]>
Commit | Line | Data |
---|---|---|
8250fc10 | 1 | .TH IPSEC.CONF 5 "2012-06-26" "@PACKAGE_VERSION@" "strongSwan" |
fea5e716 MW |
2 | .SH NAME |
3 | ipsec.conf \- IPsec configuration and connections | |
4 | .SH DESCRIPTION | |
5 | The optional | |
6 | .I ipsec.conf | |
7 | file | |
8 | specifies most configuration and control information for the | |
9 | strongSwan IPsec subsystem. | |
f115838b | 10 | The major exception is secrets for authentication; |
fea5e716 | 11 | see |
f115838b | 12 | .IR ipsec.secrets (5). |
532f2347 | 13 | Its contents are not security-sensitive. |
fea5e716 MW |
14 | .PP |
15 | The file is a text file, consisting of one or more | |
16 | .IR sections . | |
17 | White space followed by | |
18 | .B # | |
19 | followed by anything to the end of the line | |
20 | is a comment and is ignored, | |
21 | as are empty lines which are not within a section. | |
22 | .PP | |
23 | A line which contains | |
24 | .B include | |
25 | and a file name, separated by white space, | |
a83d1245 | 26 | is replaced by the contents of that file. |
fea5e716 MW |
27 | If the file name is not a full pathname, |
28 | it is considered to be relative to the directory containing the | |
29 | including file. | |
30 | Such inclusions can be nested. | |
31 | Only a single filename may be supplied, and it may not contain white space, | |
32 | but it may include shell wildcards (see | |
33 | .IR sh (1)); | |
34 | for example: | |
35 | .PP | |
36 | .B include | |
37 | .B "ipsec.*.conf" | |
38 | .PP | |
39 | The intention of the include facility is mostly to permit keeping | |
40 | information on connections, or sets of connections, | |
41 | separate from the main configuration file. | |
42 | This permits such connection descriptions to be changed, | |
43 | copied to the other security gateways involved, etc., | |
44 | without having to constantly extract them from the configuration | |
45 | file and then insert them back into it. | |
46 | Note also the | |
47 | .B also | |
48 | parameter (described below) which permits splitting a single logical | |
49 | section (e.g. a connection description) into several actual sections. | |
50 | .PP | |
fea5e716 MW |
51 | A section |
52 | begins with a line of the form: | |
53 | .PP | |
54 | .I type | |
55 | .I name | |
56 | .PP | |
57 | where | |
58 | .I type | |
59 | indicates what type of section follows, and | |
60 | .I name | |
61 | is an arbitrary name which distinguishes the section from others | |
62 | of the same type. | |
fea5e716 | 63 | All subsequent non-empty lines |
a83d1245 TB |
64 | which begin with white space are part of the section. |
65 | Sections of the same type that share the same name are merged. | |
fea5e716 MW |
66 | .PP |
67 | Lines within the section are generally of the form | |
68 | .PP | |
69 | \ \ \ \ \ \fIparameter\fB=\fIvalue\fR | |
70 | .PP | |
71 | (note the mandatory preceding white space). | |
72 | There can be white space on either side of the | |
73 | .BR = . | |
a83d1245 | 74 | Parameter names are specific to a section type. |
fea5e716 MW |
75 | .PP |
76 | An empty | |
77 | .I value | |
78 | stands for the system default value (if any) of the parameter, | |
a83d1245 TB |
79 | i.e. it is roughly equivalent to omitting the parameter line entirely. This may |
80 | be useful to clear a setting inherited from a | |
81 | .B %default | |
82 | section or via | |
83 | .B also | |
84 | parameter (see below). | |
fea5e716 MW |
85 | A |
86 | .I value | |
a83d1245 TB |
87 | may contain single spaces (additional white space is reduced to one space). |
88 | To preserve white space as written enclose the entire | |
fea5e716 | 89 | .I value |
a83d1245 TB |
90 | in double quotes (\fB"\fR); in such values double quotes themselves may be |
91 | escaped by prefixing them with | |
92 | .B \\\\ | |
93 | characters. A double-quoted string may span multiple lines by ending them with | |
94 | .B \\\\ | |
95 | characters (following lines don't have to begin with white space, as that will | |
96 | be preserved). Additionally, the following control characters may be encoded in | |
97 | double-quoted strings: \\n, \\r, \\t, \\b, \\f. | |
fea5e716 MW |
98 | .PP |
99 | Numeric values are specified to be either an ``integer'' | |
100 | (a sequence of digits) or a ``decimal number'' | |
101 | (sequence of digits optionally followed by `.' and another sequence of digits). | |
102 | .PP | |
103 | There is currently one parameter which is available in any type of | |
104 | section: | |
105 | .TP | |
106 | .B also | |
a83d1245 TB |
107 | the value is a section name; the parameters of that section are inherited by |
108 | the current section. Parameters in the current section always override inherited | |
109 | parameters, even if an | |
110 | .B also | |
111 | follows after them. | |
112 | The specified section must exist and must have the same section type; it doesn't | |
113 | if it is defined before or after the current section. | |
114 | Nesting is permitted, and there may be more than one | |
115 | .B also | |
116 | in a single section (parameters from referenced sections are inherited and | |
117 | overridden in the order of these | |
fea5e716 | 118 | .B also |
a83d1245 | 119 | parameters). |
fea5e716 MW |
120 | .PP |
121 | A section with name | |
122 | .B %default | |
a83d1245 TB |
123 | specifies defaults for sections of the same type. All parameters in it, are |
124 | inherited by all other sections of that type. | |
fea5e716 MW |
125 | .PP |
126 | Currently there are three types of sections: | |
127 | a | |
128 | .B config | |
129 | section specifies general configuration information for IPsec, a | |
130 | .B conn | |
131 | section specifies an IPsec connection, while a | |
132 | .B ca | |
7900ab1b | 133 | section specifies special properties of a certification authority. |
fea5e716 MW |
134 | .SH "CONN SECTIONS" |
135 | A | |
136 | .B conn | |
137 | section contains a | |
138 | .IR "connection specification" , | |
139 | defining a network connection to be made using IPsec. | |
532f2347 | 140 | The name given is arbitrary, and is used to identify the connection. |
fea5e716 MW |
141 | Here's a simple example: |
142 | .PP | |
143 | .ne 10 | |
144 | .nf | |
145 | .ft B | |
146 | .ta 1c | |
147 | conn snt | |
7900ab1b AS |
148 | left=192.168.0.1 |
149 | leftsubnet=10.1.0.0/16 | |
150 | right=192.168.0.2 | |
151 | rightsubnet=10.1.0.0/16 | |
fea5e716 | 152 | keyingtries=%forever |
7900ab1b | 153 | auto=add |
fea5e716 MW |
154 | .ft |
155 | .fi | |
156 | .PP | |
532f2347 | 157 | A note on terminology: There are two kinds of communications going on: |
fea5e716 MW |
158 | transmission of user IP packets, and gateway-to-gateway negotiations for |
159 | keying, rekeying, and general control. | |
f115838b TB |
160 | The path to control the connection is called 'ISAKMP SA' in IKEv1 |
161 | and 'IKE SA' in the IKEv2 protocol. That what is being negotiated, the kernel | |
162 | level data path, is called 'IPsec SA' or 'Child SA'. | |
75e3d90d MW |
163 | strongSwan previously used two separate keying daemons, \fIpluto\fP and |
164 | \fIcharon\fP. This manual does not discuss \fIpluto\fP options anymore, but | |
165 | only \fIcharon\fP that since strongSwan 5.0 supports both IKEv1 and IKEv2. | |
fea5e716 MW |
166 | .PP |
167 | To avoid trivial editing of the configuration file to suit it to each system | |
168 | involved in a connection, | |
169 | connection specifications are written in terms of | |
170 | .I left | |
171 | and | |
172 | .I right | |
173 | participants, | |
174 | rather than in terms of local and remote. | |
175 | Which participant is considered | |
176 | .I left | |
177 | or | |
178 | .I right | |
179 | is arbitrary; | |
f115838b TB |
180 | for every connection description an attempt is made to figure out whether |
181 | the local endpoint should act as the | |
182 | .I left | |
183 | or | |
184 | .I right | |
185 | endpoint. This is done by matching the IP addresses defined for both endpoints | |
186 | with the IP addresses assigned to local network interfaces. If a match is found | |
187 | then the role (left or right) that matches is going to be considered local. | |
188 | If no match is found during startup, | |
189 | .I left | |
190 | is considered local. | |
fea5e716 MW |
191 | This permits using identical connection specifications on both ends. |
192 | There are cases where there is no symmetry; a good convention is to | |
193 | use | |
194 | .I left | |
195 | for the local side and | |
196 | .I right | |
197 | for the remote side (the first letters are a good mnemonic). | |
198 | .PP | |
199 | Many of the parameters relate to one participant or the other; | |
200 | only the ones for | |
201 | .I left | |
202 | are listed here, but every parameter whose name begins with | |
203 | .B left | |
204 | has a | |
205 | .B right | |
206 | counterpart, | |
207 | whose description is the same but with | |
208 | .B left | |
209 | and | |
210 | .B right | |
211 | reversed. | |
212 | .PP | |
532f2347 MW |
213 | Parameters are optional unless marked '(required)'. |
214 | .SS "CONN PARAMETERS" | |
215 | Unless otherwise noted, for a connection to work, | |
fea5e716 MW |
216 | in general it is necessary for the two ends to agree exactly |
217 | on the values of these parameters. | |
6bcf6016 TB |
218 | .TP |
219 | .BR aaa_identity " = <id>" | |
64d7b073 MW |
220 | defines the identity of the AAA backend used during IKEv2 EAP authentication. |
221 | This is required if the EAP client uses a method that verifies the server | |
222 | identity (such as EAP-TLS), but it does not match the IKEv2 gateway identity. | |
223 | .TP | |
72970b45 TB |
224 | .BR aggressive " = yes | " no |
225 | whether to use IKEv1 Aggressive or Main Mode (the default). | |
226 | .TP | |
5fdbb3c6 MW |
227 | .BR ah " = <cipher suites>" |
228 | comma-separated list of AH algorithms to be used for the connection, e.g. | |
229 | .BR sha1-sha256-modp1024 . | |
230 | The notation is | |
231 | .BR integrity[-dhgroup] . | |
232 | For IKEv2, multiple algorithms (separated by -) of the same type can be included | |
233 | in a single proposal. IKEv1 only includes the first algorithm in a proposal. | |
234 | Only either the | |
235 | .B ah | |
236 | or | |
237 | .B esp | |
238 | keyword may be used, AH+ESP bundles are not supported. | |
239 | ||
10b5e8bb | 240 | There is no default AH cipher suite since by default ESP is used. |
5fdbb3c6 MW |
241 | The daemon adds its extensive default proposal to the configured value. To |
242 | restrict it to the configured proposal an | |
243 | exclamation mark | |
244 | .RB ( ! ) | |
245 | can be added at the end. | |
246 | ||
247 | If | |
248 | .B dh-group | |
249 | is specified, CHILD_SA/Quick Mode setup and rekeying include a separate | |
bbd46207 TB |
250 | Diffie-Hellman exchange (refer to the |
251 | .B esp | |
252 | keyword for details). | |
5fdbb3c6 | 253 | .TP |
a5477a6f TB |
254 | .BR also " = <name>" |
255 | includes conn section | |
256 | .BR <name> . | |
fea5e716 | 257 | .TP |
5fdbb3c6 MW |
258 | .BR auth " = <value>" |
259 | was used by the | |
260 | .B pluto | |
261 | IKEv1 daemon to use AH integrity protection for ESP encrypted packets, but is | |
262 | not supported in charon. The | |
263 | .B ah | |
264 | keyword specifies algorithms to use for integrity protection with AH, but | |
265 | without encryption. AH+ESP bundles are not supported. | |
266 | .TP | |
2045a9d3 | 267 | .BR authby " = " pubkey " | rsasig | ecdsasig | psk | secret | never | xauthpsk | xauthrsasig" |
fea5e716 MW |
268 | how the two security gateways should authenticate each other; |
269 | acceptable values are | |
7900ab1b | 270 | .B psk |
a5477a6f TB |
271 | or |
272 | .B secret | |
c7f76958 AS |
273 | for pre-shared secrets, |
274 | .B pubkey | |
275 | (the default) for public key signatures as well as the synonyms | |
fea5e716 | 276 | .B rsasig |
c7f76958 AS |
277 | for RSA digital signatures and |
278 | .B ecdsasig | |
279 | for Elliptic Curve DSA signatures. | |
fea5e716 | 280 | .B never |
c7f76958 AS |
281 | can be used if negotiation is never to be attempted or accepted (useful for |
282 | shunt-only conns). | |
8015c91c | 283 | Digital signatures are superior in every way to shared secrets. |
7900ab1b AS |
284 | IKEv1 additionally supports the values |
285 | .B xauthpsk | |
286 | and | |
287 | .B xauthrsasig | |
288 | that will enable eXtended AUTHentication (XAUTH) in addition to IKEv1 main mode | |
c8d46f29 | 289 | based on shared secrets or digital RSA signatures, respectively. |
75e3d90d MW |
290 | This parameter is deprecated, as two peers do not need to agree on an |
291 | authentication method in IKEv2. Use the | |
a44bb934 | 292 | .B leftauth |
75e3d90d | 293 | parameter instead to define authentication methods. |
fea5e716 | 294 | .TP |
6bcf6016 | 295 | .BR auto " = " ignore " | add | route | start" |
c2bc2b27 AS |
296 | what operation, if any, should be done automatically at IPsec startup; |
297 | currently-accepted values are | |
f115838b TB |
298 | .BR add , |
299 | .BR route , | |
c2bc2b27 | 300 | .B start |
7900ab1b | 301 | and |
f115838b TB |
302 | .B ignore |
303 | (the default). | |
c2bc2b27 AS |
304 | .B add |
305 | loads a connection without starting it. | |
306 | .B route | |
307 | loads a connection and installs kernel traps. If traffic is detected between | |
308 | .B leftsubnet | |
309 | and | |
72970b45 TB |
310 | .BR rightsubnet , |
311 | a connection is established. | |
c2bc2b27 | 312 | .B start |
f3bb1bd0 | 313 | loads a connection and brings it up immediately. |
c2bc2b27 | 314 | .B ignore |
72970b45 | 315 | ignores the connection. This is equal to deleting a connection from the config |
8015c91c | 316 | file. |
66e12b92 TB |
317 | Relevant only locally, other end need not agree on it. |
318 | .TP | |
319 | .BR closeaction " = " none " | clear | hold | restart" | |
320 | defines the action to take if the remote peer unexpectedly closes a CHILD_SA | |
321 | (see | |
322 | .B dpdaction | |
323 | for meaning of values). | |
324 | A | |
325 | .B closeaction should not be | |
64e68d22 | 326 | used if the peer uses reauthentication or uniqueids checking, as these events |
b2dfa062 | 327 | might trigger the defined action when not desired. |
7900ab1b | 328 | .TP |
6bcf6016 | 329 | .BR compress " = yes | " no |
fea5e716 MW |
330 | whether IPComp compression of content is proposed on the connection |
331 | (link-level compression does not work on encrypted data, | |
332 | so to be effective, compression must be done \fIbefore\fR encryption); | |
333 | acceptable values are | |
334 | .B yes | |
335 | and | |
336 | .B no | |
532f2347 | 337 | (the default). A value of |
fea5e716 | 338 | .B yes |
18dac73f | 339 | causes the daemon to propose both compressed and uncompressed, |
fea5e716 MW |
340 | and prefer compressed. |
341 | A value of | |
342 | .B no | |
18dac73f | 343 | prevents the daemon from proposing or accepting compression. |
fea5e716 | 344 | .TP |
6bcf6016 | 345 | .BR dpdaction " = " none " | clear | hold | restart" |
fea5e716 | 346 | controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where |
a655f5c0 MW |
347 | R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) |
348 | are periodically sent in order to check the | |
349 | liveliness of the IPsec peer. The values | |
7900ab1b AS |
350 | .BR clear , |
351 | .BR hold , | |
8015c91c | 352 | and |
7900ab1b | 353 | .B restart |
45c5b992 TB |
354 | all activate DPD and determine the action to perform on a timeout. With |
355 | .B clear | |
356 | the connection is closed with no further actions taken. | |
357 | .B hold | |
358 | installs a trap policy, which will catch matching traffic and tries to | |
359 | re-negotiate the connection on demand. | |
360 | .B restart | |
361 | will immediately trigger an attempt to re-negotiation the connection. | |
75e3d90d | 362 | The default is |
7900ab1b | 363 | .B none |
75e3d90d | 364 | which disables the active sending of DPD messages. |
fea5e716 | 365 | .TP |
6bcf6016 | 366 | .BR dpddelay " = " 30s " | <time>" |
a655f5c0 MW |
367 | defines the period time interval with which R_U_THERE messages/INFORMATIONAL |
368 | exchanges are sent to the peer. These are only sent if no other traffic is | |
369 | received. In IKEv2, a value of 0 sends no additional INFORMATIONAL | |
370 | messages and uses only standard messages (such as those to rekey) to detect | |
371 | dead peers. | |
fea5e716 | 372 | .TP |
66e12b92 TB |
373 | .BR dpdtimeout " = " 150s " | <time> |
374 | defines the timeout interval, after which all connections to a peer are deleted | |
375 | in case of inactivity. This only applies to IKEv1, in IKEv2 the default | |
376 | retransmission timeout applies, as every exchange is used to detect dead peers. | |
4876f896 | 377 | .TP |
6bcf6016 | 378 | .BR inactivity " = <time>" |
8015c91c | 379 | defines the timeout interval, after which a CHILD_SA is closed if it did |
d048a319 MW |
380 | not send or receive any traffic. The inactivity counter is reset during CHILD_SA |
381 | rekeying. This means that the inactivity timeout must be smaller than the | |
382 | rekeying interval to have any effect. | |
eea626ed | 383 | .TP |
6bcf6016 | 384 | .BR eap_identity " = <id>" |
72970b45 | 385 | defines the identity the client uses to reply to an EAP Identity request. |
82290106 | 386 | If defined on the EAP server, the defined identity will be used as peer |
8015c91c | 387 | identity during EAP authentication. The special value |
82290106 | 388 | .B %identity |
f115838b | 389 | uses the EAP Identity method to ask the client for an EAP identity. If not |
82290106 MW |
390 | defined, the IKEv2 identity will be used as EAP identity. |
391 | .TP | |
6bcf6016 | 392 | .BR esp " = <cipher suites>" |
f115838b | 393 | comma-separated list of ESP encryption/authentication algorithms to be used |
c2bc2b27 | 394 | for the connection, e.g. |
a5477a6f | 395 | .BR aes128-sha256 . |
f115838b | 396 | The notation is |
de13eab0 | 397 | .BR encryption-integrity[-dhgroup][-esnmode] . |
5fdbb3c6 MW |
398 | For IKEv2, multiple algorithms (separated by -) of the same type can be included |
399 | in a single proposal. IKEv1 only includes the first algorithm in a proposal. | |
400 | Only either the | |
401 | .B ah | |
402 | or | |
403 | .B esp | |
404 | keyword may be used, AH+ESP bundles are not supported. | |
5b2e669b | 405 | |
de13eab0 | 406 | Defaults to |
8e3940f5 | 407 | .BR aes128-sha256 . |
75e3d90d | 408 | The daemon adds its extensive default proposal to this default |
de13eab0 TB |
409 | or the configured value. To restrict it to the configured proposal an |
410 | exclamation mark | |
411 | .RB ( ! ) | |
412 | can be added at the end. | |
5b2e669b | 413 | |
de13eab0 | 414 | .BR Note : |
bbd46207 TB |
415 | As a responder, the daemon defaults to selecting the first configured proposal |
416 | that's also supported by the peer. This may be changed via | |
417 | .BR strongswan.conf (5) | |
418 | to selecting the first acceptable proposal sent by the peer instead. In order to | |
419 | restrict a responder to only accept specific cipher suites, the strict flag | |
de13eab0 TB |
420 | .RB ( ! , |
421 | exclamation mark) can be used, e.g: aes256-sha512-modp4096! | |
bbd46207 | 422 | |
f115838b TB |
423 | If |
424 | .B dh-group | |
bbd46207 TB |
425 | is specified, CHILD_SA/Quick Mode rekeying and initial negotiation use a |
426 | separate Diffie-Hellman exchange using the specified group. However, for IKEv2, | |
427 | the keys of the CHILD_SA created implicitly with the IKE_SA will always be | |
428 | derived from the IKE_SA's key material. So any DH group specified here will only | |
429 | apply when the CHILD_SA is later rekeyed or is created with a separate | |
430 | CREATE_CHILD_SA exchange. Therefore, a proposal mismatch might not immediately | |
431 | be noticed when the SA is established, but may later cause rekeying to fail. | |
432 | ||
433 | Valid values for | |
de13eab0 | 434 | .B esnmode |
bbd46207 | 435 | are |
37821954 MW |
436 | .B esn |
437 | and | |
de13eab0 TB |
438 | .BR noesn . |
439 | Specifying both negotiates Extended Sequence Number support with the peer, | |
440 | the default is | |
37821954 | 441 | .B noesn. |
c2bc2b27 | 442 | .TP |
6bcf6016 | 443 | .BR forceencaps " = yes | " no |
a5477a6f | 444 | force UDP encapsulation for ESP packets even if no NAT situation is detected. |
f115838b | 445 | This may help to surmount restrictive firewalls. In order to force the peer to |
75e3d90d | 446 | encapsulate packets, NAT detection payloads are faked. |
9dae1bed | 447 | .TP |
46a3f92a | 448 | .BR fragmentation " = " yes " | accept | force | no" |
aaf9911a TB |
449 | whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2 |
450 | fragmentation as per RFC 7383). Acceptable values are | |
af662a51 TB |
451 | .B yes |
452 | (the default), | |
46a3f92a | 453 | .BR accept , |
365d9a6f | 454 | .B force |
97973f86 | 455 | and |
af662a51 | 456 | .BR no . |
365d9a6f | 457 | If set to |
46a3f92a TB |
458 | .BR yes , |
459 | and the peer supports it, oversized IKE messages will be sent in fragments. If | |
460 | set to | |
461 | .BR accept , | |
462 | support for fragmentation is announced to the peer but the daemon does not send | |
463 | its own messages in fragments. If set to | |
365d9a6f | 464 | .B force |
aaf9911a | 465 | (only supported for IKEv1) the initial IKE message will already be fragmented |
46a3f92a TB |
466 | if required. Finally, setting the option to |
467 | .B no | |
468 | will disable announcing support for this feature. | |
469 | ||
470 | Note that fragmented IKE messages sent by a peer are always accepted | |
471 | irrespective of the value of this option (even when set to | |
472 | .BR no ). | |
97973f86 | 473 | .TP |
6bcf6016 | 474 | .BR ike " = <cipher suites>" |
f115838b TB |
475 | comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms |
476 | to be used, e.g. | |
8e3940f5 | 477 | .BR aes128-sha256-modp3072 . |
f115838b | 478 | The notation is |
5b2e669b MW |
479 | .BR encryption-integrity[-prf]-dhgroup . |
480 | If no PRF is given, the algorithms defined for integrity are used for the PRF. | |
481 | The prf keywords are the same as the integrity algorithms, but have a | |
482 | .B prf | |
483 | prefix (such as | |
484 | .BR prfsha1 , | |
485 | .B prfsha256 | |
486 | or | |
487 | .BR prfaesxcbc ). | |
de13eab0 | 488 | .br |
5b2e669b | 489 | In IKEv2, multiple algorithms and proposals may be included, such as |
8e3940f5 | 490 | .BR aes128-aes256-sha1-modp3072-modp2048,3des-sha1-md5-modp1024 . |
5b2e669b | 491 | |
de13eab0 | 492 | Defaults to |
8e3940f5 | 493 | .BR aes128-sha256-modp3072 . |
75e3d90d | 494 | The daemon adds its extensive default proposal to this |
de13eab0 TB |
495 | default or the configured value. To restrict it to the configured proposal an |
496 | exclamation mark | |
497 | .RB ( ! ) | |
498 | can be added at the end. | |
5b2e669b | 499 | |
de13eab0 | 500 | .BR Note : |
75e3d90d | 501 | As a responder the daemon accepts the first supported proposal received from |
de13eab0 TB |
502 | the peer. In order to restrict a responder to only accept specific cipher |
503 | suites, the strict flag | |
72970b45 | 504 | .RB ( ! , |
5b2e669b MW |
505 | exclamation mark) can be used, e.g: |
506 | .BR aes256-sha512-modp4096! | |
c2bc2b27 | 507 | .TP |
88f4cd39 MW |
508 | .BR ikedscp " = " 000000 " | <DSCP field>" |
509 | Differentiated Services Field Codepoint to set on outgoing IKE packets sent | |
510 | from this connection. The value is a six digit binary encoded string defining | |
511 | the Codepoint to set, as defined in RFC 2474. | |
512 | .TP | |
6bcf6016 | 513 | .BR ikelifetime " = " 3h " | <time>" |
f115838b | 514 | how long the keying channel of a connection (ISAKMP or IKE SA) |
9f8ceffb | 515 | should last before being renegotiated. Also see EXPIRY/REKEY below. |
fea5e716 | 516 | .TP |
6bcf6016 | 517 | .BR installpolicy " = " yes " | no" |
75e3d90d MW |
518 | decides whether IPsec policies are installed in the kernel by the charon daemon |
519 | for a given connection. Allows peaceful cooperation e.g. with | |
84bec926 AS |
520 | the Mobile IPv6 daemon mip6d who wants to control the kernel policies. |
521 | Acceptable values are | |
522 | .B yes | |
523 | (the default) and | |
524 | .BR no . | |
525 | .TP | |
6bcf6016 | 526 | .BR keyexchange " = " ike " | ikev1 | ikev2" |
72970b45 TB |
527 | which key exchange protocol should be used to initiate the connection. |
528 | Connections marked with | |
fea5e716 | 529 | .B ike |
75e3d90d | 530 | use IKEv2 when initiating, but accept any protocol version when responding. |
fea5e716 | 531 | .TP |
bf870ffb | 532 | .BR keyingtries " = " 3 " | <number> | %forever" |
fea5e716 MW |
533 | how many attempts (a whole number or \fB%forever\fP) should be made to |
534 | negotiate a connection, or a replacement for one, before giving up | |
535 | (default | |
bf870ffb | 536 | .BR 3 ). |
fea5e716 | 537 | The value \fB%forever\fP |
532f2347 | 538 | means 'never give up'. |
fea5e716 MW |
539 | Relevant only locally, other end need not agree on it. |
540 | .TP | |
6301ec0a MW |
541 | .BR left " = <ip address> | <fqdn> | " %any " | <range> | <subnet> " |
542 | The IP address of the left participant's public-network interface | |
c2bc2b27 | 543 | or one of several magic values. |
75e3d90d | 544 | The value |
f115838b | 545 | .B %any |
72970b45 TB |
546 | (the default) for the local endpoint signifies an address to be filled in (by |
547 | automatic keying) during negotiation. If the local peer initiates the | |
548 | connection setup the routing table will be queried to determine the correct | |
549 | local IP address. | |
f115838b TB |
550 | In case the local peer is responding to a connection setup then any IP address |
551 | that is assigned to a local interface will be accepted. | |
66e12b92 TB |
552 | |
553 | The prefix | |
554 | .B % | |
555 | in front of a fully-qualified domain name or an IP address will implicitly set | |
556 | .BR leftallowany =yes. | |
f115838b TB |
557 | |
558 | If | |
559 | .B %any | |
560 | is used for the remote endpoint it literally means any IP address. | |
561 | ||
31456d1f NK |
562 | If an |
563 | .B FQDN | |
564 | is assigned it is resolved every time a configuration lookup is done. If DNS | |
565 | resolution times out, the lookup is delayed for that time. | |
566 | ||
6301ec0a MW |
567 | To limit the connection to a specific range of hosts, a range ( |
568 | .BR 10.1.0.0-10.2.255.255 | |
569 | ) or a subnet ( | |
570 | .BR 10.1.0.0/16 | |
571 | ) can be specified, and multiple addresses, ranges and subnets can be separated | |
572 | by commas. While one can freely combine these items, to initiate the connection | |
573 | at least one non-range/subnet is required. | |
574 | ||
f115838b TB |
575 | Please note that with the usage of wildcards multiple connection descriptions |
576 | might match a given incoming connection attempt. The most specific description | |
577 | is used in that case. | |
c2bc2b27 | 578 | .TP |
66e12b92 TB |
579 | .BR leftallowany " = yes | " no |
580 | a modifier for | |
581 | .BR left , | |
582 | making it behave as | |
583 | .B %any | |
584 | although a concrete IP address or domain name has been assigned. | |
585 | .TP | |
6bcf6016 | 586 | .BR leftauth " = <auth method>" |
f115838b TB |
587 | Authentication method to use locally (left) or require from the remote (right) |
588 | side. | |
75e3d90d | 589 | Acceptable values are |
a44bb934 | 590 | .B pubkey |
8015c91c | 591 | for public key authentication (RSA/ECDSA), |
a44bb934 | 592 | .B psk |
75e3d90d | 593 | for pre-shared key authentication, |
a44bb934 | 594 | .B eap |
75e3d90d MW |
595 | to (require the) use of the Extensible Authentication Protocol in IKEv2, and |
596 | .B xauth | |
597 | for IKEv1 eXtended Authentication. | |
276cf3b7 | 598 | |
44e513a3 | 599 | To require a trustchain public key strength for the remote side, specify the |
7c4214bd MW |
600 | key type followed by the minimum strength in bits (for example |
601 | .BR ecdsa-384 | |
44e513a3 | 602 | or |
7c4214bd MW |
603 | .BR rsa-2048-ecdsa-256 ). |
604 | To limit the acceptable set of hashing algorithms for trustchain validation, | |
605 | append hash algorithms to | |
606 | .BR pubkey | |
607 | or a key strength definition (for example | |
e698bdea TB |
608 | .BR pubkey-sha256-sha512 , |
609 | .BR rsa-2048-sha256-sha384-sha512 , | |
7c4214bd | 610 | or |
e698bdea | 611 | .BR rsa-2048-sha256-ecdsa-256-sha256-sha384 ). |
276cf3b7 | 612 | Unless disabled in |
3c23a751 TB |
613 | .BR strongswan.conf (5), |
614 | or explicit IKEv2 signature constraints are configured (see below), such key | |
615 | types and hash algorithms are also applied as constraints against IKEv2 | |
276cf3b7 TB |
616 | signature authentication schemes used by the remote side. |
617 | ||
618 | If both peers support RFC 7427 ("Signature Authentication in IKEv2") specific | |
619 | hash algorithms to be used during IKEv2 authentication may be configured. | |
3c23a751 TB |
620 | The syntax is the same as above, but with ike: prefix. For example, with |
621 | .B ike:pubkey-sha384-sha256 | |
276cf3b7 TB |
622 | a public key signature scheme with either SHA-384 or SHA-256 would get used for |
623 | authentication, in that order and depending on the hash algorithms supported by | |
624 | the peer. If no specific hash algorithms are configured, the default is to | |
625 | prefer an algorithm that matches or exceeds the strength of the signature key. | |
3c23a751 TB |
626 | If no constraints with ike: prefix are configured any signature scheme |
627 | constraint (without ike: prefix) will also apply to IKEv2 authentication, unless | |
628 | this is disabled in | |
629 | .BR strongswan.conf (5). | |
fde0c763 TB |
630 | |
631 | To use or require RSASSA-PSS signatures use rsa/pss instead of rsa as in e.g. | |
632 | .BR ike:rsa/pss-sha256 . | |
633 | If \fBpubkey\fR or \fBrsa\fR constraints are configured RSASSA-PSS signatures | |
634 | will only be used/accepted if enabled in | |
635 | .BR strongswan.conf (5). | |
276cf3b7 | 636 | |
44e513a3 | 637 | For |
72970b45 | 638 | .BR eap , |
a44bb934 | 639 | an optional EAP method can be appended. Currently defined methods are |
f115838b TB |
640 | .BR eap-aka , |
641 | .BR eap-gtc , | |
642 | .BR eap-md5 , | |
0293f095 AS |
643 | .BR eap-mschapv2 , |
644 | .BR eap-peap , | |
645 | .BR eap-sim , | |
21079538 | 646 | .BR eap-tls , |
b24be296 | 647 | .BR eap-ttls , |
5f6ef5d5 | 648 | .BR eap-dynamic , |
a44bb934 | 649 | and |
c8d46f29 | 650 | .BR eap-radius . |
a44bb934 MW |
651 | Alternatively, IANA assigned EAP method numbers are accepted. Vendor specific |
652 | EAP methods are defined in the form | |
653 | .B eap-type-vendor | |
f115838b | 654 | .RB "(e.g. " eap-7-12345 ). |
f2e2cce2 MW |
655 | To specify signature and trust chain constraints for EAP-(T)TLS, append a colon |
656 | to the EAP method, followed by the key type/size and hash algorithm as discussed | |
657 | above. For | |
75e3d90d | 658 | .B xauth, |
66e12b92 | 659 | an XAuth authentication backend can be specified, such as |
75e3d90d MW |
660 | .B xauth-generic |
661 | or | |
66e12b92 | 662 | .BR xauth-eap . |
75e3d90d MW |
663 | If XAuth is used in |
664 | .BR leftauth , | |
665 | Hybrid authentication is used. For traditional XAuth authentication, define | |
666 | XAuth in | |
667 | .BR lefauth2 . | |
a44bb934 | 668 | .TP |
6bcf6016 | 669 | .BR leftauth2 " = <auth method>" |
8015c91c | 670 | Same as |
f115838b | 671 | .BR leftauth , |
75e3d90d MW |
672 | but defines an additional authentication exchange. In IKEv1, only XAuth can be |
673 | used in the second authentication round. IKEv2 supports multiple complete | |
a44bb934 | 674 | authentication rounds using "Multiple Authentication Exchanges" defined |
72970b45 | 675 | in RFC 4739. This allows, for example, separated authentication |
75e3d90d | 676 | of host and user. |
a44bb934 | 677 | .TP |
6bcf6016 | 678 | .BR leftca " = <issuer dn> | %same" |
fea5e716 MW |
679 | the distinguished name of a certificate authority which is required to |
680 | lie in the trust path going from the left participant's certificate up | |
8015c91c | 681 | to the root certification authority. |
72970b45 TB |
682 | .B %same |
683 | means that the value configured for the right participant should be reused. | |
fea5e716 | 684 | .TP |
6bcf6016 | 685 | .BR leftca2 " = <issuer dn> | %same" |
a44bb934 | 686 | Same as |
6bcf6016 | 687 | .BR leftca , |
a44bb934 MW |
688 | but for the second authentication round (IKEv2 only). |
689 | .TP | |
6bcf6016 | 690 | .BR leftcert " = <path>" |
f115838b TB |
691 | the path to the left participant's X.509 certificate. The file can be encoded |
692 | either in PEM or DER format. OpenPGP certificates are supported as well. | |
7900ab1b | 693 | Both absolute paths or paths relative to \fI/etc/ipsec.d/certs\fP |
fea5e716 MW |
694 | are accepted. By default |
695 | .B leftcert | |
8015c91c | 696 | sets |
fea5e716 | 697 | .B leftid |
72970b45 | 698 | to the distinguished name of the certificate's subject. |
84545f6e | 699 | The left participant's ID can be overridden by specifying a |
fea5e716 MW |
700 | .B leftid |
701 | value which must be certified by the certificate, though. | |
05e266ea MW |
702 | .br |
703 | A value in the form | |
f6d8fb36 | 704 | .B %smartcard[<slot nr>[@<module>]]:<keyid> |
05e266ea | 705 | defines a specific certificate to load from a PKCS#11 backend for this |
f6d8fb36 | 706 | connection. See ipsec.secrets(5) for details about smartcard definitions. |
05e266ea MW |
707 | .B leftcert |
708 | is required only if selecting the certificate with | |
709 | .B leftid | |
710 | is not sufficient, for example if multiple certificates use the same subject. | |
11a7abf5 MW |
711 | .br |
712 | Multiple certificate paths or PKCS#11 backends can be specified in a comma | |
713 | separated list. The daemon chooses the certificate based on the received | |
714 | certificate requests if possible before enforcing the first. | |
fea5e716 | 715 | .TP |
6bcf6016 | 716 | .BR leftcert2 " = <path>" |
a44bb934 MW |
717 | Same as |
718 | .B leftcert, | |
719 | but for the second authentication round (IKEv2 only). | |
720 | .TP | |
6367de28 | 721 | .BR leftcertpolicy " = <OIDs>" |
66e12b92 TB |
722 | Comma separated list of certificate policy OIDs the peer's certificate must |
723 | have. | |
724 | OIDs are specified using the numerical dotted representation. | |
6367de28 | 725 | .TP |
c60f1da4 MW |
726 | .BR leftdns " = <servers>" |
727 | Comma separated list of DNS server addresses to exchange as configuration | |
72970b45 TB |
728 | attributes. On the initiator, a server is a fixed IPv4/IPv6 address, or |
729 | .BR %config4 / %config6 | |
c60f1da4 | 730 | to request attributes without an address. On the responder, |
72970b45 | 731 | only fixed IPv4/IPv6 addresses are allowed and define DNS servers assigned |
c60f1da4 MW |
732 | to the client. |
733 | .TP | |
6bcf6016 | 734 | .BR leftfirewall " = yes | " no |
c2bc2b27 AS |
735 | whether the left participant is doing forwarding-firewalling |
736 | (including masquerading) using iptables for traffic from \fIleftsubnet\fR, | |
737 | which should be turned off (for traffic to the other subnet) | |
738 | once the connection is established; | |
739 | acceptable values are | |
740 | .B yes | |
741 | and | |
742 | .B no | |
743 | (the default). | |
744 | May not be used in the same connection description with | |
745 | .BR leftupdown . | |
746 | Implemented as a parameter to the default \fBipsec _updown\fR script. | |
747 | See notes below. | |
748 | Relevant only locally, other end need not agree on it. | |
749 | ||
750 | If one or both security gateways are doing forwarding firewalling | |
751 | (possibly including masquerading), | |
752 | and this is specified using the firewall parameters, | |
753 | tunnels established with IPsec are exempted from it | |
754 | so that packets can flow unchanged through the tunnels. | |
755 | (This means that all subnets connected in this manner must have | |
756 | distinct, non-overlapping subnet address blocks.) | |
75e3d90d | 757 | This is done by the default \fBipsec _updown\fR script. |
c2bc2b27 AS |
758 | |
759 | In situations calling for more control, | |
760 | it may be preferable for the user to supply his own | |
761 | .I updown | |
762 | script, | |
763 | which makes the appropriate adjustments for his system. | |
764 | .TP | |
6bcf6016 | 765 | .BR leftgroups " = <group list>" |
c2bc2b27 AS |
766 | a comma separated list of group names. If the |
767 | .B leftgroups | |
768 | parameter is present then the peer must be a member of at least one | |
75e3d90d | 769 | of the groups defined by the parameter. |
c2bc2b27 | 770 | .TP |
46df61df MW |
771 | .BR leftgroups2 " = <group list>" |
772 | Same as | |
773 | .B leftgroups, | |
774 | but for the second authentication round defined with | |
775 | .B leftauth2. | |
776 | .TP | |
6bcf6016 | 777 | .BR lefthostaccess " = yes | " no |
c2bc2b27 AS |
778 | inserts a pair of INPUT and OUTPUT iptables rules using the default |
779 | \fBipsec _updown\fR script, thus allowing access to the host itself | |
780 | in the case where the host's internal interface is part of the | |
781 | negotiated client subnet. | |
782 | Acceptable values are | |
783 | .B yes | |
784 | and | |
785 | .B no | |
786 | (the default). | |
787 | .TP | |
6bcf6016 | 788 | .BR leftid " = <id>" |
f115838b | 789 | how the left participant should be identified for authentication; |
c2bc2b27 | 790 | defaults to |
66e12b92 TB |
791 | .B left |
792 | or the subject of the certificate configured with | |
793 | .BR leftcert . | |
9388bf13 | 794 | If |
72970b45 TB |
795 | .B leftcert |
796 | is configured the identity has to be confirmed by the certificate. | |
b7a500e9 | 797 | |
9388bf13 MW |
798 | Can be an IP address, a fully-qualified domain name, an email address or a |
799 | Distinguished Name for which the ID type is determined automatically and the | |
4a2e1799 TB |
800 | string is converted to the appropriate encoding. The rules for this conversion |
801 | are described in IDENTITY PARSING below. | |
802 | ||
803 | In certain special situations the identity parsing above might be inadequate | |
804 | or produce the wrong result. Examples are the need to encode a FQDN as KEY_ID or | |
805 | the string parser being unable to produce the correct binary ASN.1 encoding of | |
806 | a certificate's DN. For these situations it is possible to enforce a specific | |
807 | identity type and to provide the binary encoding of the identity. To do this a | |
808 | prefix may be used, followed by a colon (:). If the number sign (#) follows the | |
809 | colon, the remaining data is interpreted as hex encoding, otherwise the string | |
810 | is used as is as the identification data. | |
811 | .BR Note : | |
812 | The latter implies that no conversion is performed for non-string identities. | |
813 | For example, | |
9388bf13 MW |
814 | \fIipv4:10.0.0.1\fP does not create a valid ID_IPV4_ADDR IKE identity, as it |
815 | does not get converted to binary 0x0a000001. Instead, one could use | |
816 | \fIipv4:#0a000001\fP to get a valid identity, but just using the implicit type | |
4a2e1799 | 817 | with automatic conversion is usually simpler. The same applies to the ASN.1 |
9388bf13 MW |
818 | encoded types. The following prefixes are known: |
819 | .BR ipv4 , | |
820 | .BR ipv6 , | |
821 | .BR rfc822 , | |
822 | .BR email , | |
823 | .BR userfqdn , | |
824 | .BR fqdn , | |
825 | .BR dns , | |
826 | .BR asn1dn , | |
827 | .B asn1gn | |
828 | and | |
829 | .BR keyid . | |
830 | Custom type prefixes may be specified by surrounding the numerical type value by | |
831 | curly brackets. | |
832 | ||
b7a500e9 TB |
833 | For IKEv2 and |
834 | .B rightid | |
835 | the prefix | |
836 | .B % | |
837 | in front of the identity prevents the daemon from sending IDr in its IKE_AUTH | |
838 | request and will allow it to verify the configured identity against the subject | |
839 | and subjectAltNames contained in the responder's certificate (otherwise it is | |
840 | only compared with the IDr returned by the responder). The IDr sent by the | |
841 | initiator might otherwise prevent the responder from finding a config if it | |
842 | has configured a different value for | |
843 | .BR leftid . | |
c2bc2b27 | 844 | .TP |
6bcf6016 | 845 | .BR leftid2 " = <id>" |
a44bb934 MW |
846 | identity to use for a second authentication for the left participant |
847 | (IKEv2 only); defaults to | |
848 | .BR leftid . | |
849 | .TP | |
6bcf6016 | 850 | .BR leftikeport " = <port>" |
75e3d90d MW |
851 | UDP port the left participant uses for IKE communication. |
852 | If unspecified, port 500 is used with the port floating | |
f115838b | 853 | to 4500 if a NAT is detected or MOBIKE is enabled. Specifying a local IKE port |
667b7372 | 854 | different from the default additionally requires a socket implementation that |
72970b45 | 855 | listens on this port. |
667b7372 | 856 | .TP |
6bcf6016 | 857 | .BR leftprotoport " = <protocol>/<port>" |
24df0678 MW |
858 | restrict the traffic selector to a single protocol and/or port. This option |
859 | is now deprecated, protocol/port information can be defined for each subnet | |
860 | directly in | |
861 | .BR leftsubnet . | |
7900ab1b | 862 | .TP |
87692be2 TB |
863 | .BR leftsigkey " = <raw public key> | <path to public key>" |
864 | the left participant's public key for public key signature authentication, | |
865 | in PKCS#1 format using hex (0x prefix) or base64 (0s prefix) encoding. With the | |
866 | optional | |
fa1d3d39 TB |
867 | .B dns: |
868 | or | |
869 | .B ssh: | |
870 | prefix in front of 0x or 0s, the public key is expected to be in either | |
87692be2 TB |
871 | the RFC 3110 (not the full RR, only RSA key part) or RFC 4253 public key format, |
872 | respectively. | |
b906d412 TB |
873 | Also accepted is the path to a file containing the public key in PEM, DER or SSH |
874 | encoding. Both absolute paths or paths relative to \fI/etc/ipsec.d/certs\fP | |
875 | are accepted. | |
66e12b92 | 876 | .TP |
6bcf6016 | 877 | .BR leftsendcert " = never | no | " ifasked " | always | yes" |
c2bc2b27 AS |
878 | Accepted values are |
879 | .B never | |
880 | or | |
881 | .BR no , | |
882 | .B always | |
883 | or | |
884 | .BR yes , | |
885 | and | |
a5477a6f | 886 | .BR ifasked " (the default)," |
f115838b TB |
887 | the latter meaning that the peer must send a certificate request payload in |
888 | order to get a certificate in return. | |
fea5e716 | 889 | .TP |
26bc6958 MW |
890 | .BR leftsourceip " = %config4 | %config6 | <ip address>" |
891 | Comma separated list of internal source IPs to use in a tunnel, also known as | |
892 | virtual IP. If the value is one of the synonyms | |
7900ab1b | 893 | .BR %config , |
f115838b | 894 | .BR %cfg , |
a5477a6f TB |
895 | .BR %modeconfig , |
896 | or | |
897 | .BR %modecfg , | |
72970b45 TB |
898 | an address (from the tunnel address family) is requested from the peer. With |
899 | .B %config4 | |
900 | and | |
901 | .B %config6 | |
902 | an address of the given address family will be requested explicitly. | |
903 | If an IP address is configured, it will be requested from the responder, | |
904 | which is free to respond with a different address. | |
8e79d8d3 | 905 | .TP |
c355e2b2 | 906 | .BR rightsourceip " = %config | <network>/<netmask> | <from>-<to> | %poolname" |
26bc6958 MW |
907 | Comma separated list of internal source IPs to use in a tunnel for the remote |
908 | peer. If the value is | |
8e79d8d3 | 909 | .B %config |
f115838b TB |
910 | on the responder side, the initiator must propose an address which is then |
911 | echoed back. Also supported are address pools expressed as | |
b0103105 | 912 | \fInetwork\fB/\fInetmask\fR |
c355e2b2 TB |
913 | and |
914 | \fIfrom\fB-\fIto\fR | |
f115838b TB |
915 | or the use of an external IP address pool using %\fIpoolname\fR, |
916 | where \fIpoolname\fR is the name of the IP address pool used for the lookup. | |
fea5e716 | 917 | .TP |
b7b5432f | 918 | .BR leftsubnet " = <ip subnet>[[<proto/port>]][,...]" |
c2bc2b27 | 919 | private subnet behind the left participant, expressed as |
f115838b | 920 | \fInetwork\fB/\fInetmask\fR; |
c2bc2b27 AS |
921 | if omitted, essentially assumed to be \fIleft\fB/32\fR, |
922 | signifying that the left end of the connection goes to the left participant | |
66e12b92 | 923 | only. Configured subnets of the peers may differ, the protocol narrows it to |
75e3d90d MW |
924 | the greatest common subnet. In IKEv1, this may lead to problems with other |
925 | implementations, make sure to configure identical subnets in such | |
55f126fd MW |
926 | configurations. IKEv2 supports multiple subnets separated by commas. IKEv1 only |
927 | interprets the first subnet of such a definition, unless the Cisco Unity | |
11ebba00 NK |
928 | extension plugin is enabled. This is due to a limitation of the IKEv1 protocol, |
929 | which only allows a single pair of subnets per CHILD_SA. So to tunnel several | |
930 | subnets a conn entry has to be defined and brought up for each pair of subnets. | |
24df0678 | 931 | |
b7b5432f TB |
932 | The optional part after each subnet enclosed in square brackets specifies a |
933 | protocol/port to restrict the selector for that subnet. | |
24df0678 | 934 | |
b7b5432f TB |
935 | Examples: |
936 | .BR leftsubnet=10.0.0.1[tcp/http],10.0.0.2[6/80] " or" | |
937 | .BR leftsubnet=fec1::1[udp],10.0.0.0/16[/53] . | |
24df0678 MW |
938 | Instead of omitting either value |
939 | .B %any | |
940 | can be used to the same effect, e.g. | |
b7b5432f | 941 | .BR leftsubnet=fec1::1[udp/%any],10.0.0.0/16[%any/53] . |
24df0678 | 942 | |
69560611 TB |
943 | If the protocol is |
944 | .B icmp | |
945 | or | |
946 | .B ipv6-icmp | |
947 | the port is interpreted as ICMP message type if it is less than 256 or as type | |
948 | and code if it is greater or equal to 256, with the type in the most significant | |
949 | 8 bits and the code in the least significant 8 bits. | |
950 | ||
24df0678 MW |
951 | The port value can alternatively take the value |
952 | .B %opaque | |
953 | for RFC 4301 OPAQUE selectors, or a numerical range in the form | |
954 | .BR 1024-65535 . | |
955 | None of the kernel backends currently supports opaque or port ranges and uses | |
956 | .B %any | |
957 | for policy installation instead. | |
958 | ||
959 | Instead of specifying a subnet, | |
960 | .B %dynamic | |
961 | can be used to replace it with the IKE address, having the same effect | |
962 | as omitting | |
963 | .B leftsubnet | |
964 | completely. Using | |
965 | .B %dynamic | |
966 | can be used to define multiple dynamic selectors, each having a potentially | |
0ceb2888 | 967 | different protocol/port definition. |
24df0678 | 968 | |
c2bc2b27 | 969 | .TP |
6bcf6016 | 970 | .BR leftupdown " = <path>" |
c2bc2b27 AS |
971 | what ``updown'' script to run to adjust routing and/or firewalling |
972 | when the status of the connection | |
973 | changes (default | |
974 | .BR "ipsec _updown" ). | |
975 | May include positional parameters separated by white space | |
976 | (although this requires enclosing the whole string in quotes); | |
977 | including shell metacharacters is unwise. | |
75e3d90d | 978 | Relevant only locally, other end need not agree on it. Charon uses the updown |
f115838b | 979 | script to insert firewall rules only, since routing has been implemented |
75e3d90d | 980 | directly into the daemon. |
c2bc2b27 | 981 | .TP |
6bcf6016 | 982 | .BR lifebytes " = <number>" |
75e3d90d | 983 | the number of bytes transmitted over an IPsec SA before it expires. |
deddfde9 | 984 | .TP |
6bcf6016 | 985 | .BR lifepackets " = <number>" |
75e3d90d | 986 | the number of packets transmitted over an IPsec SA before it expires. |
deddfde9 | 987 | .TP |
6bcf6016 | 988 | .BR lifetime " = " 1h " | <time>" |
deddfde9 TB |
989 | how long a particular instance of a connection |
990 | (a set of encryption/authentication keys for user packets) should last, | |
991 | from successful negotiation to expiry; | |
992 | acceptable values are an integer optionally followed by | |
993 | .BR s | |
994 | (a time in seconds) | |
995 | or a decimal number followed by | |
996 | .BR m , | |
997 | .BR h , | |
998 | or | |
999 | .B d | |
1000 | (a time | |
1001 | in minutes, hours, or days respectively) | |
1002 | (default | |
1003 | .BR 1h , | |
1004 | maximum | |
1005 | .BR 24h ). | |
1006 | Normally, the connection is renegotiated (via the keying channel) | |
1007 | before it expires (see | |
1008 | .BR margintime ). | |
1009 | The two ends need not exactly agree on | |
1010 | .BR lifetime , | |
1011 | although if they do not, | |
1012 | there will be some clutter of superseded connections on the end | |
9f8ceffb | 1013 | which thinks the lifetime is longer. Also see EXPIRY/REKEY below. |
deddfde9 | 1014 | .TP |
6bcf6016 | 1015 | .BR marginbytes " = <number>" |
deddfde9 TB |
1016 | how many bytes before IPsec SA expiry (see |
1017 | .BR lifebytes ) | |
75e3d90d | 1018 | should attempts to negotiate a replacement begin. |
deddfde9 | 1019 | .TP |
6bcf6016 | 1020 | .BR marginpackets " = <number>" |
deddfde9 TB |
1021 | how many packets before IPsec SA expiry (see |
1022 | .BR lifepackets ) | |
75e3d90d | 1023 | should attempts to negotiate a replacement begin. |
deddfde9 | 1024 | .TP |
6bcf6016 | 1025 | .BR margintime " = " 9m " | <time>" |
deddfde9 TB |
1026 | how long before connection expiry or keying-channel expiry |
1027 | should attempts to | |
1028 | negotiate a replacement | |
1029 | begin; acceptable values as for | |
1030 | .B lifetime | |
1031 | (default | |
1032 | .BR 9m ). | |
9f8ceffb TB |
1033 | Relevant only locally, other end need not agree on it. Also see EXPIRY/REKEY |
1034 | below. | |
d5f29da3 | 1035 | .TP |
6bcf6016 | 1036 | .BR mark " = <value>[/<mask>]" |
2269444b TB |
1037 | sets an XFRM mark on the inbound policy and outbound |
1038 | IPsec SA and policy. If the mask is missing then a default | |
d5f29da3 AS |
1039 | mask of |
1040 | .B 0xffffffff | |
cc1682be MW |
1041 | is assumed. The special value |
1042 | .B %unique | |
32e5c492 EB |
1043 | assigns a unique value to each newly created IPsec SA. To additionally |
1044 | make the mark unique for each IPsec SA direction (in/out) the special value | |
1045 | .B %unique-dir | |
1046 | may be used. | |
d5f29da3 | 1047 | .TP |
6bcf6016 | 1048 | .BR mark_in " = <value>[/<mask>]" |
2269444b TB |
1049 | sets an XFRM mark on the inbound policy (not on the SA). If the mask is missing |
1050 | then a default mask of | |
d5f29da3 AS |
1051 | .B 0xffffffff |
1052 | is assumed. | |
1053 | .TP | |
6bcf6016 | 1054 | .BR mark_out " = <value>[/<mask>]" |
2269444b | 1055 | sets an XFRM mark on the outbound IPsec SA and |
a674c79a | 1056 | policy. If the mask is missing then a default mask of |
d5f29da3 AS |
1057 | .B 0xffffffff |
1058 | is assumed. | |
deddfde9 | 1059 | .TP |
6bcf6016 | 1060 | .BR mobike " = " yes " | no" |
8c4339bd AS |
1061 | enables the IKEv2 MOBIKE protocol defined by RFC 4555. Accepted values are |
1062 | .B yes | |
1063 | (the default) and | |
1064 | .BR no . | |
1065 | If set to | |
1066 | .BR no , | |
75e3d90d | 1067 | the charon daemon will not actively propose MOBIKE as initiator and |
78279973 | 1068 | ignore the MOBIKE_SUPPORTED notify as responder. |
8c4339bd | 1069 | .TP |
6bcf6016 | 1070 | .BR modeconfig " = push | " pull |
7900ab1b AS |
1071 | defines which mode is used to assign a virtual IP. |
1072 | Accepted values are | |
1073 | .B push | |
1074 | and | |
1075 | .B pull | |
1076 | (the default). | |
16149401 | 1077 | Push mode is currently not supported with IKEv2. |
c055c701 | 1078 | The setting must be the same on both sides. |
fea5e716 | 1079 | .TP |
6bcf6016 | 1080 | .BR reauth " = " yes " | no" |
c2bc2b27 AS |
1081 | whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, |
1082 | reauthentication is always done. In IKEv2, a value of | |
1083 | .B no | |
1084 | rekeys without uninstalling the IPsec SAs, a value of | |
1085 | .B yes | |
1086 | (the default) creates a new IKE_SA from scratch and tries to recreate | |
1087 | all IPsec SAs. | |
1088 | .TP | |
6bcf6016 | 1089 | .BR rekey " = " yes " | no" |
fea5e716 MW |
1090 | whether a connection should be renegotiated when it is about to expire; |
1091 | acceptable values are | |
1092 | .B yes | |
1093 | (the default) | |
1094 | and | |
1095 | .BR no . | |
7900ab1b | 1096 | The two ends need not agree, but while a value of |
fea5e716 | 1097 | .B no |
75e3d90d | 1098 | prevents charon from requesting renegotiation, |
fea5e716 MW |
1099 | it does not prevent responding to renegotiation requested from the other end, |
1100 | so | |
1101 | .B no | |
66e12b92 TB |
1102 | will be largely ineffective unless both ends agree on it. Also see |
1103 | .BR reauth . | |
fea5e716 | 1104 | .TP |
6bcf6016 | 1105 | .BR rekeyfuzz " = " 100% " | <percentage>" |
fea5e716 | 1106 | maximum percentage by which |
deddfde9 TB |
1107 | .BR marginbytes , |
1108 | .B marginpackets | |
1109 | and | |
1110 | .B margintime | |
fea5e716 MW |
1111 | should be randomly increased to randomize rekeying intervals |
1112 | (important for hosts with many connections); | |
1113 | acceptable values are an integer, | |
1114 | which may exceed 100, | |
1115 | followed by a `%' | |
deddfde9 | 1116 | (defaults to |
fea5e716 MW |
1117 | .BR 100% ). |
1118 | The value of | |
deddfde9 | 1119 | .BR marginTYPE , |
fea5e716 MW |
1120 | after this random increase, |
1121 | must not exceed | |
deddfde9 TB |
1122 | .B lifeTYPE |
1123 | (where TYPE is one of | |
1124 | .IR bytes , | |
1125 | .I packets | |
1126 | or | |
1127 | .IR time ). | |
fea5e716 MW |
1128 | The value |
1129 | .B 0% | |
deddfde9 | 1130 | will suppress randomization. |
9f8ceffb TB |
1131 | Relevant only locally, other end need not agree on it. Also see EXPIRY/REKEY |
1132 | below. | |
fea5e716 | 1133 | .TP |
8b123d2e TB |
1134 | .BR replay_window " = " \-1 " | <number>" |
1135 | The IPsec replay window size for this connection. With the default of \-1 | |
1136 | the value configured with | |
1137 | .I charon.replay_window | |
1138 | in | |
1139 | .BR strongswan.conf (5) | |
1140 | is used. Larger values than 32 are supported using the Netlink backend only, | |
1141 | a value of 0 disables IPsec replay protection. | |
1142 | .TP | |
6bcf6016 | 1143 | .BR reqid " = <number>" |
b5be105a | 1144 | sets the reqid for a given connection to a pre-configured fixed value. |
a729d17a | 1145 | .TP |
4270c8fc TB |
1146 | .BR sha256_96 " = " no " | yes" |
1147 | HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility | |
1148 | with implementations that incorrectly use 96-bit truncation this option may be | |
1149 | enabled to configure the shorter truncation length in the kernel. This is not | |
1150 | negotiated, so this only works with peers that use the incorrect truncation | |
1151 | length (or have this option enabled). | |
1152 | .TP | |
6c302616 MW |
1153 | .BR tfc " = <value>" |
1154 | number of bytes to pad ESP payload data to. Traffic Flow Confidentiality | |
1155 | is currently supported in IKEv2 and applies to outgoing packets only. The | |
1156 | special value | |
1157 | .BR %mtu | |
1158 | fills up ESP packets with padding to have the size of the MTU. | |
1159 | .TP | |
6bcf6016 | 1160 | .BR type " = " tunnel " | transport | transport_proxy | passthrough | drop" |
c2bc2b27 AS |
1161 | the type of the connection; currently the accepted values |
1162 | are | |
1163 | .B tunnel | |
1164 | (the default) | |
1165 | signifying a host-to-host, host-to-subnet, or subnet-to-subnet tunnel; | |
1166 | .BR transport , | |
1167 | signifying host-to-host transport mode; | |
84bec926 AS |
1168 | .BR transport_proxy , |
1169 | signifying the special Mobile IPv6 transport proxy mode; | |
c2bc2b27 AS |
1170 | .BR passthrough , |
1171 | signifying that no IPsec processing should be done at all; | |
1172 | .BR drop , | |
75e3d90d | 1173 | signifying that packets should be discarded. |
fea5e716 | 1174 | .TP |
6bcf6016 | 1175 | .BR xauth " = " client " | server" |
b768d6a4 | 1176 | specifies the role in the XAuth protocol if activated by |
c2bc2b27 AS |
1177 | .B authby=xauthpsk |
1178 | or | |
1179 | .B authby=xauthrsasig. | |
1180 | Accepted values are | |
1181 | .B server | |
1182 | and | |
1183 | .B client | |
1184 | (the default). | |
b768d6a4 TB |
1185 | .TP |
1186 | .BR xauth_identity " = <id>" | |
1187 | defines the identity/username the client uses to reply to an XAuth request. | |
1188 | If not defined, the IKEv1 identity will be used as XAuth identity. | |
d5cc1758 | 1189 | |
e74bc8e5 | 1190 | .SS "CONN PARAMETERS: IKEv2 MEDIATION EXTENSION" |
8015c91c | 1191 | The following parameters are relevant to IKEv2 Mediation Extension |
e74bc8e5 | 1192 | operation only. |
6bcf6016 TB |
1193 | .TP |
1194 | .BR mediation " = yes | " no | |
e74bc8e5 | 1195 | whether this connection is a mediation connection, ie. whether this |
d5cc1758 TB |
1196 | connection is used to mediate other connections. Mediation connections |
1197 | create no child SA. Acceptable values are | |
1198 | .B no | |
1199 | (the default) and | |
1200 | .BR yes . | |
1201 | .TP | |
6bcf6016 | 1202 | .BR mediated_by " = <name>" |
d5cc1758 TB |
1203 | the name of the connection to mediate this connection through. If given, |
1204 | the connection will be mediated through the named mediation connection. | |
1205 | The mediation connection must set | |
e74bc8e5 | 1206 | .BR mediation=yes . |
d5cc1758 | 1207 | .TP |
6bcf6016 | 1208 | .BR me_peerid " = <id>" |
d5cc1758 TB |
1209 | ID as which the peer is known to the mediation server, ie. which the other |
1210 | end of this connection uses as its | |
1211 | .B leftid | |
1212 | on its connection to the mediation server. This is the ID we request the | |
1213 | mediation server to mediate us with. If | |
e74bc8e5 | 1214 | .B me_peerid |
d5cc1758 TB |
1215 | is not given, the |
1216 | .B rightid | |
1217 | of this connection will be used as peer ID. | |
1218 | ||
fea5e716 | 1219 | .SH "CA SECTIONS" |
bf3c3715 TB |
1220 | These are optional sections that can be used to assign special |
1221 | parameters to a Certification Authority (CA). Because the daemons | |
1222 | automatically import CA certificates from \fI/etc/ipsec.d/cacerts\fP, | |
1223 | there is no need to explicitly add them with a CA section, unless you | |
1224 | want to assign special parameters (like a CRL) to a CA. | |
6bcf6016 | 1225 | .TP |
a5477a6f TB |
1226 | .BR also " = <name>" |
1227 | includes ca section | |
1228 | .BR <name> . | |
1229 | .TP | |
6bcf6016 | 1230 | .BR auto " = " ignore " | add" |
fea5e716 MW |
1231 | currently can have either the value |
1232 | .B ignore | |
6bcf6016 TB |
1233 | (the default) or |
1234 | .BR add . | |
fea5e716 | 1235 | .TP |
6bcf6016 | 1236 | .BR cacert " = <path>" |
8015c91c | 1237 | defines a path to the CA certificate either relative to |
fea5e716 | 1238 | \fI/etc/ipsec.d/cacerts\fP or as an absolute path. |
f6d8fb36 MW |
1239 | .br |
1240 | A value in the form | |
1241 | .B %smartcard[<slot nr>[@<module>]]:<keyid> | |
1242 | defines a specific CA certificate to load from a PKCS#11 backend for this CA. | |
1243 | See ipsec.secrets(5) for details about smartcard definitions. | |
fea5e716 | 1244 | .TP |
6bcf6016 | 1245 | .BR crluri " = <uri>" |
fea5e716 MW |
1246 | defines a CRL distribution point (ldap, http, or file URI) |
1247 | .TP | |
7900ab1b AS |
1248 | .B crluri1 |
1249 | synonym for | |
1250 | .B crluri. | |
1251 | .TP | |
6bcf6016 | 1252 | .BR crluri2 " = <uri>" |
fea5e716 MW |
1253 | defines an alternative CRL distribution point (ldap, http, or file URI) |
1254 | .TP | |
fea5e716 | 1255 | .TP |
6bcf6016 | 1256 | .BR ocspuri " = <uri>" |
fea5e716 | 1257 | defines an OCSP URI. |
7900ab1b AS |
1258 | .TP |
1259 | .B ocspuri1 | |
1260 | synonym for | |
1261 | .B ocspuri. | |
1262 | .TP | |
6bcf6016 | 1263 | .BR ocspuri2 " = <uri>" |
75e3d90d | 1264 | defines an alternative OCSP URI. |
f115838b | 1265 | .TP |
6bcf6016 | 1266 | .BR certuribase " = <uri>" |
6439267a | 1267 | defines the base URI for the Hash and URL feature supported by IKEv2. |
72970b45 | 1268 | Instead of exchanging complete certificates, IKEv2 allows one to send an URI |
6439267a TB |
1269 | that resolves to the DER encoded certificate. The certificate URIs are built |
1270 | by appending the SHA1 hash of the DER encoded certificates to this base URI. | |
fea5e716 MW |
1271 | .SH "CONFIG SECTIONS" |
1272 | At present, the only | |
1273 | .B config | |
1274 | section known to the IPsec software is the one named | |
1275 | .BR setup , | |
f115838b | 1276 | which contains information used when the software is being started. |
fea5e716 MW |
1277 | The currently-accepted |
1278 | .I parameter | |
1279 | names in a | |
1280 | .B config | |
1281 | .B setup | |
75e3d90d | 1282 | section are: |
fea5e716 | 1283 | .TP |
72970b45 TB |
1284 | .BR cachecrls " = yes | " no |
1285 | if enabled, certificate revocation lists (CRLs) fetched via HTTP or LDAP will | |
1286 | be cached in | |
1287 | .I /etc/ipsec.d/crls/ | |
1288 | under a unique file name derived from the certification authority's public key. | |
1289 | .TP | |
1290 | .BR charondebug " = <debug list>" | |
1291 | how much charon debugging output should be logged. | |
1292 | A comma separated list containing type/level-pairs may | |
1293 | be specified, e.g: | |
1294 | .B dmn 3, ike 1, net -1. | |
1295 | Acceptable values for types are | |
1296 | .B dmn, mgr, ike, chd, job, cfg, knl, net, asn, enc, lib, esp, tls, | |
1297 | .B tnc, imc, imv, pts | |
1298 | and the level is one of | |
1299 | .B -1, 0, 1, 2, 3, 4 | |
1300 | (for silent, audit, control, controlmore, raw, private). By default, the level | |
1301 | is set to | |
1302 | .B 1 | |
1303 | for all types. For more flexibility see LOGGER CONFIGURATION in | |
1304 | .IR strongswan.conf (5). | |
1305 | .TP | |
6bcf6016 TB |
1306 | .BR strictcrlpolicy " = yes | ifuri | " no |
1307 | defines if a fresh CRL must be available in order for the peer authentication | |
1308 | based on RSA signatures to succeed. | |
e0e7ef07 AS |
1309 | IKEv2 additionally recognizes |
1310 | .B ifuri | |
1311 | which reverts to | |
1312 | .B yes | |
1313 | if at least one CRL URI is defined and to | |
1314 | .B no | |
1315 | if no URI is known. | |
b360e393 | 1316 | .TP |
f4cc7ea1 | 1317 | .BR uniqueids " = " yes " | no | never | replace | keep" |
b360e393 | 1318 | whether a particular participant ID should be kept unique, |
f4cc7ea1 | 1319 | with any new IKE_SA using an ID deemed to replace all old ones using that ID; |
b360e393 | 1320 | acceptable values are |
72970b45 TB |
1321 | .B yes |
1322 | (the default), | |
f4cc7ea1 | 1323 | .B no |
b360e393 | 1324 | and |
f4cc7ea1 TB |
1325 | .BR never . |
1326 | Participant IDs normally \fIare\fR unique, so a new IKE_SA using the same ID is | |
1327 | almost invariably intended to replace an old one. The difference between | |
1328 | .B no | |
1329 | and | |
1330 | .B never | |
72970b45 TB |
1331 | is that the daemon will replace old IKE_SAs when receiving an INITIAL_CONTACT |
1332 | notify if the option is | |
f4cc7ea1 TB |
1333 | .B no |
1334 | but will ignore these notifies if | |
1335 | .B never | |
1336 | is configured. | |
75e3d90d | 1337 | The daemon also accepts the value |
b360e393 | 1338 | .B replace |
f3bb1bd0 | 1339 | which is identical to |
b360e393 MW |
1340 | .B yes |
1341 | and the value | |
1342 | .B keep | |
1343 | to reject new IKE_SA setups and keep the duplicate established earlier. | |
a5477a6f | 1344 | |
4a2e1799 TB |
1345 | .SH IDENTITY PARSING |
1346 | The type and binary encoding of identity strings specified in \fIleftid\fR | |
1347 | are detected as follows: | |
1348 | .IP \[bu] | |
1349 | If the string value contains an equal sign (=) it is assumed to be a | |
1350 | Distinguished Name, with RDNs separated by commas (,) \fIor\fR slashes (/ - the string | |
1351 | must start with a slash to use this syntax). An attempt is made to create a | |
1352 | binary ASN.1 encoding from this string. If that fails the type is set to KEY_ID | |
1353 | with the literal string value adopted as encoding. | |
1354 | .IP \[bu] | |
1355 | If the string value contains an @ the type depends on the position of that | |
1356 | character: | |
1357 | .RS | |
1358 | .IP \[bu] | |
1359 | If the string begins with @# the type is set to KEY_ID and the string following | |
1360 | that prefix is assumed to be the hex-encoded binary value of the identity. | |
1361 | .IP \[bu] | |
1362 | If the string begins with @@ the type is set to USER_FQDN and the encoding is | |
1363 | the literal string after that prefix. | |
1364 | .IP \[bu] | |
1365 | If the string begins with @ the type is set to FQDN and the encoding is the | |
1366 | literal string after that prefix. | |
1367 | .IP \[bu] | |
1368 | All remaining strings containing an @ are assumed to be of type USER_FQDN/RFC822 | |
1369 | with the literal string value as encoding. | |
1370 | .RE | |
1371 | .IP \[bu] | |
1372 | If the value does not contain any @ or = characters it is parsed as follows: | |
1373 | .RS | |
1374 | .IP \[bu] | |
1375 | If the value is an empty string, or equals %any[6], 0.0.0.0, ::, or * the | |
1376 | type is set to ID_ANY, which matches any other identity. | |
1377 | .IP \[bu] | |
1378 | If the value contains a colon (:) it is assumed to be an IPv6 address. But if | |
1379 | parsing the address and converting it to its binary encoding fails the type is | |
1380 | set to KEY_ID and the encoding is the literal value. | |
1381 | .IP \[bu] | |
1382 | For all other strings an attempt at parsing them as IPv4 addresses is made. If | |
1383 | that fails the type is set to FQDN and the literal value is adopted as | |
1384 | encoding (this is where domain names and simple names end up). | |
1385 | .RE | |
1386 | ||
75e3d90d | 1387 | .SH SA EXPIRY/REKEY |
9f8ceffb TB |
1388 | The IKE SAs and IPsec SAs negotiated by the daemon can be configured to expire |
1389 | after a specific amount of time. For IPsec SAs this can also happen after a | |
1390 | specified number of transmitted packets or transmitted bytes. The following | |
1391 | settings can be used to configure this: | |
1392 | .TS | |
1393 | l r l r,- - - -,lB s lB s,a r a r. | |
1394 | Setting Default Setting Default | |
1395 | IKE SA IPsec SA | |
1396 | ikelifetime 3h lifebytes - | |
1397 | lifepackets - | |
1398 | lifetime 1h | |
1399 | .TE | |
1400 | .SS Rekeying | |
1401 | IKE SAs as well as IPsec SAs can be rekeyed before they expire. This can be | |
1402 | configured using the following settings: | |
1403 | .TS | |
1404 | l r l r,- - - -,lB s lB s,a r a r. | |
1405 | Setting Default Setting Default | |
1406 | IKE and IPsec SA IPsec SA | |
1407 | margintime 9m marginbytes - | |
1408 | marginpackets - | |
1409 | .TE | |
1410 | .SS Randomization | |
1411 | To avoid collisions the specified margins are increased randomly before | |
1412 | subtracting them from the expiration limits (see formula below). This is | |
1413 | controlled by the | |
1414 | .B rekeyfuzz | |
1415 | setting: | |
1416 | .TS | |
1417 | l r,- -,lB s,a r. | |
1418 | Setting Default | |
1419 | IKE and IPsec SA | |
1420 | rekeyfuzz 100% | |
1421 | .TE | |
1422 | .PP | |
1423 | Randomization can be disabled by setting | |
1424 | .BR rekeyfuzz " to " 0% . | |
1425 | .SS Formula | |
1426 | The following formula is used to calculate the rekey time of IPsec SAs: | |
1427 | .PP | |
1428 | .EX | |
1429 | rekeytime = lifetime - (margintime + random(0, margintime * rekeyfuzz)) | |
1430 | .EE | |
1431 | .PP | |
1432 | It applies equally to IKE SAs and byte and packet limits for IPsec SAs. | |
1433 | .SS Example | |
1434 | Let's consider the default configuration: | |
1435 | .PP | |
1436 | .EX | |
1437 | lifetime = 1h | |
1438 | margintime = 9m | |
1439 | rekeyfuzz = 100% | |
1440 | .EE | |
1441 | .PP | |
1442 | From the formula above follows that the rekey time lies between: | |
1443 | .PP | |
1444 | .EX | |
1445 | rekeytime_min = 1h - (9m + 9m) = 42m | |
1446 | rekeytime_max = 1h - (9m + 0m) = 51m | |
1447 | .EE | |
1448 | .PP | |
1449 | Thus, the daemon will attempt to rekey the IPsec SA at a random time | |
1450 | between 42 and 51 minutes after establishing the SA. Or, in other words, | |
1451 | between 9 and 18 minutes before the SA expires. | |
1452 | .SS Notes | |
1453 | .IP \[bu] | |
1454 | Since the rekeying of an SA needs some time, the margin values must not be | |
1455 | too low. | |
1456 | .IP \[bu] | |
1457 | The value | |
1458 | .B margin... + margin... * rekeyfuzz | |
1459 | must not exceed the original limit. For example, specifying | |
1460 | .B margintime = 30m | |
1461 | in the default configuration is a bad idea as there is a chance that the rekey | |
1462 | time equals zero and, thus, rekeying gets disabled. | |
4a2e1799 | 1463 | |
fea5e716 MW |
1464 | .SH FILES |
1465 | .nf | |
1466 | /etc/ipsec.conf | |
7900ab1b AS |
1467 | /etc/ipsec.d/aacerts |
1468 | /etc/ipsec.d/acerts | |
fea5e716 MW |
1469 | /etc/ipsec.d/cacerts |
1470 | /etc/ipsec.d/certs | |
1471 | /etc/ipsec.d/crls | |
fea5e716 MW |
1472 | |
1473 | .SH SEE ALSO | |
75e3d90d | 1474 | strongswan.conf(5), ipsec.secrets(5), ipsec(8) |
fea5e716 | 1475 | .SH HISTORY |
f115838b TB |
1476 | Originally written for the FreeS/WAN project by Henry Spencer. |
1477 | Updated and extended for the strongSwan project <http://www.strongswan.org> by | |
1478 | Tobias Brunner, Andreas Steffen and Martin Willi. |