Project

General

Profile

ipsec.conf: config setup Reference » History » Version 2

Martin Willi, 02.09.2007 07:11
filled in config setup options

1 1 Martin Willi
= config setup =
2 1 Martin Willi
3 2 Martin Willi
 * ''cachecrls = yes|'''no'''''
4 2 Martin Willi
     certificate revocation lists (CRLs) fetched via http or ldap will be cached in ''/etc/ipsec.d/crls/''
5 2 Martin Willi
     under a unique file name derived from the certification authority's public key.
6 1 Martin Willi
7 2 Martin Willi
 * ''charonstart''= '''yes'''|no
8 2 Martin Willi
     starts the IKEv2 charon daemon.
9 1 Martin Willi
10 2 Martin Willi
 * ''crlcheckinterval = 0s''|<time>
11 2 Martin Willi
     interval in seconds. CRL fetching is enabled if the value is greater than zero.
12 2 Martin Willi
     Asynchronous, periodic checking for fresh CRLs is currently done by the IKEv1 Pluto daemon only.
13 1 Martin Willi
14 2 Martin Willi
 * ''plutostart = '''yes'''|no''
15 2 Martin Willi
     starts the IKEv1 pluto daemon.
16 1 Martin Willi
17 2 Martin Willi
 * ''strictcrlpolicy = yes|ifuri|'''no'''''
18 2 Martin Willi
     defines if a fresh CRL must be available in order for the peer authentication based on RSA
19 2 Martin Willi
     signatures to succeed. IKEv2 additionally recognizes ''ifuri'' which reverts to ''yes'' if
20 2 Martin Willi
     at least one CRL URI is defined and to ''no'' if no URI is known.
21 1 Martin Willi
22 2 Martin Willi
23 1 Martin Willi
'''IKEv1 pluto daemon only:'''
24 1 Martin Willi
25 2 Martin Willi
 * ''keep_alive = '''20s'''''
26 1 Martin Willi
27 2 Martin Willi
 * ''nat_traversal = yes|'''no'''''
28 1 Martin Willi
29 2 Martin Willi
 * ''pkcs11initargs = ''<args>
30 1 Martin Willi
31 2 Martin Willi
 * ''pkcs11module = ''<lib>
32 1 Martin Willi
33 2 Martin Willi
 * ''pkcs11keepstate = yes|'''no'''''
34 1 Martin Willi
35 2 Martin Willi
 * ''pkcs11proxy = yes|'''no'''''
36 1 Martin Willi
37 2 Martin Willi
 * ''plutodebug = '''none'''''|<debug list>|''all''
38 1 Martin Willi
39 2 Martin Willi
 * ''postpluto = ''<commands>
40 1 Martin Willi
41 2 Martin Willi
 * ''prepluto = ''<commands>
42 1 Martin Willi
43 2 Martin Willi
 * ''virtual_private = ''<networks>
44 1 Martin Willi
45 2 Martin Willi
 * ''uniqueids = '''yes'''|no''
46 1 Martin Willi
47 1 Martin Willi
'''IKEv2 charon daemon only:'''
48 1 Martin Willi
49 2 Martin Willi
 * ''charondebug = ''<debug list>