a good choice
                    714:        for interoperability. If no algorithms are specified for AH nor ESP,
                    715:        the _default_ set of algorithms for ESP is included.
                    716: 
                    717: connections.<conn>.children.<child>.sha256_96 = no
                    718:        Use incorrect 96-bit truncation for HMAC-SHA-256.
                    719: 
                    720:        HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility
                    721:        with implementations that incorrectly use 96-bit truncation this option may
                    722:        be enabled to configure the shorter truncation length in the kernel.  This
                    723:        is not negotiated, so this only works with peers that use the incorrect
                    724:        truncation length (or have this option enabled).
                    725: 
                    726: connections.<conn>.children.<child>.local_ts = dynamic
                    727:        Local traffic selectors to include in CHILD_SA.
                    728: 
                    729:        Comma separated list of local traffic selectors to include in CHILD_SA.
                    730:        Each selector is a CIDR subnet definition, followed by an optional
                    731:        proto/port selector. The special value _dynamic_ may be used instead of a
                    732:        subnet definition, which gets replaced by the tunnel outer address or the
                    733:        virtual IP, if negotiated. This is the default.
                    734: 
                    735:        A protocol/port selector is surrounded by opening and closing square
                    736:        brackets. Between these brackets, a numeric or **getservent**(3) protocol
                    737:        name may be specified. After the optional protocol restriction, an optional
                    738:        port restriction may be specified, separated by a slash. The port
                    739:        restriction may be numeric, a **getservent**(3) service name, or the special
                    740:        value _opaque_ for RFC 4301 OPAQUE selectors. Port ranges may be specified
                    741:        as well, none of the kernel backends currently support port ranges, though.
                    742: 
                    743:        When IKEv1 is used only the first selector is interpreted, except if
                    744:        the Cisco Unity extension plugin is used. This is due to a limitation of the
                    745:        IKEv1 protocol, which only allows a single pair of selectors per CHILD_SA.
                    746:        So to tunnel traffic matched by several pairs of selectors when using IKEv1
                    747:        several children (CHILD_SAs) have to be defined that cover the selectors.
                    748: 
                    749:        The IKE daemon uses traffic selector narrowing for IKEv1, the same way it is
                    750:        standardized and implemented for IKEv2. However, this may lead to problems
                    751:        with other implementations. To avoid that, configure identical selectors in
                    752:        such scenarios.
                    753: 
                    754: connections.<conn>.children.<child>.remote_ts = dynamic
                    755:        Remote selectors to include in CHILD_SA.
                    756: 
                    757:        Comma separated list of remote selectors to include in CHILD_SA. See
                    758:        **local_ts** for a description of the selector syntax.
                    759: 
                    760: connections.<conn>.children.<child>.rekey_time = 1h
                    761:        Time to schedule CHILD_SA rekeying.
                    762: 
                    763:        Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key
                    764:        material, optionally using a Diffie-Hellman exchange if a group is
                    765:        specified in the proposal.
                    766: 
                    767:        To avoid rekey collisions initiated by both ends simultaneously, a value
                    768:        in the range of **rand_time** gets subtracted to form the effective soft
                    769:        lifetime.
                    770: 
                    771:        By default CHILD_SA rekeying is scheduled every hour, minus **rand_time**.
                    772: 
                    773: connections.<conn>.children.<child>.life_time = rekey_time + 10%
                    774:        Maximum lifetime before CHILD_SA gets closed, as time.
                    775: 
                    776:        Maximum lifetime before CHILD_SA gets closed. Usually this hard lifetime
                    777:        is never reached, because the CHILD_SA gets rekeyed before.
                    778:        If that fails for whatever reason, this limit closes the CHILD_SA.
                    779: 
                    780:        The default is 10% more than the **rekey_time**.
                    781: 
                    782: connections.<conn>.children.<child>.rand_time = life_time - rekey_time
                    783:        Range of random time to subtract from **rekey_time**.
                    784: 
                    785:        Time range from which to choose a random value to subtract from
                    786:        **rekey_time**. The default is the difference between **life_time** and
                    787:        **rekey_time**.
                    788: 
                    789: connections.<conn>.children.<child>.rekey_bytes = 0
                    790:        Number of bytes processed before initiating CHILD_SA rekeying.
                    791: 
                    792:        Number of bytes processed before initiating CHILD_SA rekeying. CHILD_SA
                    793:        rekeying refreshes key material, optionally using a Diffie-Hellman exchange
                    794:        if a group is specified in the proposal.
                    795: 
                    796:        To avoid rekey collisions initiated by both ends simultaneously, a value
                    797:        in the range of **rand_bytes** gets subtracted to form the effective soft
                    798:        volume limit.
                    799: 
                    800:        Volume based CHILD_SA rekeying is disabled by default.
                    801: 
                    802: connections.<conn>.children.<child>.life_bytes = rekey_bytes + 10%
                    803:        Maximum bytes processed before CHILD_SA gets closed.
                    804: 
                    805:        Maximum bytes processed before CHILD_SA gets closed. Usually this hard
                    806:        volume limit is never reached, because the CHILD_SA gets rekeyed before.
                    807:        If that fails for whatever reason, this limit closes the CHILD_SA.
                    808: 
                    809:        The default is 10% more than **rekey_bytes**.
                    810: 
                    811: connections.<conn>.children.<child>.rand_bytes = life_bytes - rekey_bytes
                    812:        Range of random bytes to subtract from **rekey_bytes**.
                    813: 
                    814:        Byte range from which to choose a random value to subtract from
                    815:        **rekey_bytes**. The default is the difference between **life_bytes** and
                    816:        **rekey_bytes**.
                    817: 
                    818: connections.<conn>.children.<child>.rekey_packets = 0
                    819:        Number of packets processed before initiating CHILD_SA rekeying.
                    820: 
                    821:        Number of packets processed before initiating CHILD_SA rekeying. CHILD_SA
                    822:        rekeying refreshes key material, optionally using a Diffie-Hellman exchange
                    823:        if a group is specified in the proposal.
                    824: 
                    825:        To avoid rekey collisions initiated by both ends simultaneously, a value
                    826:        in the range of **rand_packets** gets subtracted to form the effective soft
                    827:        packet count limit.
                    828: 
                    829:        Packet count based CHILD_SA rekeying is disabled by default.
                    830: 
                    831: connections.<conn>.children.<child>.life_packets = rekey_packets + 10%
                    832:        Maximum number of packets processed before CHILD_SA gets closed.
                    833: 
                    834:        Maximum number of packets processed before CHILD_SA gets closed. Usually
                    835:        this hard packets limit is never reached, because the CHILD_SA gets rekeyed
                    836:        before. If that fails for whatever reason, this limit closes the CHILD_SA.
                    837: 
                    838:        The default is 10% more than **rekey_bytes**.
                    839: 
                    840: connections.<conn>.children.<child>.rand_packets = life_packets - rekey_packets
                    841:        Range of random packets to subtract from **packets_bytes**.
                    842: 
                    843:        Packet range from which to choose a random value to subtract from
                    844:        **rekey_packets**. The default is the difference between **life_packets**
                    845:        and **rekey_packets**.
                    846: 
                    847: connections.<conn>.children.<child>.updown =
                    848:        Updown script to invoke on CHILD_SA up and down events.
                    849: 
                    850: connections.<conn>.children.<child>.hostaccess = no
                    851:        Hostaccess variable to pass to **updown** script.
                    852: 
                    853: connections.<conn>.children.<child>.mode = tunnel
                    854:        IPsec Mode to establish (_tunnel_, _transport_, _transport_proxy_, _beet_,
                    855:        _pass_ or _drop_).
                    856: 
                    857:        IPsec Mode to establish CHILD_SA with. _tunnel_ negotiates the CHILD_SA
                    858:        in IPsec Tunnel Mode, whereas _transport_ uses IPsec Transport Mode.
                    859:        _transport_proxy_ signifying the special Mobile IPv6 Transport Proxy Mode.
                    860:        _beet_ is the Bound End to End Tunnel mixture mode, working with fixed inner
                    861:        addresses without the need to include them in each packet.
                    862: 
                    863:        Both _transport_ and _beet_ modes are subject to mode negotiation; _tunnel_
                    864:        mode is negotiated if the preferred mode is not available.
                    865: 
                    866:        _pass_ and _drop_ are used to install shunt policies which explicitly
                    867:        bypass the defined traffic from IPsec processing or drop it, respectively.
                    868: 
                    869: connections.<conn>.children.<child>.policies = yes
                    870:        Whether to install IPsec policies or not.
                    871: 
                    872:        Whether to install IPsec policies or not. Disabling this can be useful in
                    873:        some scenarios e.g. MIPv6, where policies are not managed by the IKE daemon.
                    874: 
                    875: connections.<conn>.children.<child>.policies_fwd_out = no
                    876:        Whether to install outbound FWD IPsec policies or not.
                    877: 
                    878:        Whether to install outbound FWD IPsec policies or not. Enabling this is
                    879:        required in case there is a drop policy that would match and block forwarded
                    880:        traffic for this CHILD_SA.
                    881: 
                    882: connections.<conn>.children.<child>.dpd_action = clear
                    883:        Action to perform on DPD timeout (_clear_, _trap_ or _restart_).
                    884: 
                    885:        Action to perform for this CHILD_SA on DPD timeout. The default _clear_
                    886:        closes the CHILD_SA and does not take further action. _trap_ installs
                    887:        a trap policy, which will catch matching traffic and tries to re-negotiate
                    888:        the tunnel on-demand. _restart_ immediately tries to re-negotiate the
                    889:        CHILD_SA under a fresh IKE_SA.
                    890: 
                    891: connections.<conn>.children.<child>.ipcomp = no
                    892:        Enable IPComp compression before encryption.
                    893: 
                    894:        Enable IPComp compression before encryption. If enabled, IKE tries to
                    895:        negotiate IPComp compression to compress ESP payload data prior to
                    896:        encryption.
                    897: 
                    898: connections.<conn>.children.<child>.inactivity = 0s
                    899:        Timeout before closing CHILD_SA after inactivity.
                    900: 
                    901:        Timeout before closing CHILD_SA after inactivity. If no traffic has
                    902:        been processed in either direction for the configured timeout, the CHILD_SA
                    903:        gets closed due to inactivity. The default value of _0_ disables inactivity
                    904:        checks.
                    905: 
                    906: connections.<conn>.children.<child>.reqid = 0
                    907:        Fixed reqid to use for this CHILD_SA.
                    908: 
                    909:        Fixed reqid to use for this CHILD_SA. This might be helpful in some
                    910:        scenarios, but works only if each CHILD_SA configuration is instantiated
                    911:        not more than once. The default of _0_ uses dynamic reqids, allocated
                    912:        incrementally.
                    913: 
                    914: connections.<conn>.children.<child>.priority = 0
                    915:        Optional fixed priority for IPsec policies.
                    916: 
                    917:        Optional fixed priority for IPsec policies. This could be useful to install
                    918:        high-priority drop policies.  The default of _0_ uses dynamically calculated
                    919:        priorities based on the size of the traffic selectors.
                    920: 
                    921: connections.<conn>.children.<child>.interface =
                    922:        Optional interface name to restrict IPsec policies.
                    923: 
                    924: connections.<conn>.children.<child>.mark_in = 0/0x00000000
                    925:        Netfilter mark and mask for input traffic.
                    926: 
                    927:        Netfilter mark and mask for input traffic. On Linux, Netfilter may require
                    928:        marks on each packet to match an SA/policy having that option set. This
                    929:        allows installing duplicate policies and enables Netfilter rules to select
                    930:        specific SAs/policies for incoming traffic.  Note that inbound marks are
                    931:        only set on policies, by default, unless *mark_in_sa* is enabled. The
                    932:        special value _%unique_ sets a unique mark on each CHILD_SA instance, beyond
                    933:        that the value _%unique-dir_ assigns a different unique mark for each
                    934:        CHILD_SA direction (in/out).
                    935: 
                    936:        An additional mask may be appended to the mark, separated by _/_. The
                    937:        default mask if omitted is 0xffffffff.
                    938: 
                    939: connections.<conn>.children.<child>.mark_in_sa = no
                    940:        Whether to set *mark_in* on the inbound SA.
                    941: 
                    942:        Whether to set *mark_in* on the inbound SA. By default, the inbound mark is
                    943:        only set on the inbound policy. The tuple destination address, protocol and
                    944:        SPI is unique and the mark is not required to find the correct SA, allowing
                    945:        to mark traffic after decryption instead (where more specific selectors may
                    946:        be used) to match different policies. Marking packets before decryption is
                    947:        still possible, even if no mark is set on the SA.
                    948: 
                    949: connections.<conn>.children.<child>.mark_out = 0/0x00000000
                    950:        Netfilter mark and mask for output traffic.
                    951: 
                    952:        Netfilter mark and mask for output traffic. On Linux, Netfilter may require
                    953:        marks on each packet to match a policy/SA having that option set. This
                    954:        allows installing duplicate policies and enables Netfilter rules to select
                    955:        specific policies/SAs for outgoing traffic. The special value _%unique_ sets
                    956:        a unique mark on each CHILD_SA instance, beyond that the value _%unique-dir_
                    957:        assigns a different unique mark for each CHILD_SA direction (in/out).
                    958: 
                    959:        An additional mask may be appended to the mark, separated by _/_. The
                    960:        default mask if omitted is 0xffffffff.
                    961: 
                    962: connections.<conn>.children.<child>.set_mark_in = 0/0x00000000
                    963:        Netfilter mark applied to packets after the inbound IPsec SA processed them.
                    964: 
                    965:        Netfilter mark applied to packets after the inbound IPsec SA processed them.
                    966:        This way it's not necessary to mark packets via Netfilter before decryption
                    967:        or right afterwards to match policies or process them differently (e.g. via
                    968:        policy routing).
                    969: 
                    970:        An additional mask may be appended to the mark, separated by _/_. The
                    971:        default mask if omitted is 0xffffffff. The special value _%same_ uses
                    972:        the value (but not the mask) from **mark_in** as mark value, which can be
                    973:        fixed, _%unique_ or _%unique-dir_.
                    974: 
                    975:        Setting marks in XFRM input requires Linux 4.19 or higher.
                    976: 
                    977: connections.<conn>.children.<child>.set_mark_out = 0/0x00000000
                    978:        Netfilter mark applied to packets after the outbound IPsec SA processed
                    979:        them.
                    980: 
                    981:        Netfilter mark applied to packets after the outbound IPsec SA processed
                    982:        them. This allows processing ESP packets differently than the original
                    983:        traffic (e.g. via policy routing).
                    984: 
                    985:        An additional mask may be appended to the mark, separated by _/_. The
                    986:        default mask if omitted is 0xffffffff. The special value _%same_ uses
                    987:        the value (but not the mask) from **mark_out** as mark value, which can be
                    988:        fixed, _%unique_ or _%unique-dir_.
                    989: 
                    990:        Setting marks in XFRM output is supported since Linux 4.14. Setting a mask
                    991:        requires at least Linux 4.19.
                    992: 
                    993: connections.<conn>.children.<child>.if_id_in = 0
                    994:        Inbound XFRM interface ID.
                    995: 
                    996:        XFRM interface ID set on inbound policies/SA. This allows installing
                    997:        duplicate policies/SAs and associates them with an interface with the same
                    998:        ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA
                    999:        instance, beyond that the value _%unique-dir_ assigns a different unique
                   1000:        interface ID for each CHILD_SA direction (in/out).
                   1001: 
                   1002: connections.<conn>.children.<child>.if_id_out = 0
                   1003:        Outbound XFRM interface ID.
                   1004: 
                   1005:        XFRM interface ID set on outbound policies/SA. This allows installing
                   1006:        duplicate policies/SAs and associates them with an interface with the same
                   1007:        ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA
                   1008:        instance, beyond that the value _%unique-dir_ assigns a different unique
                   1009:        interface ID for each CHILD_SA direction (in/out).
                   1010: 
                   1011:        The daemon will not install routes for CHILD_SAs that have this option set.
                   1012: 
                   1013: connections.<conn>.children.<child>.tfc_padding = 0
                   1014:        Traffic Flow Confidentiality padding.
                   1015: 
                   1016:        Pads ESP packets with additional data to have a consistent ESP packet size
                   1017:        for improved Traffic Flow Confidentiality. The padding defines the minimum
                   1018:        size of all ESP packets sent.
                   1019: 
                   1020:        The default value of 0 disables TFC padding, the special value _mtu_ adds
                   1021:        TFC padding to create a packet size equal to the Path Maximum Transfer Unit.
                   1022: 
                   1023: connections.<conn>.children.<child>.replay_window = 32
                   1024:        IPsec replay window to configure for this CHILD_SA.
                   1025: 
                   1026:        IPsec replay window to configure for this CHILD_SA. Larger values than the
                   1027:        default of 32 are supported using the Netlink backend only, a value of 0
                   1028:        disables IPsec replay protection.
                   1029: 
                   1030: connections.<conn>.children.<child>.hw_offload = no
                   1031:        Enable hardware offload for this CHILD_SA, if supported by the IPsec
                   1032:        implementation.
                   1033: 
                   1034:        Enable hardware offload for this CHILD_SA, if supported by the IPsec
                   1035:        implementation. The value _yes_ enforces offloading and the installation
                   1036:        will fail if it's not supported by either kernel or device.     The value _auto_
                   1037:        enables offloading, if it's supported, but the installation does not fail
                   1038:        otherwise.
                   1039: 
                   1040: connections.<conn>.children.<child>.copy_df = yes
                   1041:        Whether to copy the DF bit to the outer IPv4 header in tunnel mode.
                   1042: 
                   1043:        Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This
                   1044:        effectively disables Path MTU discovery (PMTUD).  Controlling this behavior
                   1045:        is not supported by all kernel interfaces.
                   1046: 
                   1047: connections.<conn>.children.<child>.copy_ecn = yes
                   1048:        Whether to copy the ECN header field to/from the outer IP header in tunnel
                   1049:        mode.
                   1050: 
                   1051:        Whether to copy the ECN (Explicit Congestion Notification) header field
                   1052:        to/from the outer IP header in tunnel mode. Controlling this behavior is not
                   1053:        supported by all kernel interfaces.
                   1054: 
                   1055: connections.<conn>.children.<child>.copy_dscp = out
                   1056:        Whether to copy the DSCP header field to/from the outer IP header in tunnel
                   1057:        mode.
                   1058: 
                   1059:        Whether to copy the DSCP (Differentiated Services Field Codepoint) header
                   1060:        field to/from the outer IP header in tunnel mode. The value _out_ only
                   1061:        copies the field from the inner to the outer header, the value _in_ does the
                   1062:        opposite and only copies the field from the outer to the inner header when
                   1063:        decapsulating, the value _yes_ copies the field in both directions, and the
                   1064:        value _no_ disables copying the field altogether.  Setting this to _yes_ or
                   1065:        _in_ could allow an attacker to adversely affect other traffic at the
                   1066:        receiver, which is why the default is _out_. Controlling this behavior is
                   1067:        not supported by all kernel interfaces.
                   1068: 
                   1069: connections.<conn>.children.<child>.start_action = none
                   1070:        Action to perform after loading the configuration (_none_, _trap_, _start_).
                   1071: 
                   1072:        Action to perform after loading the configuration. The default of _none_
                   1073:        loads the connection only, which then can be manually initiated or used as
                   1074:        a responder configuration.
                   1075: 
                   1076:        The value _trap_ installs a trap policy, which triggers the tunnel as soon
                   1077:        as matching traffic has been detected. The value _start_ initiates
                   1078:        the connection actively.
                   1079: 
                   1080:        When unloading or replacing a CHILD_SA configuration having a
                   1081:        **start_action** different from _none_, the inverse action is performed.
                   1082:        Configurations with _start_ get closed, while such with _trap_ get
                   1083:        uninstalled.
                   1084: 
                   1085: connections.<conn>.children.<child>.close_action = none
                   1086:        Action to perform after a CHILD_SA gets closed (_none_, _trap_, _start_).
                   1087: 
                   1088:        Action to perform after a CHILD_SA gets closed by the peer. The default of
                   1089:        _none_ does not take any action, _trap_ installs a trap policy for the
                   1090:        CHILD_SA. _start_ tries to re-create the CHILD_SA.
                   1091: 
                   1092:        **close_action** does not provide any guarantee that the CHILD_SA is kept
                   1093:        alive. It acts on explicit close messages only, but not on negotiation
                   1094:        failures. Use trap policies to reliably re-create failed CHILD_SAs.
                   1095: 
                   1096: secrets { # }
                   1097:        Section defining secrets for IKE/EAP/XAuth authentication and private
                   1098:        key decryption.
                   1099: 
                   1100:        Section defining secrets for IKE/EAP/XAuth authentication and private key
                   1101:        decryption. The **secrets** section takes sub-sections having a specific
                   1102:        prefix which defines the secret type.
                   1103: 
                   1104:        It is not recommended to define any private key decryption passphrases,
                   1105:        as then there is no real security benefit in having encrypted keys. Either
                   1106:        store the key unencrypted or enter the keys manually when loading
                   1107:        credentials.
                   1108: 
                   1109: secrets.eap<suffix> { # }
                   1110:        EAP secret section for a specific secret.
                   1111: 
                   1112:        EAP secret section for a specific secret. Each EAP secret is defined in
                   1113:        a unique section having the _eap_ prefix. EAP secrets are used for XAuth
                   1114:        authentication as well.
                   1115: 
                   1116: secrets.xauth<suffix> { # }
                   1117:        XAuth secret section for a specific secret.
                   1118: 
                   1119:        XAuth secret section for a specific secret. **xauth** is just an alias
                   1120:        for **eap**, secrets under both section prefixes are used for both EAP and
                   1121:        XAuth authentication.
                   1122: 
                   1123: secrets.eap<suffix>.secret =
                   1124:        Value of the EAP/XAuth secret.
                   1125: 
                   1126:        Value of the EAP/XAuth secret. It may either be an ASCII string, a hex
                   1127:        encoded string if it has a _0x_ prefix or a Base64 encoded string if it
                   1128:        has a _0s_ prefix in its value.
                   1129: 
                   1130: secrets.eap<suffix>.id<suffix> =
                   1131:        Identity the EAP/XAuth secret belongs to.
                   1132: 
                   1133:        Identity the EAP/XAuth secret belongs to. Multiple unique identities may
                   1134:        be specified, each having an _id_ prefix, if a secret is shared between
                   1135:        multiple users.
                   1136: 
                   1137: secrets.ntlm<suffix> { # }
                   1138:        NTLM secret section for a specific secret.
                   1139: 
                   1140:        NTLM secret section for a specific secret. Each NTLM secret is defined in
                   1141:        a unique section having the _ntlm_ prefix. NTLM secrets may only be used for
                   1142:        EAP-MSCHAPv2 authentication.
                   1143: 
                   1144: secrets.ntlm<suffix>.secret =
                   1145:        Value of the NTLM secret.
                   1146: 
                   1147:        Value of the NTLM secret, which is the NT Hash of the actual secret, that
                   1148:        is, MD4(UTF-16LE(secret)). The resulting 16-byte value may either be given
                   1149:        as a hex encoded string with a _0x_ prefix or as a Base64 encoded string
                   1150:        with a _0s_ prefix.
                   1151: 
                   1152: secrets.ntlm<suffix>.id<suffix> =
                   1153:        Identity the NTLM secret belongs to.
                   1154: 
                   1155:        Identity the NTLM secret belongs to. Multiple unique identities may
                   1156:        be specified, each having an _id_ prefix, if a secret is shared between
                   1157:        multiple users.
                   1158: 
                   1159: secrets.ike<suffix> { # }
                   1160:        IKE preshared secret section for a specific secret.
                   1161: 
                   1162:        IKE preshared secret section for a specific secret. Each IKE PSK is defined
                   1163:        in a unique section having the _ike_ prefix.
                   1164: 
                   1165: secrets.ike<suffix>.secret =
                   1166:        Value of the IKE preshared secret.
                   1167: 
                   1168:        Value of the IKE preshared secret. It may either be an ASCII string,
                   1169:        a hex encoded string if it has a _0x_ prefix or a Base64 encoded string if
                   1170:        it has a _0s_ prefix in its value.
                   1171: 
                   1172: secrets.ike<suffix>.id<suffix> =
                   1173:        IKE identity the IKE preshared secret belongs to.
                   1174: 
                   1175:        IKE identity the IKE preshared secret belongs to. Multiple unique identities
                   1176:        may be specified, each having an _id_ prefix, if a secret is shared between
                   1177:        multiple peers.
                   1178: 
                   1179: secrets.ppk<suffix> { # }
                   1180:        Postquantum Preshared Key (PPK) section for a specific secret.
                   1181: 
                   1182:        Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
                   1183:        defined in a unique section having the _ppk_ prefix.
                   1184: 
                   1185: secrets.ppk<suffix>.secret =
                   1186:        Value of the PPK.
                   1187: 
                   1188:        Value of the PPK. It may either be an ASCII string,     a hex encoded string if
                   1189:        it has a _0x_ prefix or a Base64 encoded string if it has a _0s_ prefix in
                   1190:        its value. Should have at least 256 bits of entropy for 128-bit security.
                   1191: 
                   1192: secrets.ppk<suffix>.id<suffix> =
                   1193:        PPK identity the PPK belongs to.
                   1194: 
                   1195:        PPK identity the PPK belongs to. Multiple unique identities
                   1196:        may be specified, each having an _id_ prefix, if a secret is shared between
                   1197:        multiple peers.
                   1198: 
                   1199: secrets.private<suffix> { # }
                   1200:        Private key decryption passphrase for a key in the _private_ folder.
                   1201: 
                   1202: secrets.private<suffix>.file =
                   1203:        File name in the _private_ folder for which this passphrase should be used.
                   1204: 
                   1205: secrets.private<suffix>.secret
                   1206:        Value of decryption passphrase for private key.
                   1207: 
                   1208: secrets.rsa<suffix> { # }
                   1209:        Private key decryption passphrase for a key in the _rsa_ folder.
                   1210: 
                   1211: secrets.rsa<suffix>.file =
                   1212:        File name in the _rsa_ folder for which this passphrase should be used.
                   1213: 
                   1214: secrets.rsa<suffix>.secret
                   1215:        Value of decryption passphrase for RSA key.
                   1216: 
                   1217: secrets.ecdsa<suffix> { # }
                   1218:        Private key decryption passphrase for a key in the _ecdsa_ folder.
                   1219: 
                   1220: secrets.ecdsa<suffix>.file =
                   1221:        File name in the _ecdsa_ folder for which this passphrase should be used.
                   1222: 
                   1223: secrets.ecdsa<suffix>.secret
                   1224:        Value of decryption passphrase for ECDSA key.
                   1225: 
                   1226: secrets.pkcs8<suffix> { # }
                   1227:        Private key decryption passphrase for a key in the _pkcs8_ folder.
                   1228: 
                   1229: secrets.pkcs8<suffix>.file =
                   1230:        File name in the _pkcs8_ folder for which this passphrase should be used.
                   1231: 
                   1232: secrets.pkcs8<suffix>.secret
                   1233:        Value of decryption passphrase for PKCS#8 key.
                   1234: 
                   1235: secrets.pkcs12<suffix> { # }
                   1236:        PKCS#12 decryption passphrase for a container in the _pkcs12_ folder.
                   1237: 
                   1238: secrets.pkcs12<suffix>.file =
                   1239:        File name in the _pkcs12_ folder for which this passphrase should be used.
                   1240: 
                   1241: secrets.pkcs12<suffix>.secret
                   1242:        Value of decryption passphrase for PKCS#12 container.
                   1243: 
                   1244: secrets.token<suffix> { # }
                   1245:        Definition for a private key that's stored on a token/smartcard.
                   1246: 
                   1247: secrets.token<suffix>.handle =
                   1248:        Hex-encoded CKA_ID of the private key on the token.
                   1249: 
                   1250: secrets.token<suffix>.slot =
                   1251:        Optional slot number to access the token.
                   1252: 
                   1253: secrets.token<suffix>.module =
                   1254:        Optional PKCS#11 module name to access the token.
                   1255: 
                   1256: secrets.token<suffix>.pin =
                   1257:        Optional PIN required to access the key on the token. If none is provided
                   1258:        the user is prompted during an interactive --load-creds call.
                   1259: 
                   1260: pools { # }
                   1261:        Section defining named pools.
                   1262: 
                   1263:        Section defining named pools. Named pools may be referenced by connections
                   1264:        with the **pools** option to assign virtual IPs and other configuration
                   1265:        attributes.
                   1266: 
                   1267: pools.<name> { # }
                   1268:        Section defining a single pool with a unique name.
                   1269: 
                   1270: pools.<name>.addrs =
                   1271:        Addresses allocated in pool.
                   1272: 
                   1273:        Subnet or range defining addresses allocated in pool. Accepts a single CIDR
                   1274:        subnet defining the pool to allocate addresses from or an address range
                   1275:        (<from>-<to>).  Pools must be unique and non-overlapping.
                   1276: 
                   1277: pools.<name>.<attr> =
                   1278:        Comma separated list of additional attributes from type <attr>.
                   1279: 
                   1280:        Comma separated list of additional attributes of type **<attr>**. The
                   1281:        attribute type may be one of _dns_, _nbns_, _dhcp_, _netmask_, _server_,
                   1282:        _subnet_, _split_include_ and _split_exclude_ to define addresses or CIDR
                   1283:        subnets for the corresponding attribute types. Alternatively, **<attr>** can
                   1284:        be a numerical identifier, for which string attribute values are accepted
                   1285:        as well.
                   1286: 
                   1287: authorities { # }
                   1288:        Section defining attributes of certification authorities.
                   1289: 
                   1290: authorities.<name> { # }
                   1291:        Section defining a certification authority with a unique name.
                   1292: 
                   1293: authorities.<name>.cacert =
                   1294:        CA certificate belonging to the certification authority.
                   1295: 
                   1296:        CA certificate belonging to the certification authority. The certificates
                   1297:        may use a relative path from the **swanctl** _x509ca_ directory or an
                   1298:        absolute path.
                   1299: 
                   1300:        Configure one of _cacert_, _file_, or _handle_ per section.
                   1301: 
                   1302: authorities.<name>.file =
                   1303:        Absolute path to the certificate to load.
                   1304: 
                   1305:        Absolute path to the certificate to load. Passed as-is to the daemon, so it
                   1306:        must be readable by it.
                   1307: 
                   1308:        Configure one of _cacert_, _file_, or _handle_ per section.
                   1309: 
                   1310: authorities.<name>.handle =
                   1311:        Hex-encoded CKA_ID of the CA certificate on a token.
                   1312: 
                   1313:        Hex-encoded CKA_ID of the CA certificate on a token.
                   1314: 
                   1315:        Configure one of _cacert_, _file_, or _handle_ per section.
                   1316: 
                   1317: authorities.<name>.slot =
                   1318:        Optional slot number of the token that stores the CA certificate.
                   1319: 
                   1320: authorities.<name>.module =
                   1321:        Optional PKCS#11 module name.
                   1322: 
                   1323: authorities.<name>.crl_uris =
                   1324:        Comma-separated list of CRL distribution points.
                   1325: 
                   1326:        Comma-separated list of CRL distribution points (ldap, http, or file URI).
                   1327: 
                   1328: authorities.<name>.ocsp_uris =
                   1329:        Comma-separated list of OCSP URIs.
                   1330: 
                   1331: authorities.<name>.cert_uri_base =
                   1332:        Defines the base URI for the Hash and URL feature supported by IKEv2.
                   1333: 
                   1334:        Defines the base URI for the Hash and URL feature supported by IKEv2.
                   1335:        Instead of exchanging complete certificates, IKEv2 allows one to send an
                   1336:        URI that resolves to the DER encoded certificate. The certificate URIs are
                   1337:        built by appending the SHA1 hash of the DER encoded certificates to this
                   1338:        base URI.
                   1339: 
                   1340: include conf.d/*.conf
                   1341:        Include config snippets

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>