projects / people / ms / strongswan.git / blame
| Commit | Line | Data |
|---|---|---|
| 10c7ca23 AS |
1 | # /etc/strongswan.conf - strongSwan configuration file |
| 2 | ||
| 3 | charon { | |
| 44b6a34d | 4 | load = pem pkcs1 nonce x509 openssl curl revocation constraints socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite |
| 10c7ca23 | 5 | |
| 44b6a34d | 6 | plugins { |
| 10c7ca23 AS |
7 | tnc-pdp { |
| 8 | server = aaa.strongswan.org | |
| 9 | radius { | |
| 10 | secret = gv6URkSs | |
| 11 | } | |
| 12 | } | |
| 13 | } | |
| 14 | } | |
| 15 | ||
| 2382d45b AS |
16 | libtls { |
| 17 | suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
| 10c7ca23 AS |
18 | } |
| 19 | ||
| 20 | libimcv { | |
| 21 | database = sqlite:///etc/pts/config.db | |
| 22 | policy_script = ipsec imv_policy_manager | |
| 2382d45b AS |
23 | |
| 24 | plugins { | |
| 25 | imv-swid { | |
| 26 | rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ | |
| 27 | } | |
| 28 | } | |
| 10c7ca23 | 29 | } |
| 79b5a33c AS |
30 | |
| 31 | imv_policy_manager { | |
| 32 | command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""' | |
| 33 | command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""' | |
| 34 | } |