attr plugin¶
The attr plugin provides IKE attributes configured in strongswan.conf to peers. It is enabled by default.
Behavior¶
Configured attributes are assigned to peers via configuration payloads (IKEv2) or via Mode Config (IKEv1). Attributes are only assigned to peers if they request a virtual IP.
Configuration¶
The plugin is configured using the following strongswan.conf options.
| Key | Default | Description |
| IKEv2 | ||
| charon.plugins.attr.<attribute> | Attribute assigned to a peer via configuration payload (CP) | |
| IKEv1 | ||
| pluto.plugins.attr.<attribute> | Attribute assigned to a peer via Mode Config | |
Attribute Types¶
Possible values for <attribute> are listed in the following table. Depending on the address family of the IP address specified as value the proper IP4 or IP6 attribute type is used.
Multiple values can be specified as a comma separated list.
| Key | Attribute Type | Description | |
| IPv4 | |||
| address | INTERNAL_IP4_ADDRESS | 1 | Internal IPv4 address |
| netmask | INTERNAL_IP4_NETMASK | 2 | Netmask of the internal network (in dotted decimal notation), similar to subnet but bound to the internal address |
| dns | INTERNAL_IP4_DNS | 3 | DNS server |
| nbns | INTERNAL_IP4_NBNS | 4 | WINS server |
| dhcp | INTERNAL_IP4_DHCP | 6 | DHCP server |
| subnet | INTERNAL_IP4_SUBNET | 13 | The protected sub-networks that this edge-device protects (in CIDR notation) |
| <integer> | As configured | Arbitrary attribute using configured attribute type as assigned by IANA | |
| IPv6 | |||
| address | INTERNAL_IP6_ADDRESS | 8 | Internal IPv6 address |
| netmask | INTERNAL_IP6_NETMASK | 9 | Netmask of the internal network (IKEv1 only) |
| dns | INTERNAL_IP6_DNS | 10 | DNS server |
| nbns | INTERNAL_IP6_NBNS | 11 | WINS server (IKEv1 only) |
| dhcp | INTERNAL_IP6_DHCP | 12 | DHCP server |
| subnet | INTERNAL_IP6_SUBNET | 15 | The protected sub-networks that this edge-device protects (in CIDR notation) |
| <integer> | As configured | Arbitrary attribute using configured attribute type as assigned by IANA | |
Legacy Options¶
| Key | Default | Description |
| IKEv2 | ||
| charon.dns1 | DNS server 1 assigned to peer via configuration payload (CP) | |
| charon.dns2 | DNS server 2 assigned to peer via configuration payload (CP) | |
| charon.nbns1 | WINS server 1 assigned to peer via configuration payload (CP) | |
| charon.nbns2 | WINS server 2 assigned to peer via configuration payload (CP) | |
| IKEv1 | ||
| pluto.dns1 | DNS server 1 assigned to peer via Mode Config | |
| pluto.dns2 | DNS server 2 assigned to peer via Mode Config | |
| pluto.nbns1 | WINS server 1 assigned to peer via Mode Config | |
| pluto.nbns2 | WINS server 2 assigned to peer via Mode Config | |
Example¶
# the following assigns two DNS servers to peers
charon {
plugins {
attr {
dns = 10.0.10.10, 10.0.20.10
}
}
}
# this is the same using the legacy options
charon {
dns1 = 10.0.10.10
dns2 = 10.0.20.10
}