ipsec.conf: conn Reference » History » Version 4

« Previous - Version 4/101 (diff) - Next » - Current version
Martin Willi, 02.09.2007 09:42
added description of per-connection parameters

= conn <name> =

'''general per connection parameters:'''

  • ''ah = ''<algorithms>
    AH authentication algorithm to be used for the connection, e.g. ''hmac-md5''.
  • ''also = ''<section name>
    includes conn section <name>.
  • ''auth = '''esp'''|ah''
    whether authentication should be done as part of ESP encryption, or separately using the AH protocol.
    The IKEv2 daemon currently supports ESP only.
  • ''authby = '''rsasig'''|psk|secret|xauthrsasig|xauthpsk|eap|never''
    how the two security gateways should authenticate each other; acceptable values are ''secret'' or ''psk''
    for shared secrets, ''rsasig'' for RSA digital signatures, and ''never'' if negotiation is never to be
    attempted or accepted (useful for shunt-only conns). Digital signatures are superior in every way to shared secrets.
    In IKEv2, the two ends must not agree on this parameter, it is relevant for the out-bound authentication method only.
    IKEv1 additionally supports the values ''xauthpsk'' and ''xauthrsasig'' that will enable ''eXtended AUTHentication (XAUTH)''
    in addition to IKEv1 main mode based on shared secrets or digital RSA signatures, respectively.
    IKEv2 additionally supports the value ''eap'', which indicates an initiator to request EAP authentication.
    The EAP method to use is selected by the server (see ''eap'').
  • ''auto = '''ignore'''|add|route|start''
    what operation, if any, should be done automatically at IPsec startup. ''add'' loads a connection without starting it.
    ''route'' loads a connection and installs kernel traps. If traffic is detected between ''leftsubnet'' and ''rightsubnet'',
    a connection is established. ''start'' loads a connection and brings it up immediatly. ''ignore'' ignores the connection.
    This is equal to delete a connection from the config file. Relevant only locally, other end need not agree on it (but in general,
    for an intended-to-be-permanent connection, both ends should use ''auto=start'' to ensure that any reboot causes
    immediate renegotiation).
  • ''compress = yes|'''no'''''
    whether IPComp compression of content is proposed on the connection (link-level compression does not work on
    encrypted data, so to be effective, compression must be done before encryption). A value of ''yes'' causes IPsec
    to propose both compressed and uncompressed, and prefer compressed. A value of no prevents IPsec from proposing
    compression; a proposal to compress will still be accepted. IKEv2 does not support IP compression yet.
  • ''dpdaction = '''none'''|clear|hold|restart''
    controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1)
    or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer.
    The values ''clear'', ''hold'', and ''restart'' all activate DPD. If no activity is detected, all connections
    with a dead peer are stopped and unrouted (''clear''), put in the hold state (''hold'') or restarted (''restart'').
    For IKEv1, the default is ''none'' which disables the active sending of R_U_THERE notifications. Nevertheless
    Pluto will always send the DPD Vendor ID during connection set up in order to signal the readiness to act passively
    as a responder if the peer wants to use DPD. For IKEv2, ''none'' does't make sense, since all messages are
    used to detect dead peers. If specified, it has the same meaning as the default (''clear'').
  • ''dpddelay = ''<time>
    defines the period time interval with which R_U_THERE messages/INFORMATIONAL exchanges are sent to the peer.
    These are only sent if no other traffic is received. In IKEv2, a value of 0 sends no additional INFORMATIONAL
    messages and uses only standard messages (such as those to rekey) to detect dead peers.
  • ''dpdtimeout = ''<time>
    defines the timeout interval, after which all connections to a peer are deleted in case of inactivity.
    This only applies to IKEv1, in IKEv2 the default retransmission timeout applies, as every exchange is used to
    detect dead peers.
  • ''eap = aka|sim''
    defines the EAP type to be used if ''authby=eap'' is selected. Currently supported values are ''aka'' for EAP-AKA
    and ''sim'' for EAP-SIM.
  • ''esp = ''<cipher suites>
    comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g. ''3des-md5 ''.
    The notation is ''encryption-integrity-[dhgroup]''. If ''dh-group'' is specified, CHILD_SA setup and rekeying
    include a separate Diffe-Hellman exchange (IKEv2 only).
  • ''ike = ''<cipher suites>
    comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms to be used, e.g. ''aes128-sha1-modp2048''.
    The notation is ''encryption-integrity-dhgroup''. In IKEv2, multiple algorithms and proposals may be included,
    such as ''aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1024''.
  • ''ikelifetime = '''3h'''|''<time>
    how long the keying channel of a connection (''ISAKMP or IKE SA'') should last before being renegotiated.
  • ''keyexchange = '''ike'''|ikev1|ikev2''
    method of key exchange; which protocol should be used to initialize the connection. Connections marked with
    ''ikev1'' are initiated with Pluto, those marked with ''ikev2'' with Charon. An incoming request from the remote peer
    is handled by the correct daemon, unaffected from the ''keyexchange'' setting. The default value ''ike'
    currently is a synonym for ''ikev1''.
  • ''keyingtries = '''%forever'''''|<number>
    how many attempts (a whole number or ''%forever'') should be made to negotiate a connection, or a replacement
    for one, before giving up. The value ''%forever'' means 'never give up'. Relevant only locally, other end need
    not agree on it.
  • ''keylife = '''1h'''|''<time>
    how long a particular instance of a connection (a set of encryption/authentication keys for user packets)
    should last, from successful negotiation to expiry; acceptable values are an integer optionally followed by
    ''s'' (a time in seconds) or a decimal number followed by ''m'', ''h'', or ''d'' (a time in minutes, hours, or days
    respectively) (default ''1h'', maximum ''24h''). Normally, the connection is renegotiated (via the keying channel)
    before it expires. The two ends need not exactly agree on ''keylife'', although if they do not, there will be
    some clutter of superseded connections on the end which thinks the lifetime is longer.
  • ''mobike = '''yes'''|no''
    enables the IKEv2 MOBIKE protocol defined by RFC 4555. If set to ''no'', the IKEv2 charon daemon will not actively
    propose MOBIKE but will still accept and support as a responder.
  • ''modeconfig = push|'''pull'''''
    defines which mode is used to assign a virtual IP. Currently relevant for IKEv1 only since IKEv2 always uses the
    configuration payload in ''pull' mode. Cisco VPN gateways usually operate in ''push' mode.
  • ''pfs = '''yes'''|no''
    whether ''Perfect Forward Secrecy'' of keys is desired on the connection's keying channel (with PFS, penetration
    of the key-exchange protocol does not compromise keys negotiated earlier). IKEv2 always uses PFS for IKE_SA rekeying
    whereas for CHILD_SA rekeying PFS is enforced by defining a Diffie-Hellman dhgroup in the ''esp'' parameter.
  • ''reauth = '''yes'''|no''
    whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done.
    In IKEv2, a value of ''no'' rekeys without uninstalling the IPsec SAs, a value of ''yes'' (the default) creates
    a new IKE_SA from scratch and tries to recreate all IPsec SAs.
  • ''rekey = '''yes'''|no''
    whether a connection should be renegotiated when it is about to expire. The two ends need not agree, but while a value
    of no prevents Pluto/Charon from requesting renegotiation, it does not prevent responding to renegotiation requested
    from the other end, so no will be largely ineffective unless both ends agree on it.
  • ''rekeyfuzz = '''100%'''|''<percentage>
    maximum percentage by which rekeymargin should be randomly increased to randomize rekeying intervals (important
    for hosts with many connections); acceptable values are an integer, which may exceed 100, followed by a '%' .
    The value of ''rekeymargin'', after this random increase, must not exceed ''keylife''. The value ''0%'' will
    suppress time randomization. Relevant only locally, other end need not agree on it.
  • ''rekeymargin = '''9m'''|''<time>
    how long before connection expiry or keying-channel expiry should attempts to negotiate a replacement begin.
    Relevant only locally, other end need not agree on it.
  • ''type = '''tunnel'''|transport|passthrough|drop|reject''
    the type of the connection; currently the accepted values are ''tunnel'', signifying a host-to-host,
    host-to-subnet, or subnet-to-subnet tunnel; ''transport'', signifying host-to-host transport mode;
    ''passthrough'', signifying that no IPsec processing should be done at all; ''drop'', signifying that packets
    should be discarded; and ''reject'', signifying that packets should be discarded and a diagnostic ICMP returned.
    Charon currently supports only ''tunnel'' and ''transport'' connection types.
  • ''xauth = '''client'''|server''
    specifies the role in the XAUTH protocol if activated by ''authby=xauthpsk'' or ''authby=xauthrsasig''.

'''left|right end parameters:'''

  • ''left|right''
  • ''left|rightallowany''
  • ''left|rightca''
  • ''left|rightcert''
  • ''left|rightfirewall''
  • ''left|rightgroups''
  • ''left|righthostaccess''
  • ''left|rightid''
  • ''left|rightnexthop''
  • ''left|rightprotoport''
  • ''left|rightrsasigkey''
  • ''left|rightsendcert''
  • ''left|rightsourceip''
  • ''left|rightsubnet''
  • ''left|rightsubnetwithin''
  • ''left|rightupdown''