ipsec.conf: conn Reference » History » Version 49

Tobias Brunner, 24.10.2011 13:27

1 49 Tobias Brunner
{{title(ipsec.conf: conn <name> Reference)}}
2 49 Tobias Brunner
3 49 Tobias Brunner
h1. ipsec.conf: conn <name>
4 1 Martin Willi
5 44 Tobias Brunner
6 1 Martin Willi
7 44 Tobias Brunner
h2. General Connection Parameters
8 21 Andreas Steffen
9 36 Andreas Steffen
_aaa_identity = <id>_
10 36 Andreas Steffen
11 36 Andreas Steffen
p((. defines the identity of the AAA backend used during IKEv2 EAP authentication. This is required if
12 36 Andreas Steffen
     the EAP client uses a method that verifies the server identity (such as EAP-TLS), but it does not
13 36 Andreas Steffen
     match the IKEv2 gateway identity.
14 36 Andreas Steffen
15 23 Tobias Brunner
_also = <section name>_
16 31 Martin Willi
17 23 Tobias Brunner
p((. includes conn section <name>.
18 1 Martin Willi
19 23 Tobias Brunner
_auth = *esp* | ah_
20 31 Martin Willi
21 23 Tobias Brunner
p((. whether authentication should be done as part of ESP encryption, or separately using the AH protocol.
22 1 Martin Willi
     The IKEv2 daemon currently supports ESP only.
23 1 Martin Willi
24 24 Andreas Steffen
_authby = *pubkey* | rsasig | ecdsasig | psk | secret | xauthrsasig | xauthpsk | eap | never_
25 31 Martin Willi
26 1 Martin Willi
p((. how the two security gateways should authenticate each other; acceptable values are *secret* or *psk*
27 25 Andreas Steffen
     for pre-shared secrets, *pubkey* for public key signatures as well as the synonyms *rsasig* for RSA digital
28 24 Andreas Steffen
     signatures and *ecdsasig* for Elliptic Curve DSA signatures. *never*  can be used if  negotiation is  never
29 24 Andreas Steffen
     to be attempted or accepted (useful for shunt-only conns). Digital signatures are superior in every way to
30 24 Andreas Steffen
     shared secrets. In IKEv2, the two ends must not agree on this parameter, it is relevant for the out-bound 
31 21 Andreas Steffen
     authentication  method only. IKEv1 additionally supports the values *xauthpsk* and *xauthrsasig* that
32 21 Andreas Steffen
     will enable _eXtended AUTHentication (XAUTH)_ in addition to IKEv1 main mode based on shared secrets
33 21 Andreas Steffen
     or digital RSA signatures,  respectively. IKEv2 additionally supports the value *eap*, which indicates
34 21 Andreas Steffen
     an initiator to request EAP authentication. The EAP method to use is selected by the server (see _eap_).
35 20 Andreas Steffen
     This parameter is deprecated for IKEv2 connections, as two peers do ot need to agree on an authentication
36 21 Andreas Steffen
     method. Use the _left|rightauth_ parameter to define authentication methods in IKEv2.
37 20 Andreas Steffen
38 23 Tobias Brunner
_auto = *ignore* | add | route | start_
39 31 Martin Willi
40 23 Tobias Brunner
p((. what operation, if any, should be done automatically at IPsec startup. *add* loads a connection without
41 21 Andreas Steffen
     starting it. *route* loads a connection and installs kernel traps. If traffic is detected between
42 21 Andreas Steffen
     _leftsubnet_ and _rightsubnet_, a connection is established. *start* loads a connection and brings
43 21 Andreas Steffen
     it up immediatly. *ignore* ignores the connection. This is equal to delete a connection from the config
44 1 Martin Willi
     file. Relevant only locally, other end need not agree on it (but in general, for an intended-to-be-permanent
45 23 Tobias Brunner
     connection, both ends should use _auto = *start*_ to ensure that any reboot causes immediate renegotiation).
46 1 Martin Willi
47 47 Tobias Brunner
_closeaction = *none* | clear | hold | restart_
48 47 Tobias Brunner
49 47 Tobias Brunner
p((. defines the action to take if the remote peer unexpectedly closes a CHILD_SA (IKEv2 only, see _dpdaction_ for
50 47 Tobias Brunner
     meaning of values). A _closeaction_ should not be used if the peer uses reauthentication or uniqueids checking,
51 47 Tobias Brunner
     as these events might trigger a closeaction when not desired.
52 47 Tobias Brunner
53 23 Tobias Brunner
_compress = yes | *no*_
54 31 Martin Willi
55 23 Tobias Brunner
p((. whether IPComp compression of content is proposed on the connection (link-level compression does not work on
56 21 Andreas Steffen
     encrypted data, so to be effective, compression must be done before encryption). A value of *yes* causes IPsec
57 4 Martin Willi
     to propose both compressed and  uncompressed, and  prefer compressed. A value of no prevents IPsec from proposing
58 33 Tobias Brunner
     compression; a proposal to compress will still be accepted.
59 1 Martin Willi
60 23 Tobias Brunner
_dpdaction = *none* | clear | hold | restart_
61 31 Martin Willi
62 23 Tobias Brunner
p((. controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages
63 1 Martin Willi
     (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the
64 21 Andreas Steffen
     IPsec peer. The values *clear*, *hold*, and *restart* all activate DPD. If no activity is detected,
65 21 Andreas Steffen
     all  connections with a dead peer are stopped and unrouted (*clear*), put in the hold state (*hold*)
66 21 Andreas Steffen
     or restarted (*restart*). For IKEv1, the default is *none* which disables the active sending of
67 1 Martin Willi
     R_U_THERE  notifications. Nevertheless Pluto will always send the DPD Vendor ID during connection set up
68 1 Martin Willi
     in order to signal the readiness to act passively as a responder if the peer wants to use DPD. For IKEv2,
69 1 Martin Willi
     *none* does't make sense, since all messages are used to detect dead peers. If specified, it has the
70 21 Andreas Steffen
     same meaning as the default (*clear*).
71 21 Andreas Steffen
72 41 Tobias Brunner
_dpddelay = *30s* | <time>_
73 1 Martin Willi
74 31 Martin Willi
p((. defines  the  period time interval with which R_U_THERE messages/INFORMATIONAL exchanges are sent to the peer.
75 23 Tobias Brunner
     These are only sent if no other traffic is received. In IKEv2, a value of 0 sends no additional INFORMATIONAL
76 1 Martin Willi
     messages and uses only standard messages (such as those to rekey) to detect dead peers.
77 1 Martin Willi
78 41 Tobias Brunner
_dpdtimeout = *150s* | <time>_
79 31 Martin Willi
80 23 Tobias Brunner
p((. defines the timeout interval, after which all connections to a peer are deleted in case of inactivity.
81 41 Tobias Brunner
     This only applies to IKEv1, in IKEv2 the default [[Retransmission|retransmission timeout]] applies, as every exchange is used to
82 1 Martin Willi
     detect dead peers.
83 20 Andreas Steffen
84 1 Martin Willi
_inactivity = <time>_
85 30 Martin Willi
86 31 Martin Willi
p((. defines the timeout interval, after which a CHILD_SA is closed if it did not send or receive any traffic.
87 30 Martin Willi
     Currently supported in IKEv2 connections only.
88 30 Martin Willi
89 1 Martin Willi
_eap = aka | gtc | md5 | mschapv2 | radius | sim | <type> | <type>-<vendor>_
90 23 Tobias Brunner
91 41 Tobias Brunner
p((. defines the EAP type to propose as server if the client requests EAP authentication. Currently supported values are *aka*
92 23 Tobias Brunner
     for EAP-AKA, *gtc* for EAP-GTC, *md5* for EAP-MD5, *mschapv2* for EAP-MS-CHAPv2, *radius* for the
93 21 Andreas Steffen
     EAP-RADIUS proxy  and *sim* for EAP-SIM.
94 21 Andreas Steffen
     Additionally, IANA assigned EAP method numbers are accepted, or a definition in the form *eap=type-vendor*
95 21 Andreas Steffen
     (e.g. eap=7-12345 ) can be used to specify vendor specific EAP types. For IKEv2 this parameter is deprecated
96 1 Martin Willi
     in favour of _left|rightauth_.
97 41 Tobias Brunner
     To forward EAP authentication to a RADIUS server using the [[EapRadius|EAP-RADIUS plugin]], set *eap=radius*.
98 5 Martin Willi
99 23 Tobias Brunner
_eap_identity = <id>_
100 1 Martin Willi
101 31 Martin Willi
p((. defines the identity the client uses to reply to an EAP Identity request. If defined on the EAP server, the defined
102 23 Tobias Brunner
     identity  will be used as peer identity during EAP authentication. The special value _%identity_ uses the EAP Identity method
103 14 Martin Willi
     to ask the client for a EAP identity. If not defined, the IKEv2 identity will be used as EAP identity.
104 1 Martin Willi
105 1 Martin Willi
_esp = <cipher suites>_
106 23 Tobias Brunner
107 23 Tobias Brunner
p((. comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g.
108 48 Tobias Brunner
     _aes128-sha256_. The notation is _encryption-integrity[-dhgroup][-esnmode]_.
109 48 Tobias Brunner
     Defaults to *aes128-sha1,3des-sha1* for IKEv1. The IKEv2 daemon adds its extensive default proposal to
110 48 Tobias Brunner
     this default or the configured value. To restrict it to the configured proposal an exclamation mark (*&excl;*)
111 48 Tobias Brunner
     can be added at the end.
112 48 Tobias Brunner
     *Note*: As a responder both daemons accept the first supported proposal received from the peer. In order
113 48 Tobias Brunner
     to restrict a responder to only accept specific cipher suites, the strict flag (*&excl;*, exclamation mark)
114 48 Tobias Brunner
     can be used, e.g: _aes256-sha512-modp4096!_
115 48 Tobias Brunner
     If _dh-group_ is specified, CHILD_SA setup and rekeying include a separate Diffe-Hellman exchange (IKEv2 only).
116 48 Tobias Brunner
     Valid values for _esnmode_ (IKEv2 only) are _esn_ and _noesn_.  Specifying both negotiates extended sequence
117 48 Tobias Brunner
     number support with the peer, the default is *noesn*.
118 43 Tobias Brunner
     Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords.
119 1 Martin Willi
120 23 Tobias Brunner
_forceencaps = yes | *no*_
121 31 Martin Willi
122 41 Tobias Brunner
p((.  force UDP encapsulation for ESP packets even if no NAT situation is detected.
123 1 Martin Willi
      This may help to surmount restrictive firewalls. In order to force the peer to
124 1 Martin Willi
      encapsulate packets, NAT detection payloads are faked (IKEv2 only). 
125 1 Martin Willi
126 23 Tobias Brunner
_ike = <cipher suites>_
127 31 Martin Willi
128 23 Tobias Brunner
p((. comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms to be used, e.g.
129 1 Martin Willi
     _aes128-sha1-modp2048_. The notation is _encryption-integrity-dhgroup_. In IKEv2, multiple algorithms
130 1 Martin Willi
     and proposals may be included, such as _aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1024_.
131 48 Tobias Brunner
     Defaults to *aes128-sha1-modp2048,3des-sha1-modp1536* for IKEv1. The IKEv2 daemon adds its extensive
132 48 Tobias Brunner
     default proposal to this default or the configured value. To restrict it to the configured proposal an
133 48 Tobias Brunner
     exclamation mark (*&excl;*) can be added at the end.
134 48 Tobias Brunner
     *Note*: As a responder both daemons accept the first supported proposal received from the peer. In order
135 48 Tobias Brunner
     to restrict a responder to only accept specific cipher suites, the strict flag (*&excl;*, exclamation mark)
136 48 Tobias Brunner
     can be used, e.g: _aes256-sha512-modp4096!_
137 43 Tobias Brunner
     Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords.
138 20 Andreas Steffen
139 23 Tobias Brunner
_ikelifetime = *3h* | <time>_
140 31 Martin Willi
141 40 Tobias Brunner
p((. how long the keying channel of a connection (_ISAKMP or IKE SA_) should last before being renegotiated. Also see [[ExpiryRekey|Expiry and Rekey]].
142 1 Martin Willi
143 23 Tobias Brunner
_installpolicy = *yes* | no_
144 31 Martin Willi
145 23 Tobias Brunner
p((. decides whether IPsec policies are installed in the kernel by the IKEv2 charon daemon for a given connection.
146 21 Andreas Steffen
     Allows peaceful cooperation e.g. with the Mobile IPv6  _mip6d_ daemon who wants to control the kernel policies.
147 1 Martin Willi
148 23 Tobias Brunner
_keyexchange = *ike* | ikev1 | ikev2_
149 31 Martin Willi
150 23 Tobias Brunner
p((. method of key exchange; which protocol should be used to initialize the connection. Connections marked with
151 21 Andreas Steffen
     *ikev1*  are initiated with Pluto, those marked with *ikev2* with Charon. An incoming request from 
152 38 Andreas Steffen
     the remote peer is handled by the correct daemon, unaffected from the _keyexchange_ setting. Starting with
153 38 Andreas Steffen
     strongSwan 4.5 the default value *ike* is a synonym for *ikev2*, whereas in older strongSwan releases *ikev1*
154 38 Andreas Steffen
     was assumed.
155 20 Andreas Steffen
156 45 Tobias Brunner
_keyingtries = *3* | <number> | %forever_
157 31 Martin Willi
158 46 Daniel Mentz
p((. how  many attempts (a positive integer or _%forever_) should be made to negotiate a connection, or a replacement
159 45 Tobias Brunner
     for one, before giving up (default 3). The value _%forever_ means 'never give up'.  Relevant  only  locally, other end need
160 1 Martin Willi
     not agree on it.
161 5 Martin Willi
162 26 Tobias Brunner
163 31 Martin Willi
164 26 Tobias Brunner
p((. synonym for _lifetime_.
165 26 Tobias Brunner
166 26 Tobias Brunner
_lifebytes = <number>_
167 31 Martin Willi
168 26 Tobias Brunner
p((. the number of bytes transmitted over an IPsec SA before it expires (IKEv2 only).
169 26 Tobias Brunner
170 26 Tobias Brunner
_lifepackets = <number>_
171 31 Martin Willi
172 26 Tobias Brunner
p((. the number of packets transmitted over an IPsec SA before it expires (IKEv2 only).
173 26 Tobias Brunner
174 26 Tobias Brunner
_lifetime = *1h* | <time>_
175 31 Martin Willi
176 1 Martin Willi
p((. how  long  a  particular  instance  of a connection (a set of encryption/authentication keys for user packets)
177 21 Andreas Steffen
     should last, from successful negotiation to expiry; acceptable values are an integer optionally followed by
178 1 Martin Willi
     _s_ (a time in seconds) or a decimal number followed by _m_, _h_, or _d_ (a time in minutes, hours,
179 21 Andreas Steffen
     or days respectively) (default _1h_, maximum _24h_).  Normally, the connection is renegotiated (via the
180 26 Tobias Brunner
     keying  channel) before it expires (see _margintime_).  The two ends need not exactly agree on _lifetime_, although if they
181 1 Martin Willi
     do not, there will be some clutter of superseded connections on the end which thinks the lifetime is longer.
182 40 Tobias Brunner
     Also see [[ExpiryRekey|Expiry and Rekey]].
183 1 Martin Willi
184 26 Tobias Brunner
_marginbytes = <number>_
185 31 Martin Willi
186 26 Tobias Brunner
p((. how many bytes before IPsec SA expiry (see _lifebytes_) should attempts to negotiate a replacement begin (IKEv2 only).
187 26 Tobias Brunner
188 26 Tobias Brunner
_marginpackets = <number>_
189 31 Martin Willi
190 26 Tobias Brunner
p((. how many packets before IPsec SA expiry (see _lifepackets_) should attempts to negotiate a replacement begin (IKEv2 only).
191 26 Tobias Brunner
192 26 Tobias Brunner
_margintime = *9m* | <time>_
193 1 Martin Willi
194 26 Tobias Brunner
p((. how long before connection expiry or keying-channel expiry should attempts to negotiate a replacement begin; acceptable values
195 40 Tobias Brunner
     as for _lifetime_ (default _9m_).  Relevant only locally, other end need not agree on it. Also see [[ExpiryRekey|Expiry and Rekey]].
196 26 Tobias Brunner
197 35 Andreas Steffen
_mark = <value>[/<mask>]_
198 35 Andreas Steffen
199 37 Tobias Brunner
p((. sets  an XFRM mark in the inbound and outbound IPsec SAs and policies. If the mask is missing then
200 35 Andreas Steffen
     a default mask of *0xffffffff* is assumed.
201 39 Gerd v. Egidy
     If using not the default mask make sure that the mark <value> given is the first <value> value valid 
202 39 Gerd v. Egidy
     in this mark (Bits which are zero in the <mask> must be zero in the <value> too).
203 35 Andreas Steffen
204 35 Andreas Steffen
_mark_in = <value>[/<mask>]_
205 35 Andreas Steffen
206 37 Tobias Brunner
p((. sets an XFRM mark in the inbound IPsec SA and policy. If the mask is missing then
207 35 Andreas Steffen
     a default mask of *0xffffffff* is assumed.
208 39 Gerd v. Egidy
     If using not the default mask make sure that the mark <value> given is the first <value> value valid 
209 39 Gerd v. Egidy
     in this mark (Bits which are zero in the <mask> must be zero in the <value> too).
210 35 Andreas Steffen
211 35 Andreas Steffen
_mark_out = <value>[/<mask>]_
212 35 Andreas Steffen
213 37 Tobias Brunner
p((. sets an XFRM mark in the outbound IPsec SA and policy. If the mask is missing then
214 35 Andreas Steffen
     a default mask of *0xffffffff* is assumed.
215 39 Gerd v. Egidy
     If using not the default mask make sure that the mark <value> given is the first <value> value valid 
216 39 Gerd v. Egidy
     in this mark (Bits which are zero in the <mask> must be zero in the <value> too).
217 35 Andreas Steffen
218 23 Tobias Brunner
_mobike = *yes* | no_
219 31 Martin Willi
220 23 Tobias Brunner
p((. enables the IKEv2 [[MobIke|MOBIKE]] protocol defined by RFC 4555. If set to *no*, the IKEv2 charon
221 21 Andreas Steffen
     daemon will not actively propose [[MobIke|MOBIKE]] but will still accept and support the mobility protocol
222 1 Martin Willi
     as a responder.
223 1 Martin Willi
224 23 Tobias Brunner
_modeconfig = push | *pull*_
225 31 Martin Willi
226 23 Tobias Brunner
p((. defines which mode is used to assign a virtual IP. Currently relevant for IKEv1 only since IKEv2 always uses
227 21 Andreas Steffen
     the configuration payload in *pull* mode. Cisco VPN gateways usually operate in *push* mode.
228 1 Martin Willi
229 21 Andreas Steffen
_pfs = *yes* | no_
230 31 Martin Willi
231 1 Martin Willi
p((. whether _Perfect Forward Secrecy_ of keys is desired on the connection's keying channel (with PFS,
232 1 Martin Willi
     penetration of the key-exchange protocol does not compromise keys negotiated earlier). IKEv2 always uses
233 23 Tobias Brunner
     PFS for IKE_SA rekeying whereas for CHILD_SA rekeying PFS is enforced by defining a Diffie-Hellman dhgroup
234 23 Tobias Brunner
     in the _esp_ parameter.
235 21 Andreas Steffen
236 20 Andreas Steffen
_pfsgroup = <modp group>_
237 31 Martin Willi
238 20 Andreas Steffen
p((. defines a Diffie-Hellman group for _perfect forward secrecy_ in IKEv1 Quick Mode differing from the DH group
239 23 Tobias Brunner
     used for IKEv1 Main Mode (IKEv1 pluto daemon only). 
240 23 Tobias Brunner
241 1 Martin Willi
_reauth = *yes* | no_
242 31 Martin Willi
243 1 Martin Willi
p((. whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done.
244 4 Martin Willi
     In  IKEv2, a value of *no* rekeys without uninstalling the IPsec SAs, a value of *yes* (the default)
245 23 Tobias Brunner
     creates a new IKE_SA from scratch and tries to recreate all IPsec SAs.
246 23 Tobias Brunner
247 1 Martin Willi
_rekey = *yes* | no_
248 31 Martin Willi
249 1 Martin Willi
p((. whether a connection should be renegotiated when it is about to expire. The two ends need not agree, but
250 1 Martin Willi
     while a value of no prevents Pluto/Charon from requesting renegotiation, it does not prevent responding
251 1 Martin Willi
     to renegotiation requested from the other end, so no will be largely ineffective unless both ends agree on it.
252 1 Martin Willi
253 1 Martin Willi
_rekeyfuzz = *100%* | <percentage>_
254 31 Martin Willi
255 26 Tobias Brunner
p((. maximum percentage by which _marginbytes_, _marginpackets_ and _margintime_ should be randomly increased to randomize
256 1 Martin Willi
     rekeying intervals (important for hosts with many connections); acceptable values are an integer, which may exceed 100,
257 26 Tobias Brunner
     followed  by  a '%' .
258 26 Tobias Brunner
     The value of _marginTYPE_, after this random increase, must not exceed _lifeTYPE_ (where TYPE is one of bytes, packets or type).
259 26 Tobias Brunner
     The value _0%_ will suppress randomization. Relevant only locally, other end need not agree on it.
260 40 Tobias Brunner
     Also see [[ExpiryRekey|Expiry and Rekey]].
261 16 Andreas Steffen
262 26 Tobias Brunner
263 31 Martin Willi
264 26 Tobias Brunner
p((.  synonym for _margintime_.
265 23 Tobias Brunner
266 41 Tobias Brunner
_reqid = <number>_
267 34 Tobias Brunner
268 34 Tobias Brunner
p((. sets the reqid for a given connection to a pre-configured fixed value (IKEv2 only).
269 34 Tobias Brunner
270 21 Andreas Steffen
_type = *tunnel* | transport | transport_proxy | passthrough | drop | reject_
271 31 Martin Willi
272 21 Andreas Steffen
p((. the type of the connection; currently the accepted values are *tunnel*, signifying a  host-to-host,
273 21 Andreas Steffen
     host-to-subnet, or subnet-to-subnet tunnel; *transport*, signifying host-to-host transport mode;
274 21 Andreas Steffen
     *transport_proxy*, signifying the special Mobile IPv6 transport proxy mode;
275 23 Tobias Brunner
     *passthrough*, signifying that no IPsec processing should be done at all; *drop*, signifying that packets
276 20 Andreas Steffen
     should be  discarded; and *reject*, signifying that packets should be discarded and a diagnostic ICMP
277 23 Tobias Brunner
     returned. Charon currently supports only *tunnel*, transport, and transport_proxy connection types.
278 23 Tobias Brunner
279 20 Andreas Steffen
_xauth = *client* | server_
280 31 Martin Willi
281 1 Martin Willi
p((. specifies the role in the XAUTH protocol if activated by _authby=xauthpsk_ or _authby=xauthrsasig_.
282 20 Andreas Steffen
283 44 Tobias Brunner
h2. left|right End Parameters
284 23 Tobias Brunner
285 27 Daniel Mentz
Connection descriptions are defined in terms of a left endpoint and a right endpoint. For example, the
286 27 Daniel Mentz
two parameters leftid and rightid specify the identity of the left and the right endpoint. For every
287 27 Daniel Mentz
connection description an attempt is made to figure out whether the local endpoint should act as the left or
288 27 Daniel Mentz
the right endpoint. This is done by matching the IP addresses defined for both endpoints with the
289 27 Daniel Mentz
IP addresses assigned to local network interfaces. If a match is found then the role (left or right) that
290 27 Daniel Mentz
matches is going to be considered "local". If no match is found during startup, "left" is considered "local".
291 27 Daniel Mentz
292 1 Martin Willi
_left|right = <ip address> | <fqdn> | %defaultroute | %any_
293 31 Martin Willi
294 33 Tobias Brunner
p((. (required) the IP address of the participant's public-network interface or one of several magic values.
295 33 Tobias Brunner
     If it is _%%defaultroute_, the value will be filled in automatically with the local address of
296 33 Tobias Brunner
     the default-route interface (as determined at IPsec startup time and during configuration
297 33 Tobias Brunner
     update). Either left or right may be _%%defaultroute_, but not both. The prefix % in front of a
298 29 Daniel Mentz
     fully-qualified domain name or an IP address will implicitly set _leftallowany=yes_. If the domain name
299 29 Daniel Mentz
     cannot be resolved into an IP address at IPsec startup or update time then _left=%any_ and _leftallowany=no_
300 29 Daniel Mentz
     will be assumed.
301 1 Martin Willi
302 32 Daniel Mentz
p((. In case of an IKEv2 connection, the value _%any_ for the local endpoint signifies an address to be filled in
303 32 Daniel Mentz
     (by automatic keying) during negotiation. If the local peer initiates the connection setup the routing table
304 32 Daniel Mentz
     will be queried to determine the correct local IP address. In case the local peer is responding to a connection
305 33 Tobias Brunner
     setup then any IP address that is assigned to a local interface will be accepted. Note that specifying _%any_
306 33 Tobias Brunner
     for the local endpoint is not supported by the IKEv1 pluto daemon.
307 27 Daniel Mentz
308 33 Tobias Brunner
p((. If _%any_ is used for the remote endpoint it literally means any IP address.
309 27 Daniel Mentz
310 33 Tobias Brunner
p((. Please note that with the usage of wildcards multiple connection descriptions might match a given incoming
311 29 Daniel Mentz
     connection attempt. The most specific description is used in that case.
312 21 Andreas Steffen
313 21 Andreas Steffen
_left|rightallowany = yes | *no*_
314 31 Martin Willi
315 21 Andreas Steffen
p((. a modifier for _left|right_, making it behave as _%any_ although a concrete IP address has been
316 21 Andreas Steffen
     assigned. Recommended for dynamic IP addresses that can be resolved by DynDNS at IPsec startup or update time.
317 21 Andreas Steffen
318 7 Martin Willi
_left|rightauth = <auth method>_
319 31 Martin Willi
320 23 Tobias Brunner
p((. Authentication method to use locally (left) or require from the remote (right) side. This parameter is 
321 23 Tobias Brunner
     supported in IKEv2 only. Acceptable values are *pubkey* for public key encryption (RSA/ECDSA), *psk*
322 21 Andreas Steffen
     for pre-shared key authentication, and *eap* to [require the] use of the Extensible Authentication Protocol.
323 20 Andreas Steffen
     In the case of *eap*, an optional EAP method can be appended. Currently defined methods are *eap-aka*,
324 20 Andreas Steffen
     *eap-sim*, *eap-gtc*, *eap-md5*, and *eap-mschapv2*.  Alternatively, IANA assigned EAP method
325 7 Martin Willi
     numbers are accepted. Vendor specific EAP methods are defined in the form *eap-type-vendor* (e.g.
326 23 Tobias Brunner
327 23 Tobias Brunner
328 21 Andreas Steffen
_left|rightauth2 = <auth method>_
329 31 Martin Willi
330 1 Martin Willi
p((. Same as _left|rightauth_, but defines a second authentication exchange. IKEv2 supports multiple authentication
331 23 Tobias Brunner
     rounds using _Multiple Authentication Exchanges_ defined in "RFC 4739":
332 23 Tobias Brunner
     This allows e.g. a separate authentication of host and user (IKEv2 only).
333 1 Martin Willi
334 31 Martin Willi
335 23 Tobias Brunner
_left|rightca = <issuer dn> | %same_
336 23 Tobias Brunner
337 23 Tobias Brunner
p((. the distinguished name of a certificate authority which is required to lie in the trust path going from the
338 23 Tobias Brunner
     _left|right_ participant's certificate up to the root certification authority.
339 31 Martin Willi
340 21 Andreas Steffen
_left|rightca2 = <issuer dn> | %same_
341 1 Martin Willi
342 33 Tobias Brunner
p((. Same as _left|rightca_ but for the second authentication (IKev2 only).
343 7 Martin Willi
344 23 Tobias Brunner
_left|rightcert = <path>_
345 31 Martin Willi
346 23 Tobias Brunner
p((. the path to the left|right participant's X.509 certificate. The file can be coded either in PEM or DER format.
347 1 Martin Willi
     OpenPGP certificates are supported as well (IKEv1 only).  Both absolute paths or paths relative to
348 23 Tobias Brunner
     [[IpsecDirectoryCerts|/etc/ipsec.d/certs]] are accepted. By default _left|rightcert_ sets _left|rightid_
349 23 Tobias Brunner
     to the distinguished name of the certificate's subject and _left|rightca_ to the distinguished name of
350 21 Andreas Steffen
     the certificate's issuer. The _left|right_ participant's ID can be overridden by specifying a _left|rightid_
351 7 Martin Willi
     value which must be certified by the certificate, though.
352 21 Andreas Steffen
353 33 Tobias Brunner
_left|rightcert2 = <path>_
354 31 Martin Willi
355 1 Martin Willi
p((. Same as _left|rightcert_ but for the second authentication round (IKEv2 only).
356 23 Tobias Brunner
357 7 Martin Willi
_left|rightfirewall = yes | *no*_
358 31 Martin Willi
359 7 Martin Willi
p((. whether the _left|right_ participant is doing forwarding-firewalling (including  masquerading)
360 1 Martin Willi
     using iptables for traffic from _left|rightsubnet_, which should be turned off for traffic to the
361 21 Andreas Steffen
     other subnet) once the connection is established. May not be used in the same connection description with
362 20 Andreas Steffen
     _left|rightupdown_. Implemented as a parameter to the default _ipsec _updown_ script. Relevant only
363 23 Tobias Brunner
     locally, other end need not agree on it.
364 20 Andreas Steffen
365 20 Andreas Steffen
p((. If one or  both security gateways are doing forwarding firewalling (possibly including masquerading),
366 23 Tobias Brunner
     and this is specified using the firewall parameters, tunnels  established with  IPsec  are exempted from
367 23 Tobias Brunner
     it so that packets can flow unchanged through the tunnels. (This means that all subnets connected in this
368 7 Martin Willi
     manner must have distinct, non-overlapping subnet address blocks.)  This is done by the default 
369 23 Tobias Brunner
     _ipsec _updown_ script (see pluto(8)).
370 23 Tobias Brunner
371 1 Martin Willi
p((. In situations calling for more control, it may be preferable for the user to supply his own updown script,
372 7 Martin Willi
     which makes the appropriate adjustments for his system.
373 23 Tobias Brunner
374 23 Tobias Brunner
_left|rightgroups = <group list>_
375 31 Martin Willi
376 1 Martin Willi
p((. a comma-separated list of group names. If the _left|rightgroups_ parameter is present then the peer must
377 7 Martin Willi
     be a member of at least one of the groups defined by the parameter. Group membership must be certified by a
378 1 Martin Willi
     valid attribute certificate stored in [[IpsecDirectoryAcerts|/etc/ipsec.d/acerts]] that has been issued
379 7 Martin Willi
     to the peer by a trusted Authorization Authority stored in [[IpsecDirectoryAacerts|/etc/ipsec.d/aacerts]].
380 23 Tobias Brunner
     Attribute certificates are not supported in IKEv2 yet.
381 1 Martin Willi
382 12 Martin Willi
_left|righthostaccess = yes | *no*_
383 1 Martin Willi
384 1 Martin Willi
p((. inserts a pair of INPUT and OUTPUT iptables rules using the default _ipsec _updown_ script,
385 1 Martin Willi
     thus allowing access to the host itself in the case where the host's internal interface is part
386 1 Martin Willi
     of the negotiated client subnet. 
387 1 Martin Willi
388 1 Martin Willi
_left|rightid = <id>_
389 31 Martin Willi
390 1 Martin Willi
p((. how the _left|right_ participant should be identified for authentication; defaults to _left|right_.
391 33 Tobias Brunner
     Can be an IP address or a fully-qualified domain name preceded by @ (which is used as a literal string and not resolved).
392 23 Tobias Brunner
393 21 Andreas Steffen
_left|rightid2 = <id>_
394 8 Martin Willi
395 31 Martin Willi
p((. Identity to use for the second authentication of the left participant (IKEv2 only).
396 33 Tobias Brunner
     Defaults to _left|rightid_.
397 23 Tobias Brunner
398 33 Tobias Brunner
_leftikeport = <port>_
399 33 Tobias Brunner
400 33 Tobias Brunner
p((. UDP port the left participant uses for IKE communication. Currently supported in IKEv2 connections only.
401 33 Tobias Brunner
     If unspecified, port 500 is used with the port floating to 4500 if a NAT is detected or MOBIKE is enabled.
402 33 Tobias Brunner
     Specifying a local IKE port different from the default additionally requires a socket implementation that
403 33 Tobias Brunner
     listens to this port.
404 33 Tobias Brunner
405 7 Martin Willi
_left|rightnexthop = %direct | %defaultroute | <ip address> | <fqdn>_
406 23 Tobias Brunner
407 23 Tobias Brunner
p((. this parameter is usually not needed any more because the NETKEY IPsec stack does not require
408 21 Andreas Steffen
     explicit routing entries for the traffic to be tunneled. If _left|sourceip_ is used with IKEv1
409 1 Martin Willi
     then _left|rightnexthop_ must still be set in order for the source routes to work properly.
410 1 Martin Willi
411 23 Tobias Brunner
_left|rightprotoport = <protocol>/<port>_
412 31 Martin Willi
413 23 Tobias Brunner
p((. restrict the traffic selector to a single protocol and/or port. Examples: _leftprotoport=tcp/http_
414 1 Martin Willi
     or _leftprotoport=6/80_ or _rightprotoport=udp_
415 7 Martin Willi
416 23 Tobias Brunner
_left|rightrsasigkey = *%cert* | <raw rsa public key>_
417 31 Martin Willi
418 23 Tobias Brunner
p((. the left participant's public key for RSA signature authentication, in RFC 2537 format using ttodata(3)
419 1 Martin Willi
     encoding. The default value _%cert_ means that the key is extracted from a certificate.
420 1 Martin Willi
421 1 Martin Willi
_left|rightsendcert = never | no | *ifasked* | always | yes_
422 1 Martin Willi
423 1 Martin Willi
p((. Accepted values are *never* or *no*, *always* or *yes*, and *ifasked*, the latter meaning that 
424 1 Martin Willi
     the peer must send a certificate request (CR) payload in order to get a certificate in return.
425 1 Martin Willi
426 33 Tobias Brunner
_leftsourceip = %config | %cfg | %modeconfig | %modecfg | <ip address>_
427 7 Martin Willi
428 1 Martin Willi
p((. The internal source IP to use in a tunnel, also known as [[VirtualIp|virtual IP]].
429 31 Martin Willi
     If the value is one of the synonyms _%modeconfig, %modecfg, %config_, or _%cfg_, an address is
430 1 Martin Willi
     requested from the peer. In IKEv2, a statically defined address is also requested, since the server
431 23 Tobias Brunner
     may change it.
432 21 Andreas Steffen
433 1 Martin Willi
p((. If _leftsourceip=%config_ is set to request a [[VirtualIp|virtual IP]] from the peer then the
434 31 Martin Willi
     responder must define the address-to-be-assigned using a separate conn section with a _rightsourceip_
435 1 Martin Willi
     statement for each client.
436 33 Tobias Brunner
437 33 Tobias Brunner
_rightsourceip = %config | <network>/<netmask> | %poolname_
438 33 Tobias Brunner
439 33 Tobias Brunner
p((. The internal source IP to use in a tunnel for the remote peer. If the value is %config on the responder
440 33 Tobias Brunner
     side, the initiator must propose an address which is then echoed back. Also supported are address pools
441 33 Tobias Brunner
     expressed as _<network>/<netmask>_ or the use of an external IP address pool using _%%poolname_ where
442 33 Tobias Brunner
     _poolname_ is the name of the IP address pool used for the lookup (see [[VirtualIp|virtual IP]] for details). 
443 23 Tobias Brunner
444 23 Tobias Brunner
_left|rightsubnet = <ip subnet>_
445 31 Martin Willi
446 21 Andreas Steffen
p((. private subnet behind the left participant, expressed as network/netmask (actually, any form acceptable to
447 1 Martin Willi
     ttosubnet(3)); if omitted, essentially assumed to be left/32, signifying that the _left|right_ end of the
448 23 Tobias Brunner
     connection goes to the _left|right_ participant only. When using IKEv2, the configured subnet of the peers
449 23 Tobias Brunner
     may differ, the  protocol  narrows  it  to  the greatest common subnet. Further, IKEv2 supports multiple
450 21 Andreas Steffen
     subnets separated by commas. IKEv1 only interprets the first subnet of such a definition. 
451 21 Andreas Steffen
452 1 Martin Willi
_left|rightsubnetwithin = <ip subnet>_
453 31 Martin Willi
454 1 Martin Willi
p((. the  peer can propose any subnet or single IP address that fits within the range defined by
455 1 Martin Willi
     _left|rightsubnetwithin_.  Not relevant for IKEv2, as subnets are narrowed.
456 1 Martin Willi
457 1 Martin Willi
_left|rightupdown = <path>_
458 31 Martin Willi
459 1 Martin Willi
p((. what _updown_ script to run to adjust routing and/or firewalling when the status of the connection
460 1 Martin Willi
     changes (default _ipsec _updown_). Relevant only locally, other end need not agree on it.
461 1 Martin Willi
     IKEv2 uses the _updown_ script to insert firewall rules only, since routing has been implemented directly
462 1 Martin Willi
     into Charon.
463 42 Tobias Brunner
464 44 Tobias Brunner
h2. IKEv2 Mediation Extension Parameters
465 42 Tobias Brunner
466 42 Tobias Brunner
The following parameters are relevant to IKEv2 Mediation Extension operation only.
467 42 Tobias Brunner
468 42 Tobias Brunner
_mediation = yes | *no*_
469 42 Tobias Brunner
470 42 Tobias Brunner
p((. whether this connection is a mediation connection,  ie.  whether this connection is used to mediate other
471 42 Tobias Brunner
     connections.  Mediation connections create no child SA. Acceptable values  are  no (the default) and yes.
472 42 Tobias Brunner
473 42 Tobias Brunner
_mediated_by = <name>_
474 42 Tobias Brunner
475 42 Tobias Brunner
p((. the  name  of the connection to mediate this connection through. If given, the connection will  be  mediated
476 42 Tobias Brunner
     through  the  named mediation  connection.  The mediation connection must set *mediation=yes*.
477 42 Tobias Brunner
478 42 Tobias Brunner
_me_peerid = <id>_
479 42 Tobias Brunner
480 42 Tobias Brunner
p((. ID as which the peer is known to the mediation server, ie. which the  other end of this connection uses as
481 42 Tobias Brunner
     its leftid on its connection to the mediation server.  This is the ID we request  the mediation server to
482 42 Tobias Brunner
     mediate us with.  If me_peerid is not given, the rightid of this connection will be used as peer ID.