connection from. As responder, the local destination address must match at
least to one of the specified addresses, subnets or ranges.
+ If FQDNs are assigned they are resolved every time a configuration lookup
+ is done. If DNS resolution times out, the lookup is delayed for that time.
+
connections.<conn>.remote_addrs = %any
Remote address(es) to use for IKE communication, comma separated.
connection to. As responder, the initiator source address must match at
least to one of the specified addresses, subnets or ranges.
+ If FQDNs are assigned they are resolved every time a configuration lookup
+ is done. If DNS resolution times out, the lookup is delayed for that time.
+
To initiate a connection, at least one specific address or DNS name must
be specified.
specified; this option has no effect on connections using IKE2.
connections.<conn>.fragmentation = yes
- Use IKE UDP datagram fragmentation. (_yes_, _no_ or _force_).
+ Use IKE UDP datagram fragmentation. (_yes_, _accept_, _no_ or _force_).
Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
- fragmentation). Acceptable values are _yes_ (the default), _force_ and
- _no_. Fragmented IKE messages sent by a peer are always accepted
- irrespective of the value of this option. If set to _yes_, and the peer
- supports it, oversized IKE messages will be sent in fragments. If set to
- _force_ (only supported for IKEv1) the initial IKE message will already
- be fragmented if required.
+ fragmentation). Acceptable values are _yes_ (the default), _accept_,
+ _force_ and _no_. If set to _yes_, and the peer supports it, oversized IKE
+ messages will be sent in fragments. If set to _accept_, support for
+ fragmentation is announced to the peer but the daemon does not send its own
+ messages in fragments. If set to _force_ (only supported for IKEv1) the
+ initial IKE message will already be fragmented if required. Finally, setting
+ the option to _no_ will disable announcing support for this feature.
+
+ Note that fragmented IKE messages sent by a peer are always accepted
+ irrespective of the value of this option (even when set to _no_).
connections.<conn>.send_certreq = yes
Send certificate requests payloads (_yes_ or _no_).
certificate payloads altogether, _always_ causes certificate payloads to be
sent unconditionally whenever certificate authentication is used.
+connections.<conn>.ppk_id =
+ String identifying the Postquantum Preshared Key (PPK) to be used.
+
+connections.<conn>.ppk_required = no
+ Whether a Postquantum Preshared Key (PPK) is required for this connection.
+
connections.<conn>.keyingtries = 1
Number of retransmission sequences to perform during initial connect.
On initiators this setting specifies whether an INITIAL_CONTACT notify is
sent during IKE_AUTH if no existing connection is found with the remote
peer (determined by the identities of the first authentication round).
- Only if set to _keep_ or _replace_ will the client send a notify.
+ Unless set to _never_ the client will send a notify.
connections.<conn>.reauth_time = 0s
Time to schedule IKE reauthentication.
algorithm that matches or exceeds the strength of the signature key.
If no constraints with _ike:_ prefix are configured any signature scheme
constraint (without _ike:_ prefix) will also apply to IKEv2 authentication,
- unless this is disabled in **strongswan.conf**(5).
+ unless this is disabled in **strongswan.conf**(5). To use RSASSA-PSS
+ signatures use _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g.
+ _ike:rsa/pss-sha256_. If _pubkey_ or _rsa_ constraints are configured
+ RSASSA-PSS signatures will only be used if enabled in
+ **strongswan.conf**(5).
connections.<conn>.local<suffix>.id =
IKE identity to use for authentication round.
IKE identity to expect for authentication round. Refer to the _local_ _id_
section for details.
+connections.<conn>.remote<suffix>.eap_id = id
+ Identity to use as peer identity during EAP authentication.
+
+ Identity to use as peer identity during EAP authentication. If set to _%any_
+ the EAP-Identity method will be used to ask the client for an identity.
+
connections.<conn>.remote<suffix>.groups =
Authorization group memberships to require.
key type followed by the minimum strength in bits (for example _ecdsa-384_
or _rsa-2048-ecdsa-256_). To limit the acceptable set of hashing algorithms
for trustchain validation, append hash algorithms to _pubkey_ or a key
- strength definition (for example _pubkey-sha1-sha256_ or
- _rsa-2048-ecdsa-256-sha256-sha384-sha512_).
+ strength definition (for example _pubkey-sha256-sha512_,
+ _rsa-2048-sha256-sha384-sha512_ or
+ _rsa-2048-sha256-ecdsa-256-sha256-sha384_).
Unless disabled in **strongswan.conf**(5), or explicit IKEv2 signature
constraints are configured (refer to the description of the **local**
section's **auth** keyword for details), such key types and hash algorithms
are also applied as constraints against IKEv2 signature authentication
- schemes used by the remote side.
+ schemes used by the remote side. To require RSASSA-PSS signatures use
+ _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g. _rsa/pss-sha256_. If
+ _pubkey_ or _rsa_ constraints are configured RSASSA-PSS signatures will only
+ be accepted if enabled in **strongswan.conf**(5).
To specify trust chain constraints for EAP-(T)TLS, append a colon to the
EAP method, followed by the key type/size and hash algorithm as discussed
for interoperability. If no algorithms are specified for AH nor ESP,
the _default_ set of algorithms for ESP is included.
+connections.<conn>.children.<child>.sha256_96 = no
+ Use incorrect 96-bit truncation for HMAC-SHA-256.
+
+ HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility
+ with implementations that incorrectly use 96-bit truncation this option may
+ be enabled to configure the shorter truncation length in the kernel. This
+ is not negotiated, so this only works with peers that use the incorrect
+ truncation length (or have this option enabled).
+
connections.<conn>.children.<child>.local_ts = dynamic
Local traffic selectors to include in CHILD_SA.
value _opaque_ for RFC 4301 OPAQUE selectors. Port ranges may be specified
as well, none of the kernel backends currently support port ranges, though.
- Unless the Unity extension is used, IKEv1 supports the first specified
- selector only. IKEv1 uses very similar traffic selector narrowing as it is
- supported in the IKEv2 protocol.
+ When IKEv1 is used only the first selector is interpreted, except if
+ the Cisco Unity extension plugin is used. This is due to a limitation of the
+ IKEv1 protocol, which only allows a single pair of selectors per CHILD_SA.
+ So to tunnel traffic matched by several pairs of selectors when using IKEv1
+ several children (CHILD_SAs) have to be defined that cover the selectors.
+
+ The IKE daemon uses traffic selector narrowing for IKEv1, the same way it is
+ standardized and implemented for IKEv2. However, this may lead to problems
+ with other implementations. To avoid that, configure identical selectors in
+ such scenarios.
connections.<conn>.children.<child>.remote_ts = dynamic
Remote selectors to include in CHILD_SA.
connections.<conn>.children.<child>.updown =
Updown script to invoke on CHILD_SA up and down events.
-connections.<conn>.children.<child>.hostaccess = yes
+connections.<conn>.children.<child>.hostaccess = no
Hostaccess variable to pass to **updown** script.
connections.<conn>.children.<child>.mode = tunnel
connections.<conn>.children.<child>.mark_in = 0/0x00000000
Netfilter mark and mask for input traffic.
- Netfilter mark and mask for input traffic. On Linux Netfilter may require
- marks on each packet to match an SA having that option set. This allows
- Netfilter rules to select specific tunnels for incoming traffic. The
- special value _%unique_ sets a unique mark on each CHILD_SA instance.
+ Netfilter mark and mask for input traffic. On Linux, Netfilter may require
+ marks on each packet to match an SA/policy having that option set. This
+ allows installing duplicate policies and enables Netfilter rules to select
+ specific SAs/policies for incoming traffic. Note that inbound marks are
+ only set on policies, by default, unless *mark_in_sa* is enabled. The
+ special value _%unique_ sets a unique mark on each CHILD_SA instance, beyond
+ that the value _%unique-dir_ assigns a different unique mark for each
+ CHILD_SA direction (in/out).
An additional mask may be appended to the mark, separated by _/_. The
default mask if omitted is 0xffffffff.
+connections.<conn>.children.<child>.mark_in_sa = no
+ Whether to set *mark_in* on the inbound SA.
+
+ Whether to set *mark_in* on the inbound SA. By default, the inbound mark is
+ only set on the inbound policy. The tuple destination address, protocol and
+ SPI is unique and the mark is not required to find the correct SA, allowing
+ to mark traffic after decryption instead (where more specific selectors may
+ be used) to match different policies. Marking packets before decryption is
+ still possible, even if no mark is set on the SA.
+
connections.<conn>.children.<child>.mark_out = 0/0x00000000
Netfilter mark and mask for output traffic.
- Netfilter mark and mask for output traffic. On Linux Netfilter may require
- marks on each packet to match a policy having that option set. This allows
- Netfilter rules to select specific tunnels for outgoing traffic. The
- special value _%unique_ sets a unique mark on each CHILD_SA instance.
+ Netfilter mark and mask for output traffic. On Linux, Netfilter may require
+ marks on each packet to match a policy/SA having that option set. This
+ allows installing duplicate policies and enables Netfilter rules to select
+ specific policies/SAs for outgoing traffic. The special value _%unique_ sets
+ a unique mark on each CHILD_SA instance, beyond that the value _%unique-dir_
+ assigns a different unique mark for each CHILD_SA direction (in/out).
An additional mask may be appended to the mark, separated by _/_. The
default mask if omitted is 0xffffffff.
+connections.<conn>.children.<child>.set_mark_in = 0/0x00000000
+ Netfilter mark applied to packets after the inbound IPsec SA processed them.
+
+ Netfilter mark applied to packets after the inbound IPsec SA processed them.
+ This way it's not necessary to mark packets via Netfilter before decryption
+ or right afterwards to match policies or process them differently (e.g. via
+ policy routing).
+
+ An additional mask may be appended to the mark, separated by _/_. The
+ default mask if omitted is 0xffffffff. The special value _%same_ uses
+ the value (but not the mask) from **mark_in** as mark value, which can be
+ fixed, _%unique_ or _%unique-dir_.
+
+ Setting marks in XFRM input requires Linux 4.19 or higher.
+
+connections.<conn>.children.<child>.set_mark_out = 0/0x00000000
+ Netfilter mark applied to packets after the outbound IPsec SA processed
+ them.
+
+ Netfilter mark applied to packets after the outbound IPsec SA processed
+ them. This allows processing ESP packets differently than the original
+ traffic (e.g. via policy routing).
+
+ An additional mask may be appended to the mark, separated by _/_. The
+ default mask if omitted is 0xffffffff. The special value _%same_ uses
+ the value (but not the mask) from **mark_out** as mark value, which can be
+ fixed, _%unique_ or _%unique-dir_.
+
+ Setting marks in XFRM output is supported since Linux 4.14. Setting a mask
+ requires at least Linux 4.19.
+
connections.<conn>.children.<child>.tfc_padding = 0
Traffic Flow Confidentiality padding.
default of 32 are supported using the Netlink backend only, a value of 0
disables IPsec replay protection.
+connections.<conn>.children.<child>.hw_offload = no
+ Enable hardware offload for this CHILD_SA, if supported by the IPsec
+ implementation.
+
+ Enable hardware offload for this CHILD_SA, if supported by the IPsec
+ implementation. The value _yes_ enforces offloading and the installation
+ will fail if it's not supported by either kernel or device. The value _auto_
+ enables offloading, if it's supported, but the installation does not fail
+ otherwise.
+
+connections.<conn>.children.<child>.copy_df = yes
+ Whether to copy the DF bit to the outer IPv4 header in tunnel mode.
+
+ Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This
+ effectively disables Path MTU discovery (PMTUD). Controlling this behavior
+ is not supported by all kernel interfaces.
+
+connections.<conn>.children.<child>.copy_ecn = yes
+ Whether to copy the ECN header field to/from the outer IP header in tunnel
+ mode.
+
+ Whether to copy the ECN (Explicit Congestion Notification) header field
+ to/from the outer IP header in tunnel mode. Controlling this behavior is not
+ supported by all kernel interfaces.
+
+connections.<conn>.children.<child>.copy_dscp = out
+ Whether to copy the DSCP header field to/from the outer IP header in tunnel
+ mode.
+
+ Whether to copy the DSCP (Differentiated Services Field Codepoint) header
+ field to/from the outer IP header in tunnel mode. The value _out_ only
+ copies the field from the inner to the outer header, the value _in_ does the
+ opposite and only copies the field from the outer to the inner header when
+ decapsulating, the value _yes_ copies the field in both directions, and the
+ value _no_ disables copying the field altogether. Setting this to _yes_ or
+ _in_ could allow an attacker to adversely affect other traffic at the
+ receiver, which is why the default is _out_. Controlling this behavior is
+ not supported by all kernel interfaces.
+
connections.<conn>.children.<child>.start_action = none
Action to perform after loading the configuration (_none_, _trap_, _start_).
may be specified, each having an _id_ prefix, if a secret is shared between
multiple peers.
+secrets.ppk<suffix> { # }
+ Postquantum Preshared Key (PPK) section for a specific secret.
+
+ Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
+ defined in a unique section having the _ppk_ prefix.
+
+secrets.ppk<suffix>.secret =
+ Value of the PPK.
+
+ Value of the PPK. It may either be an ASCII string, a hex encoded string if
+ it has a _0x_ prefix or a Base64 encoded string if it has a _0s_ prefix in
+ its value. Should have at least 256 bits of entropy for 128-bit security.
+
+secrets.ppk<suffix>.id<suffix> =
+ PPK identity the PPK belongs to.
+
+ PPK identity the PPK belongs to. Multiple unique identities
+ may be specified, each having an _id_ prefix, if a secret is shared between
+ multiple peers.
+
secrets.private<suffix> { # }
Private key decryption passphrase for a key in the _private_ folder.
built by appending the SHA1 hash of the DER encoded certificates to this
base URI.
+include conf.d/*.conf
+ Include config snippets