# /etc/strongswan.conf - strongSwan configuration file

charon-systemd {
  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite

  multiple_authentication = no

  syslog {
    daemon {
      tnc = 2
      imv = 3
    }
  }
  plugins {
    eap-ttls {
      phase2_method = md5
      phase2_piggyback = yes
      phase2_tnc = yes
    }
  }
}

libtls {
  suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}

libimcv {
  database = sqlite:///etc/db.d/config.db
  policy_script = /usr/local/libexec/ipsec/imv_policy_manager
}

attest {
  load = random nonce openssl sqlite
  database = sqlite:///etc/db.d/config.db
}