1 # /etc/strongswan.conf - strongSwan configuration file
4 load = pem pkcs1 nonce x509 openssl curl revocation constraints socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
8 server = aaa.strongswan.org
17 suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
21 database = sqlite:///etc/pts/config.db
22 policy_script = ipsec imv_policy_manager
26 rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
32 command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
33 command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'