1: connections { # }
2: Section defining IKE connection configurations.
3:
4: Section defining IKE connection configurations.
5:
6: The connections section defines IKE connection configurations, each in
7: its own subsections. In the keyword description below, the connection
8: is named _<conn>_, but an arbitrary yet unique connection name can be
9: chosen for each connection subsection.
10:
11: connections.<conn> { # }
12: Section for an IKE connection named <conn>.
13:
14: connections.<conn>.version = 0
15: IKE major version to use for connection.
16:
17: IKE major version to use for connection. _1_ uses IKEv1 aka ISAKMP, _2_
18: uses IKEv2. A connection using the default of _0_ accepts both IKEv1
19: and IKEv2 as responder, and initiates the connection actively with IKEv2.
20:
21: connections.<conn>.local_addrs = %any
22: Local address(es) to use for IKE communication, comma separated.
23:
24: Local address(es) to use for IKE communication, comma separated. Takes
25: single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
26:
27: As initiator, the first non-range/non-subnet is used to initiate the
28: connection from. As responder, the local destination address must match at
29: least to one of the specified addresses, subnets or ranges.
30:
31: If FQDNs are assigned they are resolved every time a configuration lookup
32: is done. If DNS resolution times out, the lookup is delayed for that time.
33:
34: connections.<conn>.remote_addrs = %any
35: Remote address(es) to use for IKE communication, comma separated.
36:
37: Remote address(es) to use for IKE communication, comma separated. Takes
38: single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
39:
40: As initiator, the first non-range/non-subnet is used to initiate the
41: connection to. As responder, the initiator source address must match at
42: least to one of the specified addresses, subnets or ranges.
43:
44: If FQDNs are assigned they are resolved every time a configuration lookup
45: is done. If DNS resolution times out, the lookup is delayed for that time.
46:
47: To initiate a connection, at least one specific address or DNS name must
48: be specified.
49:
50: connections.<conn>.local_port = 500
51: Local UDP port for IKE communication.
52:
53: Local UDP port for IKE communication. By default the port of the socket
54: backend is used, which is usually _500_. If port _500_ is used, automatic
55: IKE port floating to port 4500 is used to work around NAT issues.
56:
57: Using a non-default local IKE port requires support from the socket backend
58: in use (socket-dynamic).
59:
60: connections.<conn>.remote_port = 500
61: Remote UDP port for IKE communication.
62:
63: Remote UDP port for IKE communication. If the default of port _500_ is used,
64: automatic IKE port floating to port 4500 is used to work around NAT issues.
65:
66: connections.<conn>.proposals = default
67: Comma separated proposals to accept for IKE.
68:
69: A proposal is a set of algorithms. For non-AEAD algorithms, this includes
70: for IKE an encryption algorithm, an integrity algorithm, a pseudo random
71: function and a Diffie-Hellman group. For AEAD algorithms, instead of
72: encryption and integrity algorithms, a combined algorithm is used.
73:
74: In IKEv2, multiple algorithms of the same kind can be specified in a single
75: proposal, from which one gets selected. In IKEv1, only one algorithm per
76: kind is allowed per proposal, more algorithms get implicitly stripped. Use
77: multiple proposals to offer different algorithms combinations in IKEv1.
78:
79: Algorithm keywords get separated using dashes. Multiple proposals may be
80: separated by commas. The special value _default_ forms a default proposal
81: of supported algorithms considered safe, and is usually a good choice
82: for interoperability.
83:
84: connections.<conn>.vips =
85: Virtual IPs to request in configuration payload / Mode Config.
86:
87: Comma separated list of virtual IPs to request in IKEv2 configuration
88: payloads or IKEv1 Mode Config. The wildcard addresses _0.0.0.0_ and _::_
89: request an arbitrary address, specific addresses may be defined. The
90: responder may return a different address, though, or none at all.
91:
92: connections.<conn>.aggressive = no
93: Use Aggressive Mode in IKEv1.
94:
95: Enables Aggressive Mode instead of Main Mode with Identity Protection.
96: Aggressive Mode is considered less secure, because the ID and HASH
97: payloads are exchanged unprotected. This allows a passive attacker to
98: snoop peer identities, and even worse, start dictionary attacks on the
99: Preshared Key.
100:
101: connections.<conn>.pull = yes
102: Set the Mode Config mode to use.
103:
104: If the default of _yes_ is used, Mode Config works in pull mode, where
105: the initiator actively requests a virtual IP. With _no_, push mode is used,
106: where the responder pushes down a virtual IP to the initiating peer.
107:
108: Push mode is currently supported for IKEv1, but not in IKEv2. It is used
109: by a few implementations only, pull mode is recommended.
110:
111: connections.<conn>.dscp = 000000
112: Differentiated Services Field Codepoint to set on outgoing IKE packets (six
113: binary digits).
114:
115: Differentiated Services Field Codepoint to set on outgoing IKE packets for
116: this connection. The value is a six digit binary encoded string specifying
117: the Codepoint to set, as defined in RFC 2474.
118:
119: connections.<conn>.encap = no
120: Enforce UDP encapsulation by faking NAT-D payloads.
121:
122: To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
123: NAT detection payloads. This makes the peer believe that NAT takes
124: place on the path, forcing it to encapsulate ESP packets in UDP.
125:
126: Usually this is not required, but it can help to work around connectivity
127: issues with too restrictive intermediary firewalls.
128:
129: connections.<conn>.mobike = yes
130: Enables MOBIKE on IKEv2 connections.
131:
132: Enables MOBIKE on IKEv2 connections. MOBIKE is enabled by default on IKEv2
133: connections, and allows mobility of clients and multi-homing on servers by
134: migrating active IPsec tunnels.
135:
136: Usually keeping MOBIKE enabled is unproblematic, as it is not used if the
137: peer does not indicate support for it. However, due to the design of MOBIKE,
138: IKEv2 always floats to port 4500 starting from the second exchange. Some
139: implementations don't like this behavior, hence it can be disabled.
140:
141: connections.<conn>.dpd_delay = 0s
142: Interval of liveness checks (DPD).
143:
144: Interval to check the liveness of a peer actively using IKEv2 INFORMATIONAL
145: exchanges or IKEv1 R_U_THERE messages. Active DPD checking is only enforced
146: if no IKE or ESP/AH packet has been received for the configured DPD delay.
147:
148: connections.<conn>.dpd_timeout = 0s
149: Timeout for DPD checks (IKEV1 only).
150:
151: Charon by default uses the normal retransmission mechanism and timeouts to
152: check the liveness of a peer, as all messages are used for liveness
153: checking. For compatibility reasons, with IKEv1 a custom interval may be
154: specified; this option has no effect on connections using IKE2.
155:
156: connections.<conn>.fragmentation = yes
157: Use IKE UDP datagram fragmentation (_yes_, _accept_, _no_ or _force_).
158:
159: Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
160: fragmentation). Acceptable values are _yes_ (the default), _accept_,
161: _force_ and _no_. If set to _yes_, and the peer supports it, oversized IKE
162: messages will be sent in fragments. If set to _accept_, support for
163: fragmentation is announced to the peer but the daemon does not send its own
164: messages in fragments. If set to _force_ (only supported for IKEv1) the
165: initial IKE message will already be fragmented if required. Finally, setting
166: the option to _no_ will disable announcing support for this feature.
167:
168: Note that fragmented IKE messages sent by a peer are always accepted
169: irrespective of the value of this option (even when set to _no_).
170:
171: connections.<conn>.childless = allow
172: Use childless IKE_SA initiation (_allow_, _force_ or _never_).
173:
174: Use childless IKE_SA initiation (RFC 6023) for IKEv2. Acceptable values
175: are _allow_ (the default), _force_ and _never_. If set to _allow_,
176: responders will accept childless IKE_SAs (as indicated via notify in the
177: IKE_SA_INIT response) while initiators continue to create regular IKE_SAs
178: with the first CHILD_SA created during IKE_AUTH, unless the IKE_SA is
179: initiated explicitly without any children (which will fail if the responder
180: does not support or has disabled this extension). If set to _force_, only
181: childless initiation is accepted and the first CHILD_SA is created with a
182: separate CREATE_CHILD_SA exchange (e.g. to use an independent DH exchange
183: for all CHILD_SAs). Finally, setting the option to _never_ disables support
184: for childless IKE_SAs as responder.
185:
186: connections.<conn>.send_certreq = yes
187: Send certificate requests payloads (_yes_ or _no_).
188:
189: Send certificate request payloads to offer trusted root CA certificates
190: to the peer. Certificate requests help the peer to choose an appropriate
191: certificate/private key for authentication and are enabled by default.
192:
193: Disabling certificate requests can be useful if too many trusted root CA
194: certificates are installed, as each certificate request increases the size
195: of the initial IKE packets.
196:
197: connections.<conn>.send_cert = ifasked
198: Send certificate payloads (_always_, _never_ or _ifasked_).
199:
200: Send certificate payloads when using certificate authentication. With the
201: default of _ifasked_ the daemon sends certificate payloads only if
202: certificate requests have been received. _never_ disables sending of
203: certificate payloads altogether, _always_ causes certificate payloads to be
204: sent unconditionally whenever certificate authentication is used.
205:
206: connections.<conn>.ppk_id =
207: String identifying the Postquantum Preshared Key (PPK) to be used.
208:
209: connections.<conn>.ppk_required = no
210: Whether a Postquantum Preshared Key (PPK) is required for this connection.
211:
212: connections.<conn>.keyingtries = 1
213: Number of retransmission sequences to perform during initial connect.
214:
215: Number of retransmission sequences to perform during initial connect.
216: Instead of giving up initiation after the first retransmission sequence with
217: the default value of _1_, additional sequences may be started according to
218: the configured value. A value of _0_ initiates a new sequence until the
219: connection establishes or fails with a permanent error.
220:
221: connections.<conn>.unique = no
222: Connection uniqueness policy (_never_, _no_, _keep_ or _replace_).
223:
224: Connection uniqueness policy to enforce. To avoid multiple connections
225: from the same user, a uniqueness policy can be enforced. The value _never_
226: does never enforce such a policy, even if a peer included INITIAL_CONTACT
227: notification messages, whereas _no_ replaces existing connections for the
228: same identity if a new one has the INITIAL_CONTACT notify. _keep_ rejects
229: new connection attempts if the same user already has an active connection,
230: _replace_ deletes any existing connection if a new one for the same user
231: gets established.
232:
233: To compare connections for uniqueness, the remote IKE identity is used. If
234: EAP or XAuth authentication is involved, the EAP-Identity or XAuth username
235: is used to enforce the uniqueness policy instead.
236:
237: On initiators this setting specifies whether an INITIAL_CONTACT notify is
238: sent during IKE_AUTH if no existing connection is found with the remote
239: peer (determined by the identities of the first authentication round).
240: Unless set to _never_ the client will send a notify.
241:
242: connections.<conn>.reauth_time = 0s
243: Time to schedule IKE reauthentication.
244:
245: Time to schedule IKE reauthentication. IKE reauthentication recreates the
246: IKE/ISAKMP SA from scratch and re-evaluates the credentials. In asymmetric
247: configurations (with EAP or configuration payloads) it might not be possible
248: to actively reauthenticate as responder. The IKEv2 reauthentication lifetime
249: negotiation can instruct the client to perform reauthentication.
250:
251: Reauthentication is disabled by default. Enabling it usually may lead
252: to small connection interruptions, as strongSwan uses a break-before-make
253: policy with IKEv2 to avoid any conflicts with associated tunnel resources.
254:
255: connections.<conn>.rekey_time = 4h
256: Time to schedule IKE rekeying.
257:
258: IKE rekeying refreshes key material using a Diffie-Hellman exchange, but
259: does not re-check associated credentials. It is supported in IKEv2 only,
260: IKEv1 performs a reauthentication procedure instead.
261:
262: With the default value IKE rekeying is scheduled every 4 hours, minus the
263: configured **rand_time**. If a **reauth_time** is configured, **rekey_time**
264: defaults to zero disabling rekeying; explicitly set both to enforce
265: rekeying and reauthentication.
266:
267: connections.<conn>.over_time = 10% of rekey_time/reauth_time
268: Hard IKE_SA lifetime if rekey/reauth does not complete, as time.
269:
270: Hard IKE_SA lifetime if rekey/reauth does not complete, as time.
271: To avoid having an IKE/ISAKMP kept alive if IKE reauthentication or rekeying
272: fails perpetually, a maximum hard lifetime may be specified. If the
273: IKE_SA fails to rekey or reauthenticate within the specified time, the
274: IKE_SA gets closed.
275:
276: In contrast to CHILD_SA rekeying, **over_time** is relative in time to the
277: **rekey_time** _and_ **reauth_time** values, as it applies to both.
278:
279: The default is 10% of the longer of **rekey_time** and **reauth_time**.
280:
281: connections.<conn>.rand_time = over_time
282: Range of random time to subtract from rekey/reauth times.
283:
284: Time range from which to choose a random value to subtract from
285: rekey/reauth times. To avoid having both peers initiating the rekey/reauth
286: procedure simultaneously, a random time gets subtracted from the
287: rekey/reauth times.
288:
289: The default is equal to the configured **over_time**.
290:
291: connections.<conn>.pools =
292: Comma separated list of named IP pools.
293:
294: Comma separated list of named IP pools to allocate virtual IP addresses and
295: other configuration attributes from. Each name references a pool by name
296: from either the **pools** section or an external pool.
297:
298: connections.<conn>.if_id_in = 0
299: Default inbound XFRM interface ID for children.
300:
301: XFRM interface ID set on inbound policies/SA, can be overridden by child
302: config, see there for details.
303:
304: connections.<conn>.if_id_out = 0
305: Default outbound XFRM interface ID for children.
306:
307: XFRM interface ID set on outbound policies/SA, can be overridden by child
308: config, see there for details.
309:
310: connections.<conn>.mediation = no
311: Whether this connection is a mediation connection.
312:
313: Whether this connection is a mediation connection, that is, whether this
314: connection is used to mediate other connections using the IKEv2 Mediation
315: Extension. Mediation connections create no CHILD_SA.
316:
317: connections.<conn>.mediated_by =
318: The name of the connection to mediate this connection through.
319:
320: The name of the connection to mediate this connection through. If given, the
321: connection will be mediated through the named mediation connection.
322: The mediation connection must have **mediation** enabled.
323:
324: connections.<conn>.mediation_peer =
325: Identity under which the peer is registered at the mediation server.
326:
327: Identity under which the peer is registered at the mediation server, that
328: is, the IKE identity the other end of this connection uses as its local
329: identity on its connection to the mediation server. This is the identity we
330: request the mediation server to mediate us with. Only relevant on
331: connections that set **mediated_by**. If it is not given, the remote IKE
332: identity of the first authentication round of this connection will be used.
333:
334: connections.<conn>.local<suffix> {}
335: Section for a local authentication round.
336:
337: Section for a local authentication round. A local authentication round
338: defines the rules how authentication is performed for the local peer.
339: Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple Authentication
340: or IKEv1 XAuth.
341:
342: Each round is defined in a section having _local_ as prefix, and an optional
343: unique suffix. To define a single authentication round, the suffix may be
344: omitted.
345:
346: connections.<conn>.local<suffix>.round = 0
347: Optional numeric identifier by which authentication rounds are sorted. If
348: not specified rounds are ordered by their position in the config file/VICI
349: message.
350:
351: connections.<conn>.local<suffix>.certs =
352: Comma separated list of certificate candidates to use for authentication.
353:
354: Comma separated list of certificate candidates to use for authentication.
355: The certificates may use a relative path from the **swanctl** _x509_
356: directory or an absolute path.
357:
358: The certificate used for authentication is selected based on the received
359: certificate request payloads. If no appropriate CA can be located, the
360: first certificate is used.
361:
362: connections.<conn>.local<suffix>.cert<suffix> =
363: Section for a certificate candidate to use for authentication.
364:
365: Section for a certificate candidate to use for authentication. Certificates
366: in _certs_ are transmitted as binary blobs, these sections offer more
367: flexibility.
368:
369: connections.<conn>.local<suffix>.cert<suffix>.file =
370: Absolute path to the certificate to load.
371:
372: Absolute path to the certificate to load. Passed as-is to the daemon, so it
373: must be readable by it.
374:
375: Configure either this or _handle_, but not both, in one section.
376:
377: connections.<conn>.local<suffix>.cert<suffix>.handle =
378: Hex-encoded CKA_ID of the certificate on a token.
379:
380: Hex-encoded CKA_ID of the certificate on a token.
381:
382: Configure either this or _file_, but not both, in one section.
383:
384: connections.<conn>.local<suffix>.cert<suffix>.slot =
385: Optional slot number of the token that stores the certificate.
386:
387: connections.<conn>.local<suffix>.cert<suffix>.module =
388: Optional PKCS#11 module name.
389:
390: connections.<conn>.local<suffix>.pubkeys =
391: Comma separated list of raw public key candidates to use for authentication.
392:
393: Comma separated list of raw public key candidates to use for authentication.
394: The public keys may use a relative path from the **swanctl** _pubkey_
395: directory or an absolute path.
396:
397: Even though multiple local public keys could be defined in principle, only
398: the first public key in the list is used for authentication.
399:
400: connections.<conn>.local<suffix>.auth = pubkey
401: Authentication to perform locally (_pubkey_, _psk_, _xauth[-backend]_ or
402: _eap[-method]_).
403:
404: Authentication to perform locally. _pubkey_ uses public key authentication
405: using a private key associated to a usable certificate. _psk_ uses
406: pre-shared key authentication. The IKEv1 specific _xauth_ is used for
407: XAuth or Hybrid authentication, while the IKEv2 specific _eap_ keyword
408: defines EAP authentication.
409:
410: For _xauth_, a specific backend name may be appended, separated by a dash.
411: The appropriate _xauth_ backend is selected to perform the XAuth exchange.
412: For traditional XAuth, the _xauth_ method is usually defined in the second
413: authentication round following an initial _pubkey_ (or _psk_) round. Using
414: _xauth_ in the first round performs Hybrid Mode client authentication.
415:
416: For _eap_, a specific EAP method name may be appended, separated by a dash.
417: An EAP module implementing the appropriate method is selected to perform
418: the EAP conversation.
419:
420: If both peers support RFC 7427 ("Signature Authentication in IKEv2")
421: specific hash algorithms to be used during IKEv2 authentication may be
422: configured. To do so use _ike:_ followed by a trust chain signature scheme
423: constraint (see description of the **remote** section's **auth** keyword).
424: For example, with _ike:pubkey-sha384-sha256_ a public key signature scheme
425: with either SHA-384 or SHA-256 would get used for authentication, in that
426: order and depending on the hash algorithms supported by the peer. If no
427: specific hash algorithms are configured, the default is to prefer an
428: algorithm that matches or exceeds the strength of the signature key.
429: If no constraints with _ike:_ prefix are configured any signature scheme
430: constraint (without _ike:_ prefix) will also apply to IKEv2 authentication,
431: unless this is disabled in **strongswan.conf**(5). To use RSASSA-PSS
432: signatures use _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g.
433: _ike:rsa/pss-sha256_. If _pubkey_ or _rsa_ constraints are configured
434: RSASSA-PSS signatures will only be used if enabled in
435: **strongswan.conf**(5).
436:
437: connections.<conn>.local<suffix>.id =
438: IKE identity to use for authentication round.
439:
440: IKE identity to use for authentication round. When using certificate
441: authentication, the IKE identity must be contained in the certificate,
442: either as subject or as subjectAltName.
443:
444: The identity can be an IP address, a fully-qualified domain name, an email
445: address or a Distinguished Name for which the ID type is determined
446: automatically and the string is converted to the appropriate encoding. To
447: enforce a specific identity type, a prefix may be used, followed by a colon
448: (:). If the number sign (#) follows the colon, the remaining data is
449: interpreted as hex encoding, otherwise the string is used as-is as the
450: identification data. Note that this implies that no conversion is performed
451: for non-string identities. For example, _ipv4:10.0.0.1_ does not create a
452: valid ID_IPV4_ADDR IKE identity, as it does not get converted to binary
453: 0x0a000001. Instead, one could use _ipv4:#0a000001_ to get a valid identity,
454: but just using the implicit type with automatic conversion is usually
455: simpler. The same applies to the ASN1 encoded types. The following prefixes
456: are known: _ipv4_, _ipv6_, _rfc822_, _email_, _userfqdn_, _fqdn_, _dns_,
457: _asn1dn_, _asn1gn_ and _keyid_. Custom type prefixes may be specified by
458: surrounding the numerical type value by curly brackets.
459:
460: connections.<conn>.local<suffix>.eap_id = id
461: Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
462:
463: connections.<conn>.local<suffix>.aaa_id = remote-id
464: Server side EAP-Identity to expect in the EAP method.
465:
466: Server side EAP-Identity to expect in the EAP method. Some EAP methods, such
467: as EAP-TLS, use an identity for the server to perform mutual authentication.
468: This identity may differ from the IKE identity, especially when EAP
469: authentication is delegated from the IKE responder to an AAA backend.
470:
471: For EAP-(T)TLS, this defines the identity for which the server must provide
472: a certificate in the TLS exchange.
473:
474: connections.<conn>.local<suffix>.xauth_id = id
475: Client XAuth username used in the XAuth exchange.
476:
477: connections.<conn>.remote<suffix> {}
478: Section for a remote authentication round.
479:
480: Section for a remote authentication round. A remote authentication round
481: defines the constraints how the peers must authenticate to use this
482: connection. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple
483: Authentication or IKEv1 XAuth.
484:
485: Each round is defined in a section having _remote_ as prefix, and an
486: optional unique suffix. To define a single authentication round, the suffix
487: may be omitted.
488:
489: connections.<conn>.remote<suffix>.round = 0
490: Optional numeric identifier by which authentication rounds are sorted. If
491: not specified rounds are ordered by their position in the config file/VICI
492: message.
493:
494: connections.<conn>.remote<suffix>.id = %any
495: IKE identity to expect for authentication round.
496:
497: IKE identity to expect for authentication round. Refer to the **local**
498: section's **id** keyword for details.
499:
500: It's possible to use wildcards to match remote identities (e.g.
501: _*@strongswan.org_, _*.strongswan.org_, or _C=CH,O=strongSwan,CN=*_).
502: Connections with exact matches are preferred. When using distinguished names
503: with wildcards, the _charon.rdn_matching_ option in **strongswan.conf**(5)
504: specifies how RDNs are matched.
505:
506: connections.<conn>.remote<suffix>.eap_id = id
507: Identity to use as peer identity during EAP authentication.
508:
509: Identity to use as peer identity during EAP authentication. If set to _%any_
510: the EAP-Identity method will be used to ask the client for an identity.
511:
512: connections.<conn>.remote<suffix>.groups =
513: Authorization group memberships to require.
514:
515: Comma separated authorization group memberships to require. The peer must
516: prove membership to at least one of the specified groups. Group membership
517: can be certified by different means, for example by appropriate Attribute
518: Certificates or by an AAA backend involved in the authentication.
519:
520: connections.<conn>.remote<suffix>.cert_policy =
521: Certificate policy OIDs the peer's certificate must have.
522:
523: Comma separated list of certificate policy OIDs the peer's certificate must
524: have. OIDs are specified using the numerical dotted representation.
525:
526: connections.<conn>.remote<suffix>.certs =
527: Comma separated list of certificate to accept for authentication.
528:
529: Comma separated list of certificates to accept for authentication.
530: The certificates may use a relative path from the **swanctl** _x509_
531: directory or an absolute path.
532:
533: connections.<conn>.remote<suffix>.cert<suffix> =
534: Section for a certificate to accept for authentication.
535:
536: Section for a certificate to accept for authentication. Certificates
537: in _certs_ are transmitted as binary blobs, these sections offer more
538: flexibility.
539:
540: connections.<conn>.remote<suffix>.cert<suffix>.file =
541: Absolute path to the certificate to load.
542:
543: Absolute path to the certificate to load. Passed as-is to the daemon, so it
544: must be readable by it.
545:
546: Configure either this or _handle_, but not both, in one section.
547:
548: connections.<conn>.remote<suffix>.cert<suffix>.handle =
549: Hex-encoded CKA_ID of the certificate on a token.
550:
551: Hex-encoded CKA_ID of the certificate on a token.
552:
553: Configure either this or _file_, but not both, in one section.
554:
555: connections.<conn>.remote<suffix>.cert<suffix>.slot =
556: Optional slot number of the token that stores the certificate.
557:
558: connections.<conn>.remote<suffix>.cert<suffix>.module =
559: Optional PKCS#11 module name.
560:
561: connections.<conn>.remote<suffix>.cacerts =
562: Comma separated list of CA certificates to accept for authentication.
563:
564: Comma separated list of CA certificates to accept for authentication.
565: The certificates may use a relative path from the **swanctl** _x509ca_
566: directory or an absolute path.
567:
568: connections.<conn>.remote<suffix>.cacert<suffix> =
569: Section for a CA certificate to accept for authentication.
570:
571: Section for a CA certificate to accept for authentication. Certificates
572: in _cacerts_ are transmitted as binary blobs, these sections offer more
573: flexibility.
574:
575: connections.<conn>.remote<suffix>.cacert<suffix>.file =
576: Absolute path to the certificate to load.
577:
578: Absolute path to the certificate to load. Passed as-is to the daemon, so it
579: must be readable by it.
580:
581: Configure either this or _handle_, but not both, in one section.
582:
583: connections.<conn>.remote<suffix>.cacert<suffix>.handle =
584: Hex-encoded CKA_ID of the CA certificate on a token.
585:
586: Hex-encoded CKA_ID of the CA certificate on a token.
587:
588: Configure either this or _file_, but not both, in one section.
589:
590: connections.<conn>.remote<suffix>.cacert<suffix>.slot =
591: Optional slot number of the token that stores the CA certificate.
592:
593: connections.<conn>.remote<suffix>.cacert<suffix>.module =
594: Optional PKCS#11 module name.
595:
596: connections.<conn>.remote<suffix>.ca_id =
597: Identity in CA certificate to accept for authentication.
598:
599: The specified identity must be contained in one (intermediate) CA
600: of the remote peer trustchain, either as subject or as subjectAltName.
601: This has the same effect as specifying _cacerts_ to force clients under
602: a CA to specific connections; it does not require the CA certificate to
603: be available locally, and can be received from the peer during the
604: IKE exchange.
605:
606: connections.<conn>.remote<suffix>.pubkeys =
607: Comma separated list of raw public keys to accept for authentication.
608:
609: Comma separated list of raw public keys to accept for authentication.
610: The public keys may use a relative path from the **swanctl** _pubkey_
611: directory or an absolute path.
612:
613: connections.<conn>.remote<suffix>.revocation = relaxed
614: Certificate revocation policy, (_strict_, _ifuri_ or _relaxed_).
615:
616: Certificate revocation policy for CRL or OCSP revocation.
617:
618: A _strict_ revocation policy fails if no revocation information is
619: available, i.e. the certificate is not known to be unrevoked.
620:
621: _ifuri_ fails only if a CRL/OCSP URI is available, but certificate
622: revocation checking fails, i.e. there should be revocation information
623: available, but it could not be obtained.
624:
625: The default revocation policy _relaxed_ fails only if a certificate
626: is revoked, i.e. it is explicitly known that it is bad.
627:
628: connections.<conn>.remote<suffix>.auth = pubkey
629: Authentication to expect from remote (_pubkey_, _psk_, _xauth[-backend]_ or
630: _eap[-method]_).
631:
632: Authentication to expect from remote. See the **local** section's **auth**
633: keyword description about the details of supported mechanisms.
634:
635: To require a trustchain public key strength for the remote side, specify the
636: key type followed by the minimum strength in bits (for example _ecdsa-384_
637: or _rsa-2048-ecdsa-256_). To limit the acceptable set of hashing algorithms
638: for trustchain validation, append hash algorithms to _pubkey_ or a key
639: strength definition (for example _pubkey-sha256-sha512_,
640: _rsa-2048-sha256-sha384-sha512_ or
641: _rsa-2048-sha256-ecdsa-256-sha256-sha384_).
642: Unless disabled in **strongswan.conf**(5), or explicit IKEv2 signature
643: constraints are configured (refer to the description of the **local**
644: section's **auth** keyword for details), such key types and hash algorithms
645: are also applied as constraints against IKEv2 signature authentication
646: schemes used by the remote side. To require RSASSA-PSS signatures use
647: _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g. _rsa/pss-sha256_. If
648: _pubkey_ or _rsa_ constraints are configured RSASSA-PSS signatures will only
649: be accepted if enabled in **strongswan.conf**(5).
650:
651: To specify trust chain constraints for EAP-(T)TLS, append a colon to the
652: EAP method, followed by the key type/size and hash algorithm as discussed
653: above (e.g. _eap-tls:ecdsa-384-sha384_).
654:
655: connections.<conn>.children.<child> {}
656: CHILD_SA configuration sub-section.
657:
658: CHILD_SA configuration sub-section. Each connection definition may have
659: one or more sections in its _children_ subsection. The section name
660: defines the name of the CHILD_SA configuration, which must be unique within
661: the connection.
662:
663: connections.<conn>.children.<child>.ah_proposals =
664: AH proposals to offer for the CHILD_SA.
665:
666: AH proposals to offer for the CHILD_SA. A proposal is a set of algorithms.
667: For AH, this includes an integrity algorithm and an optional Diffie-Hellman
668: group. If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial
669: negotiation uses a separate Diffie-Hellman exchange using the specified
670: group (refer to _esp_proposals_ for details).
671:
672: In IKEv2, multiple algorithms of the same kind can be specified in a single
673: proposal, from which one gets selected. In IKEv1, only one algorithm per
674: kind is allowed per proposal, more algorithms get implicitly stripped. Use
675: multiple proposals to offer different algorithms combinations in IKEv1.
676:
677: Algorithm keywords get separated using dashes. Multiple proposals may be
678: separated by commas. The special value _default_ forms a default proposal
679: of supported algorithms considered safe, and is usually a good choice
680: for interoperability. By default no AH proposals are included, instead ESP
681: is proposed.
682:
683: connections.<conn>.children.<child>.esp_proposals = default
684: ESP proposals to offer for the CHILD_SA.
685:
686: ESP proposals to offer for the CHILD_SA. A proposal is a set of algorithms.
687: For ESP non-AEAD proposals, this includes an integrity algorithm, an
688: encryption algorithm, an optional Diffie-Hellman group and an optional
689: Extended Sequence Number Mode indicator. For AEAD proposals, a combined
690: mode algorithm is used instead of the separate encryption/integrity
691: algorithms.
692:
693: If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial
694: negotiation use a separate Diffie-Hellman exchange using the specified
695: group. However, for IKEv2, the keys of the CHILD_SA created implicitly with
696: the IKE_SA will always be derived from the IKE_SA's key material. So any DH
697: group specified here will only apply when the CHILD_SA is later rekeyed or
698: is created with a separate CREATE_CHILD_SA exchange. A proposal mismatch
699: might, therefore, not immediately be noticed when the SA is established, but
700: may later cause rekeying to fail.
701:
702: Extended Sequence Number support may be indicated with the _esn_ and _noesn_
703: values, both may be included to indicate support for both modes. If omitted,
704: _noesn_ is assumed.
705:
706: In IKEv2, multiple algorithms of the same kind can be specified in a single
707: proposal, from which one gets selected. In IKEv1, only one algorithm per
708: kind is allowed per proposal, more algorithms get implicitly stripped. Use
709: multiple proposals to offer different algorithms combinations in IKEv1.
710:
711: Algorithm keywords get separated using dashes. Multiple proposals may be
712: separated by commas. The special value _default_ forms a default proposal
713: of supported algorithms considered safe, and is usually a good choice
714: for interoperability. If no algorithms are specified for AH nor ESP,
715: the _default_ set of algorithms for ESP is included.
716:
717: connections.<conn>.children.<child>.sha256_96 = no
718: Use incorrect 96-bit truncation for HMAC-SHA-256.
719:
720: HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility
721: with implementations that incorrectly use 96-bit truncation this option may
722: be enabled to configure the shorter truncation length in the kernel. This
723: is not negotiated, so this only works with peers that use the incorrect
724: truncation length (or have this option enabled).
725:
726: connections.<conn>.children.<child>.local_ts = dynamic
727: Local traffic selectors to include in CHILD_SA.
728:
729: Comma separated list of local traffic selectors to include in CHILD_SA.
730: Each selector is a CIDR subnet definition, followed by an optional
731: proto/port selector. The special value _dynamic_ may be used instead of a
732: subnet definition, which gets replaced by the tunnel outer address or the
733: virtual IP, if negotiated. This is the default.
734:
735: A protocol/port selector is surrounded by opening and closing square
736: brackets. Between these brackets, a numeric or **getservent**(3) protocol
737: name may be specified. After the optional protocol restriction, an optional
738: port restriction may be specified, separated by a slash. The port
739: restriction may be numeric, a **getservent**(3) service name, or the special
740: value _opaque_ for RFC 4301 OPAQUE selectors. Port ranges may be specified
741: as well, none of the kernel backends currently support port ranges, though.
742:
743: When IKEv1 is used only the first selector is interpreted, except if
744: the Cisco Unity extension plugin is used. This is due to a limitation of the
745: IKEv1 protocol, which only allows a single pair of selectors per CHILD_SA.
746: So to tunnel traffic matched by several pairs of selectors when using IKEv1
747: several children (CHILD_SAs) have to be defined that cover the selectors.
748:
749: The IKE daemon uses traffic selector narrowing for IKEv1, the same way it is
750: standardized and implemented for IKEv2. However, this may lead to problems
751: with other implementations. To avoid that, configure identical selectors in
752: such scenarios.
753:
754: connections.<conn>.children.<child>.remote_ts = dynamic
755: Remote selectors to include in CHILD_SA.
756:
757: Comma separated list of remote selectors to include in CHILD_SA. See
758: **local_ts** for a description of the selector syntax.
759:
760: connections.<conn>.children.<child>.rekey_time = 1h
761: Time to schedule CHILD_SA rekeying.
762:
763: Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key
764: material, optionally using a Diffie-Hellman exchange if a group is
765: specified in the proposal.
766:
767: To avoid rekey collisions initiated by both ends simultaneously, a value
768: in the range of **rand_time** gets subtracted to form the effective soft
769: lifetime.
770:
771: By default CHILD_SA rekeying is scheduled every hour, minus **rand_time**.
772:
773: connections.<conn>.children.<child>.life_time = rekey_time + 10%
774: Maximum lifetime before CHILD_SA gets closed, as time.
775:
776: Maximum lifetime before CHILD_SA gets closed. Usually this hard lifetime
777: is never reached, because the CHILD_SA gets rekeyed before.
778: If that fails for whatever reason, this limit closes the CHILD_SA.
779:
780: The default is 10% more than the **rekey_time**.
781:
782: connections.<conn>.children.<child>.rand_time = life_time - rekey_time
783: Range of random time to subtract from **rekey_time**.
784:
785: Time range from which to choose a random value to subtract from
786: **rekey_time**. The default is the difference between **life_time** and
787: **rekey_time**.
788:
789: connections.<conn>.children.<child>.rekey_bytes = 0
790: Number of bytes processed before initiating CHILD_SA rekeying.
791:
792: Number of bytes processed before initiating CHILD_SA rekeying. CHILD_SA
793: rekeying refreshes key material, optionally using a Diffie-Hellman exchange
794: if a group is specified in the proposal.
795:
796: To avoid rekey collisions initiated by both ends simultaneously, a value
797: in the range of **rand_bytes** gets subtracted to form the effective soft
798: volume limit.
799:
800: Volume based CHILD_SA rekeying is disabled by default.
801:
802: connections.<conn>.children.<child>.life_bytes = rekey_bytes + 10%
803: Maximum bytes processed before CHILD_SA gets closed.
804:
805: Maximum bytes processed before CHILD_SA gets closed. Usually this hard
806: volume limit is never reached, because the CHILD_SA gets rekeyed before.
807: If that fails for whatever reason, this limit closes the CHILD_SA.
808:
809: The default is 10% more than **rekey_bytes**.
810:
811: connections.<conn>.children.<child>.rand_bytes = life_bytes - rekey_bytes
812: Range of random bytes to subtract from **rekey_bytes**.
813:
814: Byte range from which to choose a random value to subtract from
815: **rekey_bytes**. The default is the difference between **life_bytes** and
816: **rekey_bytes**.
817:
818: connections.<conn>.children.<child>.rekey_packets = 0
819: Number of packets processed before initiating CHILD_SA rekeying.
820:
821: Number of packets processed before initiating CHILD_SA rekeying. CHILD_SA
822: rekeying refreshes key material, optionally using a Diffie-Hellman exchange
823: if a group is specified in the proposal.
824:
825: To avoid rekey collisions initiated by both ends simultaneously, a value
826: in the range of **rand_packets** gets subtracted to form the effective soft
827: packet count limit.
828:
829: Packet count based CHILD_SA rekeying is disabled by default.
830:
831: connections.<conn>.children.<child>.life_packets = rekey_packets + 10%
832: Maximum number of packets processed before CHILD_SA gets closed.
833:
834: Maximum number of packets processed before CHILD_SA gets closed. Usually
835: this hard packets limit is never reached, because the CHILD_SA gets rekeyed
836: before. If that fails for whatever reason, this limit closes the CHILD_SA.
837:
838: The default is 10% more than **rekey_bytes**.
839:
840: connections.<conn>.children.<child>.rand_packets = life_packets - rekey_packets
841: Range of random packets to subtract from **packets_bytes**.
842:
843: Packet range from which to choose a random value to subtract from
844: **rekey_packets**. The default is the difference between **life_packets**
845: and **rekey_packets**.
846:
847: connections.<conn>.children.<child>.updown =
848: Updown script to invoke on CHILD_SA up and down events.
849:
850: connections.<conn>.children.<child>.hostaccess = no
851: Hostaccess variable to pass to **updown** script.
852:
853: connections.<conn>.children.<child>.mode = tunnel
854: IPsec Mode to establish (_tunnel_, _transport_, _transport_proxy_, _beet_,
855: _pass_ or _drop_).
856:
857: IPsec Mode to establish CHILD_SA with. _tunnel_ negotiates the CHILD_SA
858: in IPsec Tunnel Mode, whereas _transport_ uses IPsec Transport Mode.
859: _transport_proxy_ signifying the special Mobile IPv6 Transport Proxy Mode.
860: _beet_ is the Bound End to End Tunnel mixture mode, working with fixed inner
861: addresses without the need to include them in each packet.
862:
863: Both _transport_ and _beet_ modes are subject to mode negotiation; _tunnel_
864: mode is negotiated if the preferred mode is not available.
865:
866: _pass_ and _drop_ are used to install shunt policies which explicitly
867: bypass the defined traffic from IPsec processing or drop it, respectively.
868:
869: connections.<conn>.children.<child>.policies = yes
870: Whether to install IPsec policies or not.
871:
872: Whether to install IPsec policies or not. Disabling this can be useful in
873: some scenarios e.g. MIPv6, where policies are not managed by the IKE daemon.
874:
875: connections.<conn>.children.<child>.policies_fwd_out = no
876: Whether to install outbound FWD IPsec policies or not.
877:
878: Whether to install outbound FWD IPsec policies or not. Enabling this is
879: required in case there is a drop policy that would match and block forwarded
880: traffic for this CHILD_SA.
881:
882: connections.<conn>.children.<child>.dpd_action = clear
883: Action to perform on DPD timeout (_clear_, _trap_ or _restart_).
884:
885: Action to perform for this CHILD_SA on DPD timeout. The default _clear_
886: closes the CHILD_SA and does not take further action. _trap_ installs
887: a trap policy, which will catch matching traffic and tries to re-negotiate
888: the tunnel on-demand. _restart_ immediately tries to re-negotiate the
889: CHILD_SA under a fresh IKE_SA.
890:
891: connections.<conn>.children.<child>.ipcomp = no
892: Enable IPComp compression before encryption.
893:
894: Enable IPComp compression before encryption. If enabled, IKE tries to
895: negotiate IPComp compression to compress ESP payload data prior to
896: encryption.
897:
898: connections.<conn>.children.<child>.inactivity = 0s
899: Timeout before closing CHILD_SA after inactivity.
900:
901: Timeout before closing CHILD_SA after inactivity. If no traffic has
902: been processed in either direction for the configured timeout, the CHILD_SA
903: gets closed due to inactivity. The default value of _0_ disables inactivity
904: checks.
905:
906: connections.<conn>.children.<child>.reqid = 0
907: Fixed reqid to use for this CHILD_SA.
908:
909: Fixed reqid to use for this CHILD_SA. This might be helpful in some
910: scenarios, but works only if each CHILD_SA configuration is instantiated
911: not more than once. The default of _0_ uses dynamic reqids, allocated
912: incrementally.
913:
914: connections.<conn>.children.<child>.priority = 0
915: Optional fixed priority for IPsec policies.
916:
917: Optional fixed priority for IPsec policies. This could be useful to install
918: high-priority drop policies. The default of _0_ uses dynamically calculated
919: priorities based on the size of the traffic selectors.
920:
921: connections.<conn>.children.<child>.interface =
922: Optional interface name to restrict IPsec policies.
923:
924: connections.<conn>.children.<child>.mark_in = 0/0x00000000
925: Netfilter mark and mask for input traffic.
926:
927: Netfilter mark and mask for input traffic. On Linux, Netfilter may require
928: marks on each packet to match an SA/policy having that option set. This
929: allows installing duplicate policies and enables Netfilter rules to select
930: specific SAs/policies for incoming traffic. Note that inbound marks are
931: only set on policies, by default, unless *mark_in_sa* is enabled. The
932: special value _%unique_ sets a unique mark on each CHILD_SA instance, beyond
933: that the value _%unique-dir_ assigns a different unique mark for each
934: CHILD_SA direction (in/out).
935:
936: An additional mask may be appended to the mark, separated by _/_. The
937: default mask if omitted is 0xffffffff.
938:
939: connections.<conn>.children.<child>.mark_in_sa = no
940: Whether to set *mark_in* on the inbound SA.
941:
942: Whether to set *mark_in* on the inbound SA. By default, the inbound mark is
943: only set on the inbound policy. The tuple destination address, protocol and
944: SPI is unique and the mark is not required to find the correct SA, allowing
945: to mark traffic after decryption instead (where more specific selectors may
946: be used) to match different policies. Marking packets before decryption is
947: still possible, even if no mark is set on the SA.
948:
949: connections.<conn>.children.<child>.mark_out = 0/0x00000000
950: Netfilter mark and mask for output traffic.
951:
952: Netfilter mark and mask for output traffic. On Linux, Netfilter may require
953: marks on each packet to match a policy/SA having that option set. This
954: allows installing duplicate policies and enables Netfilter rules to select
955: specific policies/SAs for outgoing traffic. The special value _%unique_ sets
956: a unique mark on each CHILD_SA instance, beyond that the value _%unique-dir_
957: assigns a different unique mark for each CHILD_SA direction (in/out).
958:
959: An additional mask may be appended to the mark, separated by _/_. The
960: default mask if omitted is 0xffffffff.
961:
962: connections.<conn>.children.<child>.set_mark_in = 0/0x00000000
963: Netfilter mark applied to packets after the inbound IPsec SA processed them.
964:
965: Netfilter mark applied to packets after the inbound IPsec SA processed them.
966: This way it's not necessary to mark packets via Netfilter before decryption
967: or right afterwards to match policies or process them differently (e.g. via
968: policy routing).
969:
970: An additional mask may be appended to the mark, separated by _/_. The
971: default mask if omitted is 0xffffffff. The special value _%same_ uses
972: the value (but not the mask) from **mark_in** as mark value, which can be
973: fixed, _%unique_ or _%unique-dir_.
974:
975: Setting marks in XFRM input requires Linux 4.19 or higher.
976:
977: connections.<conn>.children.<child>.set_mark_out = 0/0x00000000
978: Netfilter mark applied to packets after the outbound IPsec SA processed
979: them.
980:
981: Netfilter mark applied to packets after the outbound IPsec SA processed
982: them. This allows processing ESP packets differently than the original
983: traffic (e.g. via policy routing).
984:
985: An additional mask may be appended to the mark, separated by _/_. The
986: default mask if omitted is 0xffffffff. The special value _%same_ uses
987: the value (but not the mask) from **mark_out** as mark value, which can be
988: fixed, _%unique_ or _%unique-dir_.
989:
990: Setting marks in XFRM output is supported since Linux 4.14. Setting a mask
991: requires at least Linux 4.19.
992:
993: connections.<conn>.children.<child>.if_id_in = 0
994: Inbound XFRM interface ID.
995:
996: XFRM interface ID set on inbound policies/SA. This allows installing
997: duplicate policies/SAs and associates them with an interface with the same
998: ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA
999: instance, beyond that the value _%unique-dir_ assigns a different unique
1000: interface ID for each CHILD_SA direction (in/out).
1001:
1002: connections.<conn>.children.<child>.if_id_out = 0
1003: Outbound XFRM interface ID.
1004:
1005: XFRM interface ID set on outbound policies/SA. This allows installing
1006: duplicate policies/SAs and associates them with an interface with the same
1007: ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA
1008: instance, beyond that the value _%unique-dir_ assigns a different unique
1009: interface ID for each CHILD_SA direction (in/out).
1010:
1011: The daemon will not install routes for CHILD_SAs that have this option set.
1012:
1013: connections.<conn>.children.<child>.tfc_padding = 0
1014: Traffic Flow Confidentiality padding.
1015:
1016: Pads ESP packets with additional data to have a consistent ESP packet size
1017: for improved Traffic Flow Confidentiality. The padding defines the minimum
1018: size of all ESP packets sent.
1019:
1020: The default value of 0 disables TFC padding, the special value _mtu_ adds
1021: TFC padding to create a packet size equal to the Path Maximum Transfer Unit.
1022:
1023: connections.<conn>.children.<child>.replay_window = 32
1024: IPsec replay window to configure for this CHILD_SA.
1025:
1026: IPsec replay window to configure for this CHILD_SA. Larger values than the
1027: default of 32 are supported using the Netlink backend only, a value of 0
1028: disables IPsec replay protection.
1029:
1030: connections.<conn>.children.<child>.hw_offload = no
1031: Enable hardware offload for this CHILD_SA, if supported by the IPsec
1032: implementation.
1033:
1034: Enable hardware offload for this CHILD_SA, if supported by the IPsec
1035: implementation. The value _yes_ enforces offloading and the installation
1036: will fail if it's not supported by either kernel or device. The value _auto_
1037: enables offloading, if it's supported, but the installation does not fail
1038: otherwise.
1039:
1040: connections.<conn>.children.<child>.copy_df = yes
1041: Whether to copy the DF bit to the outer IPv4 header in tunnel mode.
1042:
1043: Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This
1044: effectively disables Path MTU discovery (PMTUD). Controlling this behavior
1045: is not supported by all kernel interfaces.
1046:
1047: connections.<conn>.children.<child>.copy_ecn = yes
1048: Whether to copy the ECN header field to/from the outer IP header in tunnel
1049: mode.
1050:
1051: Whether to copy the ECN (Explicit Congestion Notification) header field
1052: to/from the outer IP header in tunnel mode. Controlling this behavior is not
1053: supported by all kernel interfaces.
1054:
1055: connections.<conn>.children.<child>.copy_dscp = out
1056: Whether to copy the DSCP header field to/from the outer IP header in tunnel
1057: mode.
1058:
1059: Whether to copy the DSCP (Differentiated Services Field Codepoint) header
1060: field to/from the outer IP header in tunnel mode. The value _out_ only
1061: copies the field from the inner to the outer header, the value _in_ does the
1062: opposite and only copies the field from the outer to the inner header when
1063: decapsulating, the value _yes_ copies the field in both directions, and the
1064: value _no_ disables copying the field altogether. Setting this to _yes_ or
1065: _in_ could allow an attacker to adversely affect other traffic at the
1066: receiver, which is why the default is _out_. Controlling this behavior is
1067: not supported by all kernel interfaces.
1068:
1069: connections.<conn>.children.<child>.start_action = none
1070: Action to perform after loading the configuration (_none_, _trap_, _start_).
1071:
1072: Action to perform after loading the configuration. The default of _none_
1073: loads the connection only, which then can be manually initiated or used as
1074: a responder configuration.
1075:
1076: The value _trap_ installs a trap policy, which triggers the tunnel as soon
1077: as matching traffic has been detected. The value _start_ initiates
1078: the connection actively.
1079:
1080: When unloading or replacing a CHILD_SA configuration having a
1081: **start_action** different from _none_, the inverse action is performed.
1082: Configurations with _start_ get closed, while such with _trap_ get
1083: uninstalled.
1084:
1085: connections.<conn>.children.<child>.close_action = none
1086: Action to perform after a CHILD_SA gets closed (_none_, _trap_, _start_).
1087:
1088: Action to perform after a CHILD_SA gets closed by the peer. The default of
1089: _none_ does not take any action, _trap_ installs a trap policy for the
1090: CHILD_SA. _start_ tries to re-create the CHILD_SA.
1091:
1092: **close_action** does not provide any guarantee that the CHILD_SA is kept
1093: alive. It acts on explicit close messages only, but not on negotiation
1094: failures. Use trap policies to reliably re-create failed CHILD_SAs.
1095:
1096: secrets { # }
1097: Section defining secrets for IKE/EAP/XAuth authentication and private
1098: key decryption.
1099:
1100: Section defining secrets for IKE/EAP/XAuth authentication and private key
1101: decryption. The **secrets** section takes sub-sections having a specific
1102: prefix which defines the secret type.
1103:
1104: It is not recommended to define any private key decryption passphrases,
1105: as then there is no real security benefit in having encrypted keys. Either
1106: store the key unencrypted or enter the keys manually when loading
1107: credentials.
1108:
1109: secrets.eap<suffix> { # }
1110: EAP secret section for a specific secret.
1111:
1112: EAP secret section for a specific secret. Each EAP secret is defined in
1113: a unique section having the _eap_ prefix. EAP secrets are used for XAuth
1114: authentication as well.
1115:
1116: secrets.xauth<suffix> { # }
1117: XAuth secret section for a specific secret.
1118:
1119: XAuth secret section for a specific secret. **xauth** is just an alias
1120: for **eap**, secrets under both section prefixes are used for both EAP and
1121: XAuth authentication.
1122:
1123: secrets.eap<suffix>.secret =
1124: Value of the EAP/XAuth secret.
1125:
1126: Value of the EAP/XAuth secret. It may either be an ASCII string, a hex
1127: encoded string if it has a _0x_ prefix or a Base64 encoded string if it
1128: has a _0s_ prefix in its value.
1129:
1130: secrets.eap<suffix>.id<suffix> =
1131: Identity the EAP/XAuth secret belongs to.
1132:
1133: Identity the EAP/XAuth secret belongs to. Multiple unique identities may
1134: be specified, each having an _id_ prefix, if a secret is shared between
1135: multiple users.
1136:
1137: secrets.ntlm<suffix> { # }
1138: NTLM secret section for a specific secret.
1139:
1140: NTLM secret section for a specific secret. Each NTLM secret is defined in
1141: a unique section having the _ntlm_ prefix. NTLM secrets may only be used for
1142: EAP-MSCHAPv2 authentication.
1143:
1144: secrets.ntlm<suffix>.secret =
1145: Value of the NTLM secret.
1146:
1147: Value of the NTLM secret, which is the NT Hash of the actual secret, that
1148: is, MD4(UTF-16LE(secret)). The resulting 16-byte value may either be given
1149: as a hex encoded string with a _0x_ prefix or as a Base64 encoded string
1150: with a _0s_ prefix.
1151:
1152: secrets.ntlm<suffix>.id<suffix> =
1153: Identity the NTLM secret belongs to.
1154:
1155: Identity the NTLM secret belongs to. Multiple unique identities may
1156: be specified, each having an _id_ prefix, if a secret is shared between
1157: multiple users.
1158:
1159: secrets.ike<suffix> { # }
1160: IKE preshared secret section for a specific secret.
1161:
1162: IKE preshared secret section for a specific secret. Each IKE PSK is defined
1163: in a unique section having the _ike_ prefix.
1164:
1165: secrets.ike<suffix>.secret =
1166: Value of the IKE preshared secret.
1167:
1168: Value of the IKE preshared secret. It may either be an ASCII string,
1169: a hex encoded string if it has a _0x_ prefix or a Base64 encoded string if
1170: it has a _0s_ prefix in its value.
1171:
1172: secrets.ike<suffix>.id<suffix> =
1173: IKE identity the IKE preshared secret belongs to.
1174:
1175: IKE identity the IKE preshared secret belongs to. Multiple unique identities
1176: may be specified, each having an _id_ prefix, if a secret is shared between
1177: multiple peers.
1178:
1179: secrets.ppk<suffix> { # }
1180: Postquantum Preshared Key (PPK) section for a specific secret.
1181:
1182: Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
1183: defined in a unique section having the _ppk_ prefix.
1184:
1185: secrets.ppk<suffix>.secret =
1186: Value of the PPK.
1187:
1188: Value of the PPK. It may either be an ASCII string, a hex encoded string if
1189: it has a _0x_ prefix or a Base64 encoded string if it has a _0s_ prefix in
1190: its value. Should have at least 256 bits of entropy for 128-bit security.
1191:
1192: secrets.ppk<suffix>.id<suffix> =
1193: PPK identity the PPK belongs to.
1194:
1195: PPK identity the PPK belongs to. Multiple unique identities
1196: may be specified, each having an _id_ prefix, if a secret is shared between
1197: multiple peers.
1198:
1199: secrets.private<suffix> { # }
1200: Private key decryption passphrase for a key in the _private_ folder.
1201:
1202: secrets.private<suffix>.file =
1203: File name in the _private_ folder for which this passphrase should be used.
1204:
1205: secrets.private<suffix>.secret
1206: Value of decryption passphrase for private key.
1207:
1208: secrets.rsa<suffix> { # }
1209: Private key decryption passphrase for a key in the _rsa_ folder.
1210:
1211: secrets.rsa<suffix>.file =
1212: File name in the _rsa_ folder for which this passphrase should be used.
1213:
1214: secrets.rsa<suffix>.secret
1215: Value of decryption passphrase for RSA key.
1216:
1217: secrets.ecdsa<suffix> { # }
1218: Private key decryption passphrase for a key in the _ecdsa_ folder.
1219:
1220: secrets.ecdsa<suffix>.file =
1221: File name in the _ecdsa_ folder for which this passphrase should be used.
1222:
1223: secrets.ecdsa<suffix>.secret
1224: Value of decryption passphrase for ECDSA key.
1225:
1226: secrets.pkcs8<suffix> { # }
1227: Private key decryption passphrase for a key in the _pkcs8_ folder.
1228:
1229: secrets.pkcs8<suffix>.file =
1230: File name in the _pkcs8_ folder for which this passphrase should be used.
1231:
1232: secrets.pkcs8<suffix>.secret
1233: Value of decryption passphrase for PKCS#8 key.
1234:
1235: secrets.pkcs12<suffix> { # }
1236: PKCS#12 decryption passphrase for a container in the _pkcs12_ folder.
1237:
1238: secrets.pkcs12<suffix>.file =
1239: File name in the _pkcs12_ folder for which this passphrase should be used.
1240:
1241: secrets.pkcs12<suffix>.secret
1242: Value of decryption passphrase for PKCS#12 container.
1243:
1244: secrets.token<suffix> { # }
1245: Definition for a private key that's stored on a token/smartcard.
1246:
1247: secrets.token<suffix>.handle =
1248: Hex-encoded CKA_ID of the private key on the token.
1249:
1250: secrets.token<suffix>.slot =
1251: Optional slot number to access the token.
1252:
1253: secrets.token<suffix>.module =
1254: Optional PKCS#11 module name to access the token.
1255:
1256: secrets.token<suffix>.pin =
1257: Optional PIN required to access the key on the token. If none is provided
1258: the user is prompted during an interactive --load-creds call.
1259:
1260: pools { # }
1261: Section defining named pools.
1262:
1263: Section defining named pools. Named pools may be referenced by connections
1264: with the **pools** option to assign virtual IPs and other configuration
1265: attributes.
1266:
1267: pools.<name> { # }
1268: Section defining a single pool with a unique name.
1269:
1270: pools.<name>.addrs =
1271: Addresses allocated in pool.
1272:
1273: Subnet or range defining addresses allocated in pool. Accepts a single CIDR
1274: subnet defining the pool to allocate addresses from or an address range
1275: (<from>-<to>). Pools must be unique and non-overlapping.
1276:
1277: pools.<name>.<attr> =
1278: Comma separated list of additional attributes from type <attr>.
1279:
1280: Comma separated list of additional attributes of type **<attr>**. The
1281: attribute type may be one of _dns_, _nbns_, _dhcp_, _netmask_, _server_,
1282: _subnet_, _split_include_ and _split_exclude_ to define addresses or CIDR
1283: subnets for the corresponding attribute types. Alternatively, **<attr>** can
1284: be a numerical identifier, for which string attribute values are accepted
1285: as well.
1286:
1287: authorities { # }
1288: Section defining attributes of certification authorities.
1289:
1290: authorities.<name> { # }
1291: Section defining a certification authority with a unique name.
1292:
1293: authorities.<name>.cacert =
1294: CA certificate belonging to the certification authority.
1295:
1296: CA certificate belonging to the certification authority. The certificates
1297: may use a relative path from the **swanctl** _x509ca_ directory or an
1298: absolute path.
1299:
1300: Configure one of _cacert_, _file_, or _handle_ per section.
1301:
1302: authorities.<name>.file =
1303: Absolute path to the certificate to load.
1304:
1305: Absolute path to the certificate to load. Passed as-is to the daemon, so it
1306: must be readable by it.
1307:
1308: Configure one of _cacert_, _file_, or _handle_ per section.
1309:
1310: authorities.<name>.handle =
1311: Hex-encoded CKA_ID of the CA certificate on a token.
1312:
1313: Hex-encoded CKA_ID of the CA certificate on a token.
1314:
1315: Configure one of _cacert_, _file_, or _handle_ per section.
1316:
1317: authorities.<name>.slot =
1318: Optional slot number of the token that stores the CA certificate.
1319:
1320: authorities.<name>.module =
1321: Optional PKCS#11 module name.
1322:
1323: authorities.<name>.crl_uris =
1324: Comma-separated list of CRL distribution points.
1325:
1326: Comma-separated list of CRL distribution points (ldap, http, or file URI).
1327:
1328: authorities.<name>.ocsp_uris =
1329: Comma-separated list of OCSP URIs.
1330:
1331: authorities.<name>.cert_uri_base =
1332: Defines the base URI for the Hash and URL feature supported by IKEv2.
1333:
1334: Defines the base URI for the Hash and URL feature supported by IKEv2.
1335: Instead of exchanging complete certificates, IKEv2 allows one to send an
1336: URI that resolves to the DER encoded certificate. The certificate URIs are
1337: built by appending the SHA1 hash of the DER encoded certificates to this
1338: base URI.
1339:
1340: include conf.d/*.conf
1341: Include config snippets
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to swanctl.opt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / swanctl