ipsec.conf: conn Reference » History » Version 26

Tobias Brunner, 15.10.2009 14:48
new lifetime limits documented (available in 4.3.5)

1 21 Andreas Steffen
h1. conn <name>
2 1 Martin Willi
3 1 Martin Willi
4 23 Tobias Brunner
h2. general per connection parameters
5 21 Andreas Steffen
6 23 Tobias Brunner
_ah = <algorithms>_
7 23 Tobias Brunner
p((. AH authentication algorithm to be used for the connection, e.g. _hmac-md5_.
8 21 Andreas Steffen
9 23 Tobias Brunner
_also = <section name>_
10 23 Tobias Brunner
p((. includes conn section <name>.
11 1 Martin Willi
12 23 Tobias Brunner
_auth = *esp* | ah_
13 23 Tobias Brunner
p((. whether authentication should be done as part of ESP encryption, or separately using the AH protocol.
14 1 Martin Willi
     The IKEv2 daemon currently supports ESP only.
15 1 Martin Willi
16 24 Andreas Steffen
_authby = *pubkey* | rsasig | ecdsasig | psk | secret | xauthrsasig | xauthpsk | eap | never_
17 1 Martin Willi
p((. how the two security gateways should authenticate each other; acceptable values are *secret* or *psk*
18 25 Andreas Steffen
     for pre-shared secrets, *pubkey* for public key signatures as well as the synonyms *rsasig* for RSA digital
19 24 Andreas Steffen
     signatures and *ecdsasig* for Elliptic Curve DSA signatures. *never*  can be used if  negotiation is  never
20 24 Andreas Steffen
     to be attempted or accepted (useful for shunt-only conns). Digital signatures are superior in every way to
21 24 Andreas Steffen
     shared secrets. In IKEv2, the two ends must not agree on this parameter, it is relevant for the out-bound 
22 21 Andreas Steffen
     authentication  method only. IKEv1 additionally supports the values *xauthpsk* and *xauthrsasig* that
23 21 Andreas Steffen
     will enable _eXtended AUTHentication (XAUTH)_ in addition to IKEv1 main mode based on shared secrets
24 21 Andreas Steffen
     or digital RSA signatures,  respectively. IKEv2 additionally supports the value *eap*, which indicates
25 21 Andreas Steffen
     an initiator to request EAP authentication. The EAP method to use is selected by the server (see _eap_).
26 20 Andreas Steffen
     This parameter is deprecated for IKEv2 connections, as two peers do ot need to agree on an authentication
27 21 Andreas Steffen
     method. Use the _left|rightauth_ parameter to define authentication methods in IKEv2.
28 20 Andreas Steffen
29 23 Tobias Brunner
_auto = *ignore* | add | route | start_
30 23 Tobias Brunner
p((. what operation, if any, should be done automatically at IPsec startup. *add* loads a connection without
31 21 Andreas Steffen
     starting it. *route* loads a connection and installs kernel traps. If traffic is detected between
32 21 Andreas Steffen
     _leftsubnet_ and _rightsubnet_, a connection is established. *start* loads a connection and brings
33 21 Andreas Steffen
     it up immediatly. *ignore* ignores the connection. This is equal to delete a connection from the config
34 1 Martin Willi
     file. Relevant only locally, other end need not agree on it (but in general, for an intended-to-be-permanent
35 23 Tobias Brunner
     connection, both ends should use _auto = *start*_ to ensure that any reboot causes immediate renegotiation).
36 1 Martin Willi
37 23 Tobias Brunner
_compress = yes | *no*_
38 23 Tobias Brunner
p((. whether IPComp compression of content is proposed on the connection (link-level compression does not work on
39 21 Andreas Steffen
     encrypted data, so to be effective, compression must be done before encryption). A value of *yes* causes IPsec
40 4 Martin Willi
     to propose both compressed and  uncompressed, and  prefer compressed. A value of no prevents IPsec from proposing
41 1 Martin Willi
     compression; a proposal to compress will still be accepted. IKEv2 does not support IP compression yet.
42 1 Martin Willi
43 23 Tobias Brunner
_dpdaction = *none* | clear | hold | restart_
44 23 Tobias Brunner
p((. controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages
45 1 Martin Willi
     (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the
46 21 Andreas Steffen
     IPsec peer. The values *clear*, *hold*, and *restart* all activate DPD. If no activity is detected,
47 21 Andreas Steffen
     all  connections with a dead peer are stopped and unrouted (*clear*), put in the hold state (*hold*)
48 21 Andreas Steffen
     or restarted (*restart*). For IKEv1, the default is *none* which disables the active sending of
49 1 Martin Willi
     R_U_THERE  notifications. Nevertheless Pluto will always send the DPD Vendor ID during connection set up
50 1 Martin Willi
     in order to signal the readiness to act passively as a responder if the peer wants to use DPD. For IKEv2,
51 21 Andreas Steffen
     *none* does't make sense, since all messages are used to detect dead peers. If specified, it has the
52 21 Andreas Steffen
     same meaning as the default (*clear*).
53 1 Martin Willi
54 23 Tobias Brunner
_dpddelay = <time>_
55 23 Tobias Brunner
p((. defines  the  period time interval with which R_U_THERE messages/INFORMATIONAL exchanges are sent to the peer.
56 1 Martin Willi
     These are only sent if no other traffic is received. In IKEv2, a value of 0 sends no additional INFORMATIONAL
57 1 Martin Willi
     messages and uses only standard messages (such as those to rekey) to detect dead peers.
58 1 Martin Willi
59 23 Tobias Brunner
_dpdtimeout = <time>_
60 23 Tobias Brunner
p((. defines the timeout interval, after which all connections to a peer are deleted in case of inactivity.
61 1 Martin Willi
     This only applies to IKEv1, in IKEv2 the default retransmission timeout applies, as every exchange is used to
62 1 Martin Willi
     detect dead peers.
63 20 Andreas Steffen
64 23 Tobias Brunner
_eap = aka | gtc | md5 | mschapv2 | radius | sim | <type> | <type>-<vendor>_
65 23 Tobias Brunner
p((. defines the EAP type to be used if _authby=eap_ is selected. Currently supported values are *aka*
66 21 Andreas Steffen
     for EAP-AKA, *gtc* for EAP-GTC, *md5* for EAP-MD5, *mschapv2* for EAP-MS-CHAPv2, *radius* for the
67 21 Andreas Steffen
     EAP-RADIUS proxy  and *sim* for EAP-SIM.
68 21 Andreas Steffen
     Additionally, IANA assigned EAP method numbers are accepted, or a definition in the form *eap=type-vendor*
69 1 Martin Willi
     (e.g. eap=7-12345 ) can be used to specify vendor specific EAP types. For IKEv2 this parameter is deprecated
70 21 Andreas Steffen
     in favour of _left|rightauth_.
71 5 Martin Willi
72 23 Tobias Brunner
_eap_identity = <id>_
73 23 Tobias Brunner
p((. defines the identity the client uses to reply to an EAP Identity request. If defined on the EAP server, the defined
74 21 Andreas Steffen
     identity  will be used as peer identity during EAP authentication. The special value _%identity_ uses the EAP Identity method
75 14 Martin Willi
     to ask the client for a EAP identity. If not defined, the IKEv2 identity will be used as EAP identity.
76 1 Martin Willi
77 23 Tobias Brunner
_esp = <cipher suites>_
78 23 Tobias Brunner
p((. comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g.
79 21 Andreas Steffen
     _3des-md5_. The notation is _encryption-integrity-[dhgroup]_. If _dh-group_ is specified,
80 1 Martin Willi
     CHILD_SA setup and rekeying include a separate Diffe-Hellman exchange (IKEv2 only).
81 1 Martin Willi
82 23 Tobias Brunner
_forceencaps = yes | *no*_
83 23 Tobias Brunner
p((.  Force UDP encapsulation for ESP packets even if no NAT situation is detected.
84 1 Martin Willi
      This may help to surmount restrictive firewalls. In order to force the peer to
85 1 Martin Willi
      encapsulate packets, NAT detection payloads are faked (IKEv2 only). 
86 1 Martin Willi
87 23 Tobias Brunner
_ike = <cipher suites>_
88 23 Tobias Brunner
p((. comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms to be used, e.g.
89 21 Andreas Steffen
     _aes128-sha1-modp2048_. The notation is _encryption-integrity-dhgroup_. In IKEv2, multiple algorithms
90 21 Andreas Steffen
     and proposals may be included, such as _aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1024_.
91 20 Andreas Steffen
92 23 Tobias Brunner
_ikelifetime = *3h* | <time>_
93 23 Tobias Brunner
p((. how long the keying channel of a connection (_ISAKMP or IKE SA_) should last before being renegotiated.
94 1 Martin Willi
95 23 Tobias Brunner
_installpolicy = *yes* | no_
96 23 Tobias Brunner
p((. decides whether IPsec policies are installed in the kernel by the IKEv2 charon daemon for a given connection.
97 21 Andreas Steffen
     Allows peaceful cooperation e.g. with the Mobile IPv6  _mip6d_ daemon who wants to control the kernel policies.
98 1 Martin Willi
99 23 Tobias Brunner
_keyexchange = *ike* | ikev1 | ikev2_
100 23 Tobias Brunner
p((. method of key exchange; which protocol should be used to initialize the connection. Connections marked with
101 21 Andreas Steffen
     *ikev1*  are initiated with Pluto, those marked with *ikev2* with Charon. An incoming request from 
102 21 Andreas Steffen
     the remote peer is handled by the correct daemon, unaffected from the _keyexchange_ setting. The default 
103 21 Andreas Steffen
     value *ike* currently is a synonym for *ikev1*.
104 20 Andreas Steffen
105 23 Tobias Brunner
_keyingtries = *%forever* | <number>_
106 23 Tobias Brunner
p((. how  many attempts (a whole number or _%forever_) should be made to negotiate a connection, or a replacement
107 21 Andreas Steffen
     for one, before giving up. The value _%forever_ means 'never give up'.  Relevant  only  locally, other end need
108 1 Martin Willi
     not agree on it.
109 5 Martin Willi
110 26 Tobias Brunner
111 26 Tobias Brunner
p((. synonym for _lifetime_.
112 26 Tobias Brunner
113 26 Tobias Brunner
_lifebytes = <number>_
114 26 Tobias Brunner
p((. the number of bytes transmitted over an IPsec SA before it expires (IKEv2 only).
115 26 Tobias Brunner
116 26 Tobias Brunner
_lifepackets = <number>_
117 26 Tobias Brunner
p((. the number of packets transmitted over an IPsec SA before it expires (IKEv2 only).
118 26 Tobias Brunner
119 26 Tobias Brunner
_lifetime = *1h* | <time>_
120 1 Martin Willi
p((. how  long  a  particular  instance  of a connection (a set of encryption/authentication keys for user packets)
121 21 Andreas Steffen
     should last, from successful negotiation to expiry; acceptable values are an integer optionally followed by
122 1 Martin Willi
     _s_ (a time in seconds) or a decimal number followed by _m_, _h_, or _d_ (a time in minutes, hours,
123 21 Andreas Steffen
     or days respectively) (default _1h_, maximum _24h_).  Normally, the connection is renegotiated (via the
124 26 Tobias Brunner
     keying  channel) before it expires (see _margintime_).  The two ends need not exactly agree on _lifetime_, although if they
125 1 Martin Willi
     do not, there will be some clutter of superseded connections on the end which thinks the lifetime is longer.
126 1 Martin Willi
127 26 Tobias Brunner
_marginbytes = <number>_
128 26 Tobias Brunner
p((. how many bytes before IPsec SA expiry (see _lifebytes_) should attempts to negotiate a replacement begin (IKEv2 only).
129 26 Tobias Brunner
130 26 Tobias Brunner
_marginpackets = <number>_
131 26 Tobias Brunner
p((. how many packets before IPsec SA expiry (see _lifepackets_) should attempts to negotiate a replacement begin (IKEv2 only).
132 26 Tobias Brunner
133 26 Tobias Brunner
_margintime = *9m* | <time>_
134 26 Tobias Brunner
p((. how long before connection expiry or keying-channel expiry should attempts to negotiate a replacement begin; acceptable values
135 26 Tobias Brunner
     as for _lifetime_ (default _9m_).  Relevant only locally, other end need not agree on it.
136 26 Tobias Brunner
137 23 Tobias Brunner
_mobike = *yes* | no_
138 23 Tobias Brunner
p((. enables the IKEv2 [[MobIke|MOBIKE]] protocol defined by RFC 4555. If set to *no*, the IKEv2 charon
139 21 Andreas Steffen
     daemon will not actively propose [[MobIke|MOBIKE]] but will still accept and support the mobility protocol
140 1 Martin Willi
     as a responder.
141 1 Martin Willi
142 23 Tobias Brunner
_modeconfig = push | *pull*_
143 23 Tobias Brunner
p((. defines which mode is used to assign a virtual IP. Currently relevant for IKEv1 only since IKEv2 always uses
144 21 Andreas Steffen
     the configuration payload in *pull* mode. Cisco VPN gateways usually operate in *push* mode.
145 1 Martin Willi
146 21 Andreas Steffen
_pfs = *yes* | no_
147 1 Martin Willi
p((. whether _Perfect Forward Secrecy_ of keys is desired on the connection's keying channel (with PFS,
148 1 Martin Willi
     penetration of the key-exchange protocol does not compromise keys negotiated earlier). IKEv2 always uses
149 23 Tobias Brunner
     PFS for IKE_SA rekeying whereas for CHILD_SA rekeying PFS is enforced by defining a Diffie-Hellman dhgroup
150 23 Tobias Brunner
     in the _esp_ parameter.
151 21 Andreas Steffen
152 20 Andreas Steffen
_pfsgroup = <modp group>_
153 20 Andreas Steffen
p((. defines a Diffie-Hellman group for _perfect forward secrecy_ in IKEv1 Quick Mode differing from the DH group
154 23 Tobias Brunner
     used for IKEv1 Main Mode (IKEv1 pluto daemon only). 
155 23 Tobias Brunner
156 1 Martin Willi
_reauth = *yes* | no_
157 1 Martin Willi
p((. whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done.
158 4 Martin Willi
     In  IKEv2, a value of *no* rekeys without uninstalling the IPsec SAs, a value of *yes* (the default)
159 23 Tobias Brunner
     creates a new IKE_SA from scratch and tries to recreate all IPsec SAs.
160 23 Tobias Brunner
161 1 Martin Willi
_rekey = *yes* | no_
162 1 Martin Willi
p((. whether a connection should be renegotiated when it is about to expire. The two ends need not agree, but
163 1 Martin Willi
     while a value of no prevents Pluto/Charon from requesting renegotiation, it does not prevent responding
164 1 Martin Willi
     to renegotiation requested from the other end, so no will be largely ineffective unless both ends agree on it.
165 1 Martin Willi
166 1 Martin Willi
_rekeyfuzz = *100%* | <percentage>_
167 26 Tobias Brunner
p((. maximum percentage by which _marginbytes_, _marginpackets_ and _margintime_ should be randomly increased to randomize
168 26 Tobias Brunner
     rekeying intervals (important for hosts with many connections); acceptable values are an integer, which may exceed 100,
169 26 Tobias Brunner
     followed  by  a '%' .
170 26 Tobias Brunner
     The value of _marginTYPE_, after this random increase, must not exceed _lifeTYPE_ (where TYPE is one of bytes, packets or type).
171 26 Tobias Brunner
     The value _0%_ will suppress randomization. Relevant only locally, other end need not agree on it.
172 16 Andreas Steffen
173 26 Tobias Brunner
174 26 Tobias Brunner
p((.  synonym for _margintime_.
175 23 Tobias Brunner
176 21 Andreas Steffen
_type = *tunnel* | transport | transport_proxy | passthrough | drop | reject_
177 21 Andreas Steffen
p((. the type of the connection; currently the accepted values are *tunnel*, signifying a  host-to-host,
178 21 Andreas Steffen
     host-to-subnet, or subnet-to-subnet tunnel; *transport*, signifying host-to-host transport mode;
179 21 Andreas Steffen
     *transport_proxy*, signifying the special Mobile IPv6 transport proxy mode;
180 23 Tobias Brunner
     *passthrough*, signifying that no IPsec processing should be done at all; *drop*, signifying that packets
181 20 Andreas Steffen
     should be  discarded; and *reject*, signifying that packets should be discarded and a diagnostic ICMP
182 23 Tobias Brunner
     returned. Charon currently supports only *tunnel*, transport, and transport_proxy connection types.
183 23 Tobias Brunner
184 20 Andreas Steffen
_xauth = *client* | server_
185 23 Tobias Brunner
p((. specifies the role in the XAUTH protocol if activated by _authby=xauthpsk_ or _authby=xauthrsasig_.
186 20 Andreas Steffen
187 23 Tobias Brunner
h2. left|right end parameters
188 23 Tobias Brunner
189 21 Andreas Steffen
_left|right = <ip address> | <fqdn> | %defaultroute | %any_
190 20 Andreas Steffen
p((. (required) the IP address of the left participant's public-network interface, in any form accepted by
191 21 Andreas Steffen
     ttoaddr(3) or one of several magic values.  If it is _%defaultroute_, left will be filled in automatically
192 21 Andreas Steffen
     with the local address of the default-route interface (as determined at IPsec startup time). (Either left
193 21 Andreas Steffen
     or right may be _%defaultroute_, but not both.) The value _%any_ signifies an address to be filled in
194 21 Andreas Steffen
     (by automatic keying) during negotiation. The prefix _%_ in front of a fully-qualified domain name or an
195 7 Martin Willi
     IP address will implicitly  set _leftallowany=yes_. If the domain name cannot be resolved into an IP
196 23 Tobias Brunner
     address at IPsec startup or update  time  then  _left=%any_  and  _leftallowany=no_ will be assumed.
197 23 Tobias Brunner
198 23 Tobias Brunner
_left|rightallowany = yes | *no*_
199 20 Andreas Steffen
p((. a modifier for _left|right_, making it behave as _%any_ although a concrete IP address has been
200 23 Tobias Brunner
     assigned. Recommended for dynamic IP addresses that can be resolved by DynDNS at IPsec startup or update time.
201 23 Tobias Brunner
202 21 Andreas Steffen
_left|rightauth = <auth method>_
203 21 Andreas Steffen
p((. Authentication method to use locally (left) or require from the remote (right) side. This parameter is 
204 21 Andreas Steffen
     supported in IKEv2 only. Acceptable values are *pubkey* for public key encryption (RSA/ECDSA), *psk*
205 21 Andreas Steffen
     for pre-shared key authentication, and *eap* to [require the] use of the Extensible Authentication Protocol.
206 21 Andreas Steffen
     In the case of *eap*, an optional EAP method can be appended. Currently defined methods are *eap-aka*,
207 21 Andreas Steffen
     *eap-sim*, *eap-gtc*, *eap-md5*, and *eap-mschapv2*.  Alternatively, IANA assigned EAP method
208 7 Martin Willi
     numbers are accepted. Vendor specific EAP methods are defined in the form *eap-type-vendor* (e.g.
209 23 Tobias Brunner
210 23 Tobias Brunner
211 21 Andreas Steffen
_left|rightauth2 = <auth method>_
212 20 Andreas Steffen
p((. Same as _left|rightauth_, but defines a second authentication exchange. IKEv2 supports multiple authentication
213 20 Andreas Steffen
     rounds using _Multiple Authentication Exchanges_ defined in "RFC 4739":
214 7 Martin Willi
     This allows e.g. a separate authentication of host and user (IKEv2 only).
215 23 Tobias Brunner
216 23 Tobias Brunner
217 21 Andreas Steffen
_left|rightca = <issuer dn> | %same_
218 1 Martin Willi
p((. the distinguished name of a certificate authority which is required to lie in the trust path going from the
219 23 Tobias Brunner
     _left|right_ participant's certificate up to the root certification authority.
220 23 Tobias Brunner
221 21 Andreas Steffen
_left|rightca2 = <issuer dn> | %same_
222 7 Martin Willi
p((. Same as _left|rightca_ but defines an additional authentication exchange. IKEv2 supports multiple 
223 1 Martin Willi
     authentication rounds using _Multiple Authentication Exchanges' defined in "RFC 4739":
224 23 Tobias Brunner
     This allows e.g. separate authentication of host and user (IKev2 only).
225 23 Tobias Brunner
226 23 Tobias Brunner
_left|rightcert = <path>_
227 23 Tobias Brunner
p((. the path to the left|right participant's X.509 certificate. The file can be coded either in PEM or DER format.
228 21 Andreas Steffen
     OpenPGP certificates are supported as well (IKEv1 only).  Both absolute paths or paths relative to
229 21 Andreas Steffen
     [[IpsecDirectoryCerts|/etc/ipsec.d/certs]] are accepted. By default _left|rightcert_ sets _left|rightid_
230 7 Martin Willi
     to the distinguished name of the certificate's subject and _left|rightca_ to the distinguished name of
231 7 Martin Willi
     the certificate's issuer. The _left|right_ participant's ID can be overridden by specifying a _left|rightid_
232 23 Tobias Brunner
     value which must be certified by the certificate, though.
233 23 Tobias Brunner
234 1 Martin Willi
_left|rightcert2 = _<path>
235 23 Tobias Brunner
p((. Same as _left|rightcert_ but for the second authentication round (IKEv2 only).
236 23 Tobias Brunner
237 21 Andreas Steffen
_left|rightfirewall = yes | *no*_
238 7 Martin Willi
p((. whether the _left|right_ participant is doing forwarding-firewalling (including  masquerading)
239 21 Andreas Steffen
     using iptables for traffic from _left|rightsubnet_, which should be turned off for traffic to the
240 1 Martin Willi
     other subnet) once the connection is established. May not be used in the same connection description with
241 1 Martin Willi
     _left|rightupdown_. Implemented as a parameter to the default _ipsec _updown_ script. Relevant only
242 23 Tobias Brunner
     locally, other end need not agree on it.
243 7 Martin Willi
244 7 Martin Willi
p((. If one or  both security gateways are doing forwarding firewalling (possibly including masquerading),
245 1 Martin Willi
     and this is specified using the firewall parameters, tunnels  established with  IPsec  are exempted from
246 21 Andreas Steffen
     it so that packets can flow unchanged through the tunnels. (This means that all subnets connected in this
247 20 Andreas Steffen
     manner must have distinct, non-overlapping subnet address blocks.)  This is done by the default 
248 23 Tobias Brunner
     _ipsec _updown_ script (see pluto(8)).
249 20 Andreas Steffen
250 20 Andreas Steffen
p((. In situations calling for more control, it may be preferable for the user to supply his own updown script,
251 23 Tobias Brunner
     which makes the appropriate adjustments for his system.
252 23 Tobias Brunner
253 7 Martin Willi
_left|rightgroups = <group list>_
254 23 Tobias Brunner
p((. a comma-separated list of group names. If the _left|rightgroups_ parameter is present then the peer must
255 23 Tobias Brunner
     be a member of at least one of the groups defined by the parameter. Group membership must be certified by a
256 1 Martin Willi
     valid attribute certificate stored in [[IpsecDirectoryAcerts|/etc/ipsec.d/acerts]] that has been issued
257 7 Martin Willi
     to the peer by a trusted Authorization Authority stored in [[IpsecDirectoryAacerts|/etc/ipsec.d/aacerts]].
258 23 Tobias Brunner
     Attribute certificates are not supported in IKEv2 yet.
259 23 Tobias Brunner
260 1 Martin Willi
_left|righthostaccess = yes | *no*_
261 7 Martin Willi
p((. inserts a pair of INPUT and OUTPUT iptables rules using the default _ipsec _updown_ script,
262 7 Martin Willi
     thus allowing access to the host itself in the case where the host's internal interface is part
263 23 Tobias Brunner
     of the negotiated client subnet. 
264 23 Tobias Brunner
265 23 Tobias Brunner
_left|rightid = <id>_
266 12 Martin Willi
p((. how the _left|right_ participant should be identified for authentication; defaults to _left|right_.
267 1 Martin Willi
     Can be an IP address (in any ttoaddr(3) syntax) or a fully-qualified domain name preceded by @
268 23 Tobias Brunner
     (which is used as a literal string and not resolved).
269 23 Tobias Brunner
270 21 Andreas Steffen
_left|rightid2 = <id>_
271 8 Martin Willi
p((. Identity to use for the second authentication of the left participant (IKEv2 only).
272 23 Tobias Brunner
     Defaults to _left|rightid_. 
273 23 Tobias Brunner
274 21 Andreas Steffen
_left|rightnexthop = %direct | %defaultroute | <ip address> | <fqdn>_
275 21 Andreas Steffen
p((. this parameter is usually not needed any more because the NETKEY IPsec stack does not require
276 8 Martin Willi
     explicit routing entries for the traffic to be tunneled. If _left|sourceip_ is used with IKEv1
277 23 Tobias Brunner
     then _left|rightnexthop_ must still be set in order for the source routes to work properly.
278 23 Tobias Brunner
279 21 Andreas Steffen
_left|rightprotoport = <protocol>/<port>_
280 7 Martin Willi
p((. restrict the traffic selector to a single protocol and/or port. Examples: _leftprotoport=tcp/http_
281 23 Tobias Brunner
     or _leftprotoport=6/80_ or _rightprotoport=udp_
282 23 Tobias Brunner
283 21 Andreas Steffen
_left|rightrsasigkey = *%cert* | <raw rsa public key>_
284 1 Martin Willi
p((. the left participant's public key for RSA signature authentication, in RFC 2537 format using ttodata(3)
285 23 Tobias Brunner
     encoding. The default value _%cert_ means that the key is extracted from a certificate.
286 23 Tobias Brunner
287 1 Martin Willi
_left|rightsendcert = never | no | *ifasked* | always | yes_
288 7 Martin Willi
p((. Accepted values are *never* or *no*, *always* or *yes*, and *ifasked*, the latter meaning that 
289 23 Tobias Brunner
     the peer must send a certificate request (CR) payload in order to get a certificate in return.
290 23 Tobias Brunner
291 21 Andreas Steffen
_left|rightsourceip = %config | %cfg | %modeconfig | %modecfg | <ip address>_
292 7 Martin Willi
p((. The internal source IP to use in a tunnel, also known as [[VirtualIp|virtual IP]].
293 1 Martin Willi
     If the value is one of the synonyms _%modeconfig, %modecfg, %config_, or _%cfg_, an address is
294 1 Martin Willi
     requested from the peer. In IKEv2, a statically defined address is also requested, since the server
295 23 Tobias Brunner
     may change it.
296 21 Andreas Steffen
297 1 Martin Willi
p((. If _leftsourceip=%config_ is set to request a [[VirtualIp|virtual IP]] from the peer then the
298 1 Martin Willi
     responder must define the address-to-be-assigned using a separate conn section with a _rightsourceip_
299 23 Tobias Brunner
     statement for each client.
300 23 Tobias Brunner
301 21 Andreas Steffen
_left|rightsubnet = <ip subnet>_
302 1 Martin Willi
p((. private subnet behind the left participant, expressed as network/netmask (actually, any form acceptable to
303 23 Tobias Brunner
     ttosubnet(3)); if omitted, essentially assumed to be left/32, signifying that the _left|right_ end of the
304 22 Martin Willi
     connection goes to the _left|right_ participant only. When using IKEv2, the configured subnet of the peers
305 1 Martin Willi
     may differ, the  protocol  narrows  it  to  the greatest common subnet. Further, IKEv2 supports multiple
306 23 Tobias Brunner
     subnets separated by commas. IKEv1 only interprets the first subnet of such a definition. 
307 23 Tobias Brunner
308 21 Andreas Steffen
_left|rightsubnetwithin = <ip subnet>_
309 1 Martin Willi
p((. the  peer can propose any subnet or single IP address that fits within the range defined by
310 23 Tobias Brunner
     _left|rightsubnetwithin_.  Not relevant for IKEv2, as subnets are narrowed.
311 23 Tobias Brunner
312 21 Andreas Steffen
_left|rightupdown = <path>_
313 21 Andreas Steffen
p((. what _updown_ script to run to adjust routing and/or firewalling when the status of the connection
314 1 Martin Willi
     changes (default _ipsec _updown_). Relevant only locally, other end need not agree on it.
315 1 Martin Willi
     IKEv2 uses the _updown_ script to insert firewall rules only, since routing has been implemented directly
316 1 Martin Willi
     into Charon.