ipsec.conf: conn Reference » History » Version 57

Tobias Brunner, 26.06.2012 12:38
Some updates for 5.0.0

1 50 Tobias Brunner
{{title(ipsec.conf: conn Reference)}}
2 49 Tobias Brunner
3 49 Tobias Brunner
h1. ipsec.conf: conn <name>
4 1 Martin Willi
5 44 Tobias Brunner
6 1 Martin Willi
7 44 Tobias Brunner
h2. General Connection Parameters
8 21 Andreas Steffen
9 36 Andreas Steffen
_aaa_identity = <id>_
10 36 Andreas Steffen
11 36 Andreas Steffen
p((. defines the identity of the AAA backend used during IKEv2 EAP authentication. This is required if
12 36 Andreas Steffen
     the EAP client uses a method that verifies the server identity (such as EAP-TLS), but it does not
13 36 Andreas Steffen
     match the IKEv2 gateway identity.
14 36 Andreas Steffen
15 23 Tobias Brunner
_also = <section name>_
16 31 Martin Willi
17 23 Tobias Brunner
p((. includes conn section <name>.
18 1 Martin Willi
19 23 Tobias Brunner
_auth = *esp* | ah_
20 31 Martin Willi
21 23 Tobias Brunner
p((. whether authentication should be done as part of ESP encryption, or separately using the AH protocol.
22 57 Tobias Brunner
	Only supported by the IKEv1 daemon pluto.
23 1 Martin Willi
24 24 Andreas Steffen
_authby = *pubkey* | rsasig | ecdsasig | psk | secret | xauthrsasig | xauthpsk | eap | never_
25 31 Martin Willi
26 1 Martin Willi
p((. how the two security gateways should authenticate each other; acceptable values are *secret* or *psk*
27 25 Andreas Steffen
     for pre-shared secrets, *pubkey* for public key signatures as well as the synonyms *rsasig* for RSA digital
28 24 Andreas Steffen
     signatures and *ecdsasig* for Elliptic Curve DSA signatures. *never*  can be used if  negotiation is  never
29 1 Martin Willi
     to be attempted or accepted (useful for shunt-only conns). Digital signatures are superior in every way to
30 57 Tobias Brunner
     shared secrets. IKEv1 additionally supports the values *xauthpsk* and *xauthrsasig* that
31 21 Andreas Steffen
     will enable _eXtended Authentication (XAuth)_ in addition to IKEv1 main mode based on shared secrets
32 57 Tobias Brunner
     or digital RSA signatures,  respectively.
33 57 Tobias Brunner
     This parameter is deprecated for IKEv2 connections (and IKEv1 connections since [[5.0.0]]), as two peers do not need to agree on an authentication method.
34 57 Tobias Brunner
     Use the _left|rightauth_ parameter instead to define authentication methods.
35 1 Martin Willi
36 31 Martin Willi
_auto = *ignore* | add | route | start_
37 23 Tobias Brunner
38 1 Martin Willi
p((. what operation, if any, should be done automatically at IPsec startup. *add* loads a connection without
39 21 Andreas Steffen
     starting it. *route* loads a connection and installs kernel traps. If traffic is detected between
40 21 Andreas Steffen
     _leftsubnet_ and _rightsubnet_, a connection is established. *start* loads a connection and brings
41 57 Tobias Brunner
     it up immediately. *ignore* ignores the connection. This is equal to delete a connection from the config
42 57 Tobias Brunner
     file. Relevant only locally, other end need not agree on it.
43 1 Martin Willi
44 23 Tobias Brunner
_closeaction = *none* | clear | hold | restart_
45 47 Tobias Brunner
46 47 Tobias Brunner
p((. defines the action to take if the remote peer unexpectedly closes a CHILD_SA (IKEv2 only, see _dpdaction_ for
47 47 Tobias Brunner
     meaning of values). A _closeaction_ should not be used if the peer uses reauthentication or uniqueids checking,
48 57 Tobias Brunner
     as these events might trigger the defined action when not desired.
49 47 Tobias Brunner
50 23 Tobias Brunner
_compress = yes | *no*_
51 31 Martin Willi
52 23 Tobias Brunner
p((. whether IPComp compression of content is proposed on the connection (link-level compression does not work on
53 57 Tobias Brunner
     encrypted data, so to be effective, compression must be done before encryption). A value of *yes* causes the daemon
54 57 Tobias Brunner
     to propose both compressed and  uncompressed, and  prefer compressed. A value of *no* prevents the daemon from proposing or accepting compression.
55 1 Martin Willi
56 21 Andreas Steffen
_dpdaction = *none* | clear | hold | restart_
57 21 Andreas Steffen
58 21 Andreas Steffen
p((. controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages
59 1 Martin Willi
     (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the
60 1 Martin Willi
     IPsec peer. The values *clear*, *hold*, and *restart* all activate DPD. If no activity is detected,
61 1 Martin Willi
     all  connections with a dead peer are stopped and unrouted (*clear*), put in the hold state (*hold*)
62 57 Tobias Brunner
     or restarted (*restart*). The default is *none* which disables the active sending of DPD messages.
63 21 Andreas Steffen
64 21 Andreas Steffen
_dpddelay = *30s* | <time>_
65 41 Tobias Brunner
66 1 Martin Willi
p((. defines  the  period time interval with which R_U_THERE messages/INFORMATIONAL exchanges are sent to the peer.
67 31 Martin Willi
     These are only sent if no other traffic is received. In IKEv2, a value of 0 sends no additional INFORMATIONAL
68 1 Martin Willi
     messages and uses only standard messages (such as those to rekey) to detect dead peers.
69 30 Martin Willi
70 31 Martin Willi
_dpdtimeout = *150s* | <time>_
71 30 Martin Willi
72 30 Martin Willi
p((. defines the timeout interval, after which all connections to a peer are deleted in case of inactivity.
73 54 Andreas Steffen
     This only applies to IKEv1, in IKEv2 the default [[Retransmission|retransmission timeout]] applies, as every exchange is used to
74 23 Tobias Brunner
     detect dead peers.
75 41 Tobias Brunner
76 1 Martin Willi
_inactivity = <time>_
77 1 Martin Willi
78 55 Andreas Steffen
p((. defines the timeout interval, after which a CHILD_SA is closed if it did not send or receive any traffic.
79 57 Tobias Brunner
     Supported only for IKEv2 connections prior to [[5.0.0]].
80 21 Andreas Steffen
81 1 Martin Willi
_eap_identity = <id>_
82 41 Tobias Brunner
83 1 Martin Willi
p((. defines the identity the client uses to reply to an EAP Identity request. If defined on the EAP server, the defined
84 23 Tobias Brunner
     identity  will be used as peer identity during EAP authentication. The special value _%identity_ uses the EAP Identity method
85 1 Martin Willi
     to ask the client for a EAP identity. If not defined, the IKEv2 identity will be used as EAP identity.
86 31 Martin Willi
87 23 Tobias Brunner
_esp = <cipher suites>_
88 14 Martin Willi
89 1 Martin Willi
p((. comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g.
90 1 Martin Willi
     _aes128-sha256_. The notation is _encryption-integrity[-dhgroup][-esnmode]_.
91 57 Tobias Brunner
     Defaults to *aes128-sha1,3des-sha1*. The daemon adds its extensive default proposal to
92 48 Tobias Brunner
     this default or the configured value. To restrict it to the configured proposal an exclamation mark (*&#33;*)
93 48 Tobias Brunner
     can be added at the end.
94 51 Tobias Brunner
     *Note*: As a responder both daemons accept the first supported proposal received from the peer. In order
95 48 Tobias Brunner
     to restrict a responder to only accept specific cipher suites, the strict flag (*&#33;*, exclamation mark)
96 48 Tobias Brunner
     can be used, e.g: _aes256-sha512-modp4096!_
97 57 Tobias Brunner
     If _dh-group_ is specified, CHILD_SA setup and rekeying include a separate Diffe-Hellman exchange (since [[5.0.0]] this also applies to IKEv1 Quick Mode).
98 48 Tobias Brunner
     Valid values for _esnmode_ (IKEv2 only) are _esn_ and _noesn_.  Specifying both negotiates extended sequence
99 1 Martin Willi
     number support with the peer, the default is *noesn*.
100 1 Martin Willi
     Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords.
101 1 Martin Willi
102 1 Martin Willi
_forceencaps = yes | *no*_
103 48 Tobias Brunner
104 48 Tobias Brunner
p((.  force UDP encapsulation for ESP packets even if no NAT situation is detected.
105 43 Tobias Brunner
      This may help to surmount restrictive firewalls. In order to force the peer to
106 57 Tobias Brunner
      encapsulate packets, NAT detection payloads are faked.
107 57 Tobias Brunner
      Only supported for IKEv2 prior to [[5.0.0]].
108 31 Martin Willi
109 41 Tobias Brunner
_ike = <cipher suites>_
110 1 Martin Willi
111 1 Martin Willi
p((. comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms to be used, e.g.
112 1 Martin Willi
     _aes128-sha1-modp2048_. The notation is _encryption-integrity-dhgroup_. In IKEv2, multiple algorithms
113 23 Tobias Brunner
     and proposals may be included, such as _aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1024_.
114 57 Tobias Brunner
     Defaults to *aes128-sha1-modp2048,3des-sha1-modp1536* for IKEv1. The daemon adds its extensive
115 23 Tobias Brunner
     default proposal to this default or the configured value. To restrict it to the configured proposal an
116 48 Tobias Brunner
     exclamation mark (*&#33;*) can be added at the end.
117 51 Tobias Brunner
     *Note*: As a responder both daemons accept the first supported proposal received from the peer. In order
118 48 Tobias Brunner
     to restrict a responder to only accept specific cipher suites, the strict flag (*&#33;*, exclamation mark)
119 51 Tobias Brunner
     can be used, e.g: _aes256-sha512-modp4096!_
120 48 Tobias Brunner
     Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords.
121 43 Tobias Brunner
122 20 Andreas Steffen
_ikelifetime = *3h* | <time>_
123 23 Tobias Brunner
124 31 Martin Willi
p((. how long the keying channel of a connection (_ISAKMP or IKE SA_) should last before being renegotiated. Also see [[ExpiryRekey|Expiry and Rekey]].
125 40 Tobias Brunner
126 1 Martin Willi
_installpolicy = *yes* | no_
127 23 Tobias Brunner
128 31 Martin Willi
p((. decides whether IPsec policies are installed in the kernel by the IKEv2 charon daemon for a given connection.
129 23 Tobias Brunner
     Allows peaceful cooperation e.g. with the Mobile IPv6  _mip6d_ daemon who wants to control the kernel policies.
130 21 Andreas Steffen
131 1 Martin Willi
_keyexchange = *ike* | ikev1 | ikev2_
132 23 Tobias Brunner
133 57 Tobias Brunner
p((. method of key exchange; which protocol should be used to initialize the connection.
134 57 Tobias Brunner
     Prior to [[5.0.0]] connections marked with *ikev1*  were initiated with Pluto, those marked with *ikev2* with Charon. An incoming request from the remote peer was handled by the correct daemon, unaffected from the _keyexchange_ setting.
135 57 Tobias Brunner
     Starting with strongSwan [[4.5.0]] the default value *ike* is a synonym for *ikev2*, whereas in older strongSwan releases *ikev1* was assumed.
136 57 Tobias Brunner
     Since [[5.0.0]] both protocols are handled by Charon and connections marked with *ike* will use IKEv2 when initiating, but accept any protocol version when responding.
137 38 Andreas Steffen
138 38 Andreas Steffen
_keyingtries = *3* | <number> | %forever_
139 20 Andreas Steffen
140 45 Tobias Brunner
p((. how  many attempts (a positive integer or _%forever_) should be made to negotiate a connection, or a replacement
141 31 Martin Willi
     for one, before giving up (default 3). The value _%forever_ means 'never give up'.  Relevant  only  locally, other end need
142 46 Daniel Mentz
     not agree on it.
143 45 Tobias Brunner
144 1 Martin Willi
145 26 Tobias Brunner
146 31 Martin Willi
p((. synonym for _lifetime_.
147 26 Tobias Brunner
148 26 Tobias Brunner
_lifebytes = <number>_
149 31 Martin Willi
150 57 Tobias Brunner
p((. the number of bytes transmitted over an IPsec SA before it expires (prior to [[5.0.0]] only for IKEv2).
151 26 Tobias Brunner
152 26 Tobias Brunner
_lifepackets = <number>_
153 1 Martin Willi
154 57 Tobias Brunner
p((. the number of packets transmitted over an IPsec SA before it expires (prior to [[5.0.0]] only for IKEv2).
155 1 Martin Willi
156 31 Martin Willi
_lifetime = *1h* | <time>_
157 26 Tobias Brunner
158 31 Martin Willi
p((. how  long  a  particular  instance  of a connection (a set of encryption/authentication keys for user packets)
159 1 Martin Willi
     should last, from successful negotiation to expiry; acceptable values are an integer optionally followed by
160 1 Martin Willi
     _s_ (a time in seconds) or a decimal number followed by _m_, _h_, or _d_ (a time in minutes, hours,
161 21 Andreas Steffen
     or days respectively) (default _1h_, maximum _24h_).  Normally, the connection is renegotiated (via the
162 1 Martin Willi
     keying  channel) before it expires (see _margintime_).  The two ends need not exactly agree on _lifetime_, although if they
163 1 Martin Willi
     do not, there will be some clutter of superseded connections on the end which thinks the lifetime is longer.
164 1 Martin Willi
     Also see [[ExpiryRekey|Expiry and Rekey]].
165 40 Tobias Brunner
166 1 Martin Willi
_marginbytes = <number>_
167 26 Tobias Brunner
168 57 Tobias Brunner
p((. how many bytes before IPsec SA expiry (see _lifebytes_) should attempts to negotiate a replacement begin.
169 26 Tobias Brunner
170 26 Tobias Brunner
_marginpackets = <number>_
171 26 Tobias Brunner
172 57 Tobias Brunner
p((. how many packets before IPsec SA expiry (see _lifepackets_) should attempts to negotiate a replacement begin.
173 26 Tobias Brunner
174 40 Tobias Brunner
_margintime = *9m* | <time>_
175 1 Martin Willi
176 1 Martin Willi
p((. how long before connection expiry or keying-channel expiry should attempts to negotiate a replacement begin; acceptable values
177 26 Tobias Brunner
     as for _lifetime_ (default _9m_).  Relevant only locally, other end need not agree on it. Also see [[ExpiryRekey|Expiry and Rekey]].
178 35 Andreas Steffen
179 35 Andreas Steffen
_mark = <value>[/<mask>]_
180 37 Tobias Brunner
181 35 Andreas Steffen
p((. sets  an XFRM mark in the inbound and outbound IPsec SAs and policies. If the mask is missing then
182 39 Gerd v. Egidy
     a default mask of *0xffffffff* is assumed.
183 35 Andreas Steffen
184 35 Andreas Steffen
_mark_in = <value>[/<mask>]_
185 35 Andreas Steffen
186 35 Andreas Steffen
p((. sets an XFRM mark in the inbound IPsec SA and policy. If the mask is missing then
187 39 Gerd v. Egidy
     a default mask of *0xffffffff* is assumed.
188 39 Gerd v. Egidy
189 35 Andreas Steffen
_mark_out = <value>[/<mask>]_
190 35 Andreas Steffen
191 1 Martin Willi
p((. sets an XFRM mark in the outbound IPsec SA and policy. If the mask is missing then
192 35 Andreas Steffen
     a default mask of *0xffffffff* is assumed.
193 1 Martin Willi
194 37 Tobias Brunner
_mobike = *yes* | no_
195 1 Martin Willi
196 57 Tobias Brunner
p((. enables the IKEv2 [[MobIke|MOBIKE]] protocol defined by RFC 4555. If set to *no*, the charon
197 57 Tobias Brunner
     daemon will not actively propose [[MobIke|MOBIKE]] as initiator and ignore the MOBIKE_SUPPORTED
198 57 Tobias Brunner
     notify as responder.
199 39 Gerd v. Egidy
200 35 Andreas Steffen
_modeconfig = push | *pull*_
201 1 Martin Willi
202 23 Tobias Brunner
p((. defines which mode is used to assign a virtual IP. Currently relevant for IKEv1 only since IKEv2 always uses
203 31 Martin Willi
     the configuration payload in *pull* mode. Cisco VPN gateways usually operate in *push* mode.
204 57 Tobias Brunner
     The charon daemon currently does not support push mode, hence with [[5.0.0]] this parameter has no effect.
205 21 Andreas Steffen
206 1 Martin Willi
_pfs = *yes* | no_
207 1 Martin Willi
208 23 Tobias Brunner
p((. whether _Perfect Forward Secrecy_ of keys is desired on the connection's keying channel (with PFS,
209 31 Martin Willi
     penetration of the key-exchange protocol does not compromise keys negotiated earlier). IKEv2 always uses
210 23 Tobias Brunner
     PFS for IKE_SA rekeying whereas for CHILD_SA rekeying PFS is enforced by defining a Diffie-Hellman dhgroup
211 57 Tobias Brunner
     in the _esp_ parameter.  Since [[5.0.0]] the latter also applies to IKEv1 and this parameter has no effect anymore.
212 21 Andreas Steffen
213 1 Martin Willi
_pfsgroup = <modp group>_
214 1 Martin Willi
215 23 Tobias Brunner
p((. defines a Diffie-Hellman group for _perfect forward secrecy_ in IKEv1 Quick Mode differing from the DH group
216 57 Tobias Brunner
     used for IKEv1 Main Mode (IKEv1 pluto daemon only). Not supported anymore since [[5.0.0]].
217 21 Andreas Steffen
218 31 Martin Willi
_reauth = *yes* | no_
219 20 Andreas Steffen
220 1 Martin Willi
p((. whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done.
221 23 Tobias Brunner
     In  IKEv2, a value of *no* rekeys without uninstalling the IPsec SAs, a value of *yes* (the default)
222 23 Tobias Brunner
     creates a new IKE_SA from scratch and tries to recreate all IPsec SAs.
223 1 Martin Willi
224 1 Martin Willi
_rekey = *yes* | no_
225 1 Martin Willi
226 1 Martin Willi
p((. whether a connection should be renegotiated when it is about to expire. The two ends need not agree, but
227 57 Tobias Brunner
     while a value of no prevents the daemon from requesting renegotiation, it does not prevent responding
228 57 Tobias Brunner
     to renegotiation requested from the other end, so no will be largely ineffective unless both ends agree on it. Also see _reauth_.
229 1 Martin Willi
230 1 Martin Willi
_rekeyfuzz = *100%* | <percentage>_
231 1 Martin Willi
232 31 Martin Willi
p((. maximum percentage by which _marginbytes_, _marginpackets_ and _margintime_ should be randomly increased to randomize
233 1 Martin Willi
     rekeying intervals (important for hosts with many connections); acceptable values are an integer, which may exceed 100,
234 4 Martin Willi
     followed  by  a '%' .
235 23 Tobias Brunner
     The value of _marginTYPE_, after this random increase, must not exceed _lifeTYPE_ (where TYPE is one of bytes, packets or type).
236 23 Tobias Brunner
     The value _0%_ will suppress randomization. Relevant only locally, other end need not agree on it.
237 31 Martin Willi
     Also see [[ExpiryRekey|Expiry and Rekey]].
238 1 Martin Willi
239 1 Martin Willi
240 1 Martin Willi
241 1 Martin Willi
p((.  synonym for _margintime_.
242 1 Martin Willi
243 1 Martin Willi
_reqid = <number>_
244 1 Martin Willi
245 57 Tobias Brunner
p((. sets the reqid for a given connection to a pre-configured fixed value.
246 26 Tobias Brunner
247 57 Tobias Brunner
_tfc = <value>_
248 1 Martin Willi
249 57 Tobias Brunner
p((. number of bytes to pad ESP payload data to. Traffic Flow Confidentiality is currently supported in IKEv2 and applies to outgoing packets only. The special value %mtu fills up ESP packets with padding to have the size of the MTU.
250 57 Tobias Brunner
251 57 Tobias Brunner
_type = *tunnel* | transport | transport_proxy | passthrough | drop_
252 57 Tobias Brunner
253 31 Martin Willi
p((. the type of the connection; currently the accepted values are *tunnel*, signifying a  host-to-host,
254 23 Tobias Brunner
     host-to-subnet, or subnet-to-subnet tunnel; *transport*, signifying host-to-host transport mode;
255 41 Tobias Brunner
     *transport_proxy*, signifying the special Mobile IPv6 transport proxy mode;
256 34 Tobias Brunner
     *passthrough*, signifying that no IPsec processing should be done at all; *drop*, signifying that packets
257 57 Tobias Brunner
     should be  discarded.
258 34 Tobias Brunner
259 31 Martin Willi
_xauth = *client* | server_
260 21 Andreas Steffen
261 1 Martin Willi
p((. specifies the role in the XAuth protocol if activated by _authby=xauthpsk_ or _authby=xauthrsasig_.
262 21 Andreas Steffen
263 23 Tobias Brunner
_xauth_identity = <id>_
264 20 Andreas Steffen
265 53 Tobias Brunner
p((. defines the identity/username the client uses to reply to an XAuth request. If not defined, the IKEv1 identity will be used as XAuth identity.
266 23 Tobias Brunner
267 20 Andreas Steffen
268 1 Martin Willi
h2. left|right End Parameters
269 52 Tobias Brunner
270 52 Tobias Brunner
Connection descriptions are defined in terms of a left endpoint and a right endpoint. For example, the
271 1 Martin Willi
two parameters leftid and rightid specify the identity of the left and the right endpoint. For every
272 1 Martin Willi
connection description an attempt is made to figure out whether the local endpoint should act as the left or
273 1 Martin Willi
the right endpoint. This is done by matching the IP addresses defined for both endpoints with the
274 1 Martin Willi
IP addresses assigned to local network interfaces. If a match is found then the role (left or right) that
275 52 Tobias Brunner
matches is going to be considered "local". If no match is found during startup, "left" is considered "local".
276 52 Tobias Brunner
277 57 Tobias Brunner
_left|right = <ip address> | <fqdn> | *%any*_
278 52 Tobias Brunner
279 20 Andreas Steffen
p((. (required) the IP address of the participant's public-network interface or one of several magic values.
280 57 Tobias Brunner
     The value _%any_ for the local endpoint signifies an address to be filled in
281 23 Tobias Brunner
     (by automatic keying) during negotiation. If the local peer initiates the connection setup the routing table
282 27 Daniel Mentz
     will be queried to determine the correct local IP address. In case the local peer is responding to a connection
283 57 Tobias Brunner
     setup then any IP address that is assigned to a local interface will be accepted.
284 57 Tobias Brunner
285 57 Tobias Brunner
p((.  Prior to [[5.0.0]] specifying _%%any_ for the local endpoint was not supported for IKEv1 connections, instead the keyword _%%defaultroute_ could be used, causing the value to be filled in automatically with the local address of
286 57 Tobias Brunner
     the default-route interface (as determined at IPsec startup time and during configuration
287 57 Tobias Brunner
     update). Either left or right may be _%defaultroute_, but not both.
288 57 Tobias Brunner
289 57 Tobias Brunner
p((. The prefix % in front of a fully-qualified domain name or an IP address will implicitly set _left|rightallowany=yes_.
290 57 Tobias Brunner
291 1 Martin Willi
p((. If _%any_ is used for the remote endpoint it literally means any IP address.
292 31 Martin Willi
293 33 Tobias Brunner
p((. Please note that with the usage of wildcards multiple connection descriptions might match a given incoming
294 33 Tobias Brunner
     connection attempt. The most specific description is used in that case.
295 33 Tobias Brunner
296 1 Martin Willi
_left|rightallowany = yes | *no*_
297 29 Daniel Mentz
298 1 Martin Willi
p((. a modifier for _left|right_, making it behave as _%any_ although a concrete IP address has been
299 1 Martin Willi
     assigned. Recommended for dynamic IP addresses that can be resolved by DynDNS at IPsec startup or update time.
300 29 Daniel Mentz
301 1 Martin Willi
_left|rightauth = <auth method>_
302 32 Daniel Mentz
303 57 Tobias Brunner
p((. Authentication method to use locally (left) or require from the remote (right) side. Acceptable values are *pubkey* for public key encryption (RSA/ECDSA), *psk*
304 57 Tobias Brunner
     for pre-shared key authentication, *eap* to [require the] use of the Extensible Authentication Protocol, and *xauth* for IKEv1 eXtended Authentication.
305 57 Tobias Brunner
     To require a trustchain public key strength for the remote side, specify the key type followed
306 57 Tobias Brunner
     by the minimum strength iin bits (for example *ecdsa-384* or *rsa-2048-ecdsa-256*).
307 57 Tobias Brunner
     To limit the acceptable set of hashing algorithms for trustchain validation, append hash algorithms
308 57 Tobias Brunner
     to *pubkey* or a key strength definition (for example *pubkey-sha1-sha256* or *rsa-2048-ecdsa-256-sha256-sha384-sha512*).
309 1 Martin Willi
     In the case of *eap*, an optional EAP method can be appended. Currently defined methods are *eap-aka*,
310 57 Tobias Brunner
     *eap-gtc*, *eap-md5*, *eap-mschapv2*, *eap-peap*, *eap-sim*, *eap-tls*, *eap-ttls*, and *eap-radius*. Alternatively, 
311 27 Daniel Mentz
     IANA assigned EAP method numbers are accepted. Vendor specific EAP methods are defined in the form
312 33 Tobias Brunner
     *eap-type-vendor* (e.g. *eap-7-12345*).
313 57 Tobias Brunner
     For *xauth*, an XAuth authentication backend can be specified, such as *xauth-generic* or *xauth-eap*. If XAuth is used in _leftauth_, Hybrid authentication is used. For traditional XAuth authentication, define XAuth in _leftauth2_.
314 31 Martin Willi
315 57 Tobias Brunner
p((. Prior to [[5.0.0]] this parameter is only supported for IKEv2.
316 57 Tobias Brunner
317 57 Tobias Brunner
318 7 Martin Willi
_left|rightauth2 = <auth method>_
319 31 Martin Willi
320 57 Tobias Brunner
p((. Same as _left|rightauth_, but defines an additional authentication exchange. In IKEv1, only XAuth can be used in the second authentication round. IKEv2 supports multiple authentication
321 23 Tobias Brunner
     rounds using _Multiple Authentication Exchanges_ defined in "RFC 4739":
322 57 Tobias Brunner
     This allows e.g. a separate authentication of host and user.
323 57 Tobias Brunner
324 57 Tobias Brunner
p((. Prior to [[5.0.0]] this parameter is only supported for IKEv2.
325 56 Andreas Steffen
326 1 Martin Willi
327 56 Andreas Steffen
_left|rightca = <issuer dn> | %same_
328 23 Tobias Brunner
329 21 Andreas Steffen
p((. the distinguished name of a certificate authority which is required to lie in the trust path going from the
330 31 Martin Willi
     _left|right_ participant's certificate up to the root certification authority.
331 1 Martin Willi
332 1 Martin Willi
_left|rightca2 = <issuer dn> | %same_
333 23 Tobias Brunner
334 1 Martin Willi
p((. Same as _left|rightca_ but for the second authentication (IKev2 only).
335 23 Tobias Brunner
336 31 Martin Willi
_left|rightcert = <path>_
337 23 Tobias Brunner
338 23 Tobias Brunner
p((. the path to the left|right participant's X.509 certificate. The file can be coded either in PEM or DER format.
339 57 Tobias Brunner
     OpenPGP certificates are supported as well.  Both absolute paths or paths relative to
340 21 Andreas Steffen
     [[IpsecDirectoryCerts|/etc/ipsec.d/certs]] are accepted. By default _left|rightcert_ sets _left|rightid_
341 1 Martin Willi
     to the distinguished name of the certificate's subject and _left|rightca_ to the distinguished name of
342 33 Tobias Brunner
     the certificate's issuer. The _left|right_ participant's ID can be overridden by specifying a _left|rightid_
343 7 Martin Willi
     value which must be certified by the certificate, though.
344 23 Tobias Brunner
345 31 Martin Willi
_left|rightcert2 = <path>_
346 23 Tobias Brunner
347 1 Martin Willi
p((. Same as _left|rightcert_ but for the second authentication round (IKEv2 only).
348 23 Tobias Brunner
349 57 Tobias Brunner
_left|rightcertpolicy = <OIDs>_
350 57 Tobias Brunner
351 57 Tobias Brunner
p((. Comma separated list of certificate policy OIDs the peer's certificate must have.
352 57 Tobias Brunner
     OIDs are specified using the numerical dotted representation (prior to [[5.0.0]] only for IKEv2).
353 57 Tobias Brunner
354 1 Martin Willi
_left|rightfirewall = yes | *no*_
355 31 Martin Willi
356 1 Martin Willi
p((. whether the _left|right_ participant is doing forwarding-firewalling (including  masquerading)
357 23 Tobias Brunner
     using iptables for traffic from _left|rightsubnet_, which should be turned off for traffic to the
358 7 Martin Willi
     other subnet) once the connection is established. May not be used in the same connection description with
359 20 Andreas Steffen
     _left|rightupdown_. Implemented as a parameter to the default _ipsec _updown_ script. Relevant only
360 1 Martin Willi
     locally, other end need not agree on it.
361 1 Martin Willi
362 23 Tobias Brunner
p((. If one or  both security gateways are doing forwarding firewalling (possibly including masquerading),
363 20 Andreas Steffen
     and this is specified using the firewall parameters, tunnels  established with  IPsec  are exempted from
364 23 Tobias Brunner
     it so that packets can flow unchanged through the tunnels. (This means that all subnets connected in this
365 23 Tobias Brunner
     manner must have distinct, non-overlapping subnet address blocks.)  This is done by the default 
366 57 Tobias Brunner
     _ipsec _updown_ script.
367 23 Tobias Brunner
368 57 Tobias Brunner
p((. In situations calling for more control, it may be preferable for the user to supply his own _updown_ script,
369 23 Tobias Brunner
     which makes the appropriate adjustments for his system.
370 23 Tobias Brunner
371 31 Martin Willi
_left|rightgroups = <group list>_
372 1 Martin Willi
373 7 Martin Willi
p((. a comma-separated list of group names. If the _left|rightgroups_ parameter is present then the peer must
374 1 Martin Willi
     be a member of at least one of the groups defined by the parameter. Group membership must be certified by a
375 7 Martin Willi
     valid attribute certificate stored in [[IpsecDirectoryAcerts|/etc/ipsec.d/acerts]] that has been issued
376 23 Tobias Brunner
     to the peer by a trusted Authorization Authority stored in [[IpsecDirectoryAacerts|/etc/ipsec.d/aacerts]].
377 57 Tobias Brunner
     Attribute certificates are not supported by the charon daemon yet.
378 12 Martin Willi
379 57 Tobias Brunner
p((. Groups may also be used together with the [[EapRadius#Group-selection|eap-radius]] plugin.
380 57 Tobias Brunner
381 1 Martin Willi
_left|righthostaccess = yes | *no*_
382 1 Martin Willi
383 1 Martin Willi
p((. inserts a pair of INPUT and OUTPUT iptables rules using the default _ipsec _updown_ script,
384 1 Martin Willi
     thus allowing access to the host itself in the case where the host's internal interface is part
385 31 Martin Willi
     of the negotiated client subnet. 
386 1 Martin Willi
387 33 Tobias Brunner
_left|rightid = <id>_
388 23 Tobias Brunner
389 57 Tobias Brunner
p((. how the _left|right_ participant should be identified for authentication; defaults to _left|right_ or the subject of the certificate configured with _left|rightcert_.
390 57 Tobias Brunner
     Can be an IP address, a fully-qualified domain name, an email address, or a keyid.
391 57 Tobias Brunner
     Prior to [[5.0.0]] fully-qualified domain names can be preceded by an @ to avoid them being resolved to an IP address.
392 33 Tobias Brunner
393 23 Tobias Brunner
_left|rightid2 = <id>_
394 33 Tobias Brunner
395 33 Tobias Brunner
p((. Identity to use for the second authentication of the left participant (IKEv2 only).
396 33 Tobias Brunner
     Defaults to _left|rightid_.
397 33 Tobias Brunner
398 33 Tobias Brunner
_leftikeport = <port>_
399 33 Tobias Brunner
400 33 Tobias Brunner
p((. UDP port the left participant uses for IKE communication. Currently supported in IKEv2 connections only.
401 7 Martin Willi
     If unspecified, port 500 is used with the port floating to 4500 if a NAT is detected or MOBIKE is enabled.
402 23 Tobias Brunner
     Specifying a local IKE port different from the default additionally requires a socket implementation that
403 23 Tobias Brunner
     listens to this port.
404 21 Andreas Steffen
405 1 Martin Willi
_left|rightnexthop = %direct | %defaultroute | <ip address> | <fqdn>_
406 1 Martin Willi
407 57 Tobias Brunner
p((. This parameter is usually not needed any more because the NETKEY IPsec stack does not require
408 31 Martin Willi
     explicit routing entries for the traffic to be tunneled. If _left|sourceip_ is used with IKEv1
409 23 Tobias Brunner
     then _left|rightnexthop_ must still be set in order for the source routes to work properly.
410 57 Tobias Brunner
     Removed since [[5.0.0]].
411 7 Martin Willi
412 23 Tobias Brunner
_left|rightprotoport = <protocol>/<port>_
413 31 Martin Willi
414 23 Tobias Brunner
p((. restrict the traffic selector to a single protocol and/or port. Examples: _leftprotoport=tcp/http_
415 1 Martin Willi
     or _leftprotoport=6/80_ or _rightprotoport=udp_
416 1 Martin Willi
417 57 Tobias Brunner
_left|rightrsasigkey = *%cert* | <raw rsa public key> | <path to public key>_
418 1 Martin Willi
419 57 Tobias Brunner
p((. the left|right participant's public key for RSA signature authentication, in RFC 2537 format using hex (0x prefix) or base64 (0s prefix) encoding. Also accepted is the path to a file containing the public key in PEM or DER encoding. The default value _%cert_ means that the key is extracted from a certificate.
420 1 Martin Willi
421 1 Martin Willi
_left|rightsendcert = never | no | *ifasked* | always | yes_
422 33 Tobias Brunner
423 7 Martin Willi
p((. Accepted values are *never* or *no*, *always* or *yes*, and *ifasked*, the latter meaning that 
424 1 Martin Willi
     the peer must send a certificate request (CR) payload in order to get a certificate in return.
425 31 Martin Willi
426 1 Martin Willi
_leftsourceip = %config | %cfg | %modeconfig | %modecfg | <ip address>_
427 23 Tobias Brunner
428 21 Andreas Steffen
p((. The internal source IP to use in a tunnel, also known as [[VirtualIp|virtual IP]].
429 1 Martin Willi
     If the value is one of the synonyms _%modeconfig, %modecfg, %config_, or _%cfg_, an address is
430 31 Martin Willi
     requested from the peer. In IKEv2, a statically defined address is also requested, since the server
431 1 Martin Willi
     may change it.
432 33 Tobias Brunner
433 33 Tobias Brunner
_rightsourceip = %config | <network>/<netmask> | %poolname_
434 33 Tobias Brunner
435 33 Tobias Brunner
p((. The internal source IP to use in a tunnel for the remote peer. If the value is %config on the responder
436 33 Tobias Brunner
     side, the initiator must propose an address which is then echoed back. Also supported are address pools
437 33 Tobias Brunner
     expressed as _<network>/<netmask>_ or the use of an external IP address pool using _%%poolname_ where
438 33 Tobias Brunner
     _poolname_ is the name of the IP address pool used for the lookup (see [[VirtualIp|virtual IP]] for details). 
439 23 Tobias Brunner
440 23 Tobias Brunner
_left|rightsubnet = <ip subnet>_
441 31 Martin Willi
442 57 Tobias Brunner
p((. private subnet behind the left participant, expressed as network/netmask; if omitted, essentially assumed to be _left_/32, signifying that the _left|right_ end of the
443 57 Tobias Brunner
     connection goes to the _left|right_ participant only. The configured subnets of the peers may differ,
444 57 Tobias Brunner
     the protocol narrows it to the greatest common subnet. Since [[5.0.0]] this is also done for IKEv1, but as this
445 57 Tobias Brunner
     may lead to problems with other implementations, make sure to configure identical subnets in such configurations.
446 57 Tobias Brunner
     IKEv2 supports multiple subnets separated by commas, IKEv1 only interprets the first subnet of such a definition. 
447 21 Andreas Steffen
448 1 Martin Willi
_left|rightsubnetwithin = <ip subnet>_
449 31 Martin Willi
450 1 Martin Willi
p((. the  peer can propose any subnet or single IP address that fits within the range defined by
451 57 Tobias Brunner
     _left|rightsubnetwithin_.  Not relevant for IKEv2 (or IKEv1 since [[5.0.0]]), as subnets are narrowed.
452 1 Martin Willi
453 1 Martin Willi
_left|rightupdown = <path>_
454 31 Martin Willi
455 1 Martin Willi
p((. what _updown_ script to run to adjust routing and/or firewalling when the status of the connection
456 1 Martin Willi
     changes (default _ipsec _updown_). Relevant only locally, other end need not agree on it.
457 57 Tobias Brunner
     Charon uses the _updown_ script to insert firewall rules only, since routing has been implemented directly
458 57 Tobias Brunner
     into the daemon.
459 42 Tobias Brunner
460 44 Tobias Brunner
h2. IKEv2 Mediation Extension Parameters
461 42 Tobias Brunner
462 42 Tobias Brunner
The following parameters are relevant to IKEv2 Mediation Extension operation only.
463 42 Tobias Brunner
464 42 Tobias Brunner
_mediation = yes | *no*_
465 42 Tobias Brunner
466 42 Tobias Brunner
p((. whether this connection is a mediation connection,  ie.  whether this connection is used to mediate other
467 42 Tobias Brunner
     connections.  Mediation connections create no child SA. Acceptable values  are  no (the default) and yes.
468 42 Tobias Brunner
469 42 Tobias Brunner
_mediated_by = <name>_
470 42 Tobias Brunner
471 42 Tobias Brunner
p((. the  name  of the connection to mediate this connection through. If given, the connection will  be  mediated
472 42 Tobias Brunner
     through  the  named mediation  connection.  The mediation connection must set *mediation=yes*.
473 42 Tobias Brunner
474 42 Tobias Brunner
_me_peerid = <id>_
475 42 Tobias Brunner
476 42 Tobias Brunner
p((. ID as which the peer is known to the mediation server, ie. which the  other end of this connection uses as
477 42 Tobias Brunner
     its leftid on its connection to the mediation server.  This is the ID we request  the mediation server to
478 42 Tobias Brunner
     mediate us with.  If me_peerid is not given, the rightid of this connection will be used as peer ID.