# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 nonce x509 revocation constraints openssl socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
+ load = pem pkcs1 nonce x509 openssl curl revocation constraints socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
- plugins {
+ plugins {
tnc-pdp {
server = aaa.strongswan.org
radius {
}
}
-libtnccs {
- plugins {
- tnccs-20 {
- max_batch_size = 131056
- max_message_size = 131024
- }
- }
+libtls {
+ suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
}
libimcv {
database = sqlite:///etc/pts/config.db
policy_script = ipsec imv_policy_manager
+
+ plugins {
+ imv-swid {
+ rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+ }
+ }
+}
+
+imv_policy_manager {
+ command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
+ command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
}