src/libstrongswan/crypt/proposal/proposal_keywords.txt
fake_nat: Fake the NAT_DETECTION_*_IP payloads to simulate a NAT
scenario
- rsa_strength: connection requires a trustchain with RSA keys of given bits
- ecdsa_strength: connection requires a trustchain with ECDSA keys of given bits
- cert_policy: connection requries a certificate with the given OID policy
+ rsa_strength: Connection requires a trustchain with RSA keys of given bits
+ ecdsa_strength: Connection requires a trustchain with ECDSA keys of given bits
+ cert_policy: Connection requries a certificate with the given OID policy
+ named_pool: Name of an IP pool defined e.g. in a database backend
The following CHILD_SA specific configuration options are supported:
child_cfg_t *child_cfg;
enumerator_t *enumerator;
identification_t *lid, *rid;
- char *child, *policy;
+ char *child, *policy, *pool;
uintptr_t strength;
ike_cfg = load_ike_config(this, settings, config);
}
auth->add(auth, AUTH_RULE_IDENTITY, rid);
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
+ pool = settings->get_str(settings, "configs.%s.named_pool", NULL, config);
+ if (pool)
+ {
+ peer_cfg->add_pool(peer_cfg, pool);
+ }
DBG1(DBG_CFG, "loaded config %s: %Y - %Y", config, lid, rid);