]>
Commit | Line | Data |
---|---|---|
10c7ca23 AS |
1 | # /etc/strongswan.conf - strongSwan configuration file |
2 | ||
3 | charon { | |
44b6a34d | 4 | load = pem pkcs1 nonce x509 openssl curl revocation constraints socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite |
10c7ca23 | 5 | |
44b6a34d | 6 | plugins { |
10c7ca23 AS |
7 | tnc-pdp { |
8 | server = aaa.strongswan.org | |
9 | radius { | |
10 | secret = gv6URkSs | |
11 | } | |
12 | } | |
13 | } | |
14 | } | |
15 | ||
2382d45b AS |
16 | libtls { |
17 | suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
10c7ca23 AS |
18 | } |
19 | ||
20 | libimcv { | |
21 | database = sqlite:///etc/pts/config.db | |
22 | policy_script = ipsec imv_policy_manager | |
2382d45b AS |
23 | |
24 | plugins { | |
25 | imv-swid { | |
26 | rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ | |
27 | } | |
28 | } | |
10c7ca23 | 29 | } |
79b5a33c AS |
30 | |
31 | imv_policy_manager { | |
32 | command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""' | |
33 | command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""' | |
34 | } |