Project

General

Profile

ipsec.conf: conn Reference » History » Version 67

Tobias Brunner, 23.07.2013 15:37
Updates for 5.1.0

1 50 Tobias Brunner
{{title(ipsec.conf: conn Reference)}}
2 49 Tobias Brunner
3 49 Tobias Brunner
h1. ipsec.conf: conn <name>
4 1 Martin Willi
5 44 Tobias Brunner
{{>toc}}
6 1 Martin Willi
7 44 Tobias Brunner
h2. General Connection Parameters
8 21 Andreas Steffen
9 36 Andreas Steffen
_aaa_identity = <id>_
10 36 Andreas Steffen
11 36 Andreas Steffen
p((. defines the identity of the AAA backend used during IKEv2 EAP authentication. This is required if
12 36 Andreas Steffen
     the EAP client uses a method that verifies the server identity (such as EAP-TLS), but it does not
13 36 Andreas Steffen
     match the IKEv2 gateway identity.
14 36 Andreas Steffen
15 58 Tobias Brunner
_aggressive = yes | *no*_
16 58 Tobias Brunner
17 58 Tobias Brunner
p((. whether to use IKEv1 Aggressive or Main Mode (the default). Available since [[5.0.0]].
18 58 Tobias Brunner
19 31 Martin Willi
_also = <section name>_
20 1 Martin Willi
21 57 Tobias Brunner
p((. includes conn section <name>.
22 1 Martin Willi
23 58 Tobias Brunner
_authby = *pubkey* | rsasig | ecdsasig | psk | secret | xauthrsasig | xauthpsk | never_
24 24 Andreas Steffen
25 31 Martin Willi
p((. how the two security gateways should authenticate each other; acceptable values are *secret* or *psk*
26 58 Tobias Brunner
     for pre-shared secrets, *pubkey* (the default) for public key signatures as well as the synonyms *rsasig*
27 58 Tobias Brunner
     for RSA digital signatures and *ecdsasig* for Elliptic Curve DSA signatures.
28 58 Tobias Brunner
     *never*  can be used if negotiation is never to be attempted or accepted (useful for shunt-only conns).
29 58 Tobias Brunner
     Digital signatures are superior in every way to shared secrets. IKEv1 additionally supports the values
30 58 Tobias Brunner
     *xauthpsk* and *xauthrsasig* that will enable _eXtended Authentication (XAuth)_ in addition to IKEv1 main
31 58 Tobias Brunner
     mode based on shared secrets or digital RSA signatures,  respectively.
32 58 Tobias Brunner
     This parameter is deprecated for IKEv2 connections (and IKEv1 connections since [[5.0.0]]), as two peers
33 58 Tobias Brunner
     do not need to agree on an authentication method. Use the _left|rightauth_ parameter instead to define
34 58 Tobias Brunner
     authentication methods.
35 1 Martin Willi
36 31 Martin Willi
_auto = *ignore* | add | route | start_
37 23 Tobias Brunner
38 1 Martin Willi
p((. what operation, if any, should be done automatically at IPsec startup. *add* loads a connection without
39 21 Andreas Steffen
     starting it. *route* loads a connection and installs kernel traps. If traffic is detected between
40 21 Andreas Steffen
     _leftsubnet_ and _rightsubnet_, a connection is established. *start* loads a connection and brings
41 58 Tobias Brunner
     it up immediately. *ignore* ignores the connection. This is equal to deleting a connection from the config
42 57 Tobias Brunner
     file. Relevant only locally, other end need not agree on it.
43 1 Martin Willi
44 23 Tobias Brunner
_closeaction = *none* | clear | hold | restart_
45 47 Tobias Brunner
46 47 Tobias Brunner
p((. defines the action to take if the remote peer unexpectedly closes a CHILD_SA (IKEv2 only, see _dpdaction_ for
47 47 Tobias Brunner
     meaning of values). A _closeaction_ should not be used if the peer uses reauthentication or uniqueids checking,
48 57 Tobias Brunner
     as these events might trigger the defined action when not desired.
49 47 Tobias Brunner
50 23 Tobias Brunner
_compress = yes | *no*_
51 31 Martin Willi
52 23 Tobias Brunner
p((. whether IPComp compression of content is proposed on the connection (link-level compression does not work on
53 57 Tobias Brunner
     encrypted data, so to be effective, compression must be done before encryption). A value of *yes* causes the daemon
54 57 Tobias Brunner
     to propose both compressed and  uncompressed, and  prefer compressed. A value of *no* prevents the daemon from proposing or accepting compression.
55 1 Martin Willi
56 21 Andreas Steffen
_dpdaction = *none* | clear | hold | restart_
57 21 Andreas Steffen
58 21 Andreas Steffen
p((. controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages
59 1 Martin Willi
     (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the
60 1 Martin Willi
     IPsec peer. The values *clear*, *hold*, and *restart* all activate DPD. If no activity is detected,
61 1 Martin Willi
     all  connections with a dead peer are stopped and unrouted (*clear*), put in the hold state (*hold*)
62 57 Tobias Brunner
     or restarted (*restart*). The default is *none* which disables the active sending of DPD messages.
63 21 Andreas Steffen
64 21 Andreas Steffen
_dpddelay = *30s* | <time>_
65 41 Tobias Brunner
66 1 Martin Willi
p((. defines  the  period time interval with which R_U_THERE messages/INFORMATIONAL exchanges are sent to the peer.
67 31 Martin Willi
     These are only sent if no other traffic is received. In IKEv2, a value of 0 sends no additional INFORMATIONAL
68 1 Martin Willi
     messages and uses only standard messages (such as those to rekey) to detect dead peers.
69 30 Martin Willi
70 31 Martin Willi
_dpdtimeout = *150s* | <time>_
71 30 Martin Willi
72 30 Martin Willi
p((. defines the timeout interval, after which all connections to a peer are deleted in case of inactivity.
73 54 Andreas Steffen
     This only applies to IKEv1, in IKEv2 the default [[Retransmission|retransmission timeout]] applies, as every exchange is used to
74 23 Tobias Brunner
     detect dead peers.
75 41 Tobias Brunner
76 1 Martin Willi
_inactivity = <time>_
77 1 Martin Willi
78 55 Andreas Steffen
p((. defines the timeout interval, after which a CHILD_SA is closed if it did not send or receive any traffic.
79 65 Andreas Steffen
     Not supported for IKEv1 connections prior to [[5.0.0]].
80 21 Andreas Steffen
81 1 Martin Willi
_eap_identity = <id>_
82 1 Martin Willi
83 41 Tobias Brunner
p((. defines the identity the client uses to reply to an EAP Identity request. If defined on the EAP server, the defined
84 1 Martin Willi
     identity  will be used as peer identity during EAP authentication. The special value _%identity_ uses the EAP Identity method
85 23 Tobias Brunner
     to ask the client for a EAP identity. If not defined, the IKEv2 identity will be used as EAP identity.
86 1 Martin Willi
87 31 Martin Willi
_esp = <cipher suites>_
88 23 Tobias Brunner
89 14 Martin Willi
p((. comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g.
90 1 Martin Willi
     _aes128-sha256_. The notation is _encryption-integrity[-dhgroup][-esnmode]_.
91 1 Martin Willi
     Defaults to *aes128-sha1,3des-sha1*. The daemon adds its extensive default proposal to
92 57 Tobias Brunner
     this default or the configured value. To restrict it to the configured proposal an exclamation mark (*&#33;*)
93 48 Tobias Brunner
     can be added at the end.
94 48 Tobias Brunner
     *Note*: As a responder both daemons accept the first supported proposal received from the peer. In order
95 51 Tobias Brunner
     to restrict a responder to only accept specific cipher suites, the strict flag (*&#33;*, exclamation mark)
96 48 Tobias Brunner
     can be used, e.g: _aes256-sha512-modp4096!_
97 58 Tobias Brunner
     If _dh-group_ is specified, CHILD_SA setup and rekeying include a separate Diffe-Hellman exchange (since
98 58 Tobias Brunner
     [[5.0.0]] this also applies to IKEv1 Quick Mode).
99 48 Tobias Brunner
     Valid values for _esnmode_ (IKEv2 only) are _esn_ and _noesn_.  Specifying both negotiates extended sequence
100 1 Martin Willi
     number support with the peer, the default is *noesn*.
101 1 Martin Willi
     Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords.
102 1 Martin Willi
103 1 Martin Willi
_forceencaps = yes | *no*_
104 48 Tobias Brunner
105 48 Tobias Brunner
p((.  force UDP encapsulation for ESP packets even if no NAT situation is detected.
106 43 Tobias Brunner
      This may help to surmount restrictive firewalls. In order to force the peer to
107 57 Tobias Brunner
      encapsulate packets, NAT detection payloads are faked.
108 65 Andreas Steffen
      Not supported for IKEv1 connections prior to [[5.0.0]].
109 1 Martin Willi
110 60 Tobias Brunner
_fragmentation = yes | force | *no*_
111 60 Tobias Brunner
112 60 Tobias Brunner
p((.  whether to use IKE fragmentation (proprietary IKEv1 extension). Fragmented messages sent by a peer are always
113 60 Tobias Brunner
      accepted irrespective of the value of this option. If set to *yes* and the peer supports it, larger IKE messages
114 60 Tobias Brunner
      will be sent in fragments (the maximum fragment size can be configured in [[strongswan.conf]]). If set to *force*
115 60 Tobias Brunner
      the initial IKE message will already be fragmented if required.
116 65 Andreas Steffen
      Available for IKEv1 connections since [[5.0.2]].
117 60 Tobias Brunner
118 31 Martin Willi
_ike = <cipher suites>_
119 1 Martin Willi
120 1 Martin Willi
p((. comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms to be used, e.g.
121 59 Tobias Brunner
     _aes128-sha1-modp2048_. The notation is _encryption-integrity[-prf]-dhgroup_. In IKEv2, multiple algorithms
122 1 Martin Willi
     and proposals may be included, such as _aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1024_.
123 59 Tobias Brunner
     
124 59 Tobias Brunner
p((. The ability to configure a PRF algorithm different to that defined for integrity protection was added with [[5.0.2]].
125 59 Tobias Brunner
     If no PRF is configured, the algorithms defined for integrity are proposed as PRF.  The prf keywords are the same as
126 59 Tobias Brunner
     the integrity algorithms, but have a _prf_ prefix (such as _prfsha1_, _prfsha256_ or _prfaesxcbc_).
127 59 Tobias Brunner
128 59 Tobias Brunner
p((. Defaults to *aes128-sha1-modp2048,3des-sha1-modp1536* for IKEv1. The daemon adds its extensive default proposal
129 59 Tobias Brunner
     to this default or the configured value. To restrict it to the configured proposal an exclamation mark (*&#33;*) can be added at the end.
130 59 Tobias Brunner
     Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords.
131 59 Tobias Brunner
     
132 59 Tobias Brunner
p((. *Note*: As a responder both daemons accept the first supported proposal received from the peer. In order
133 51 Tobias Brunner
     to restrict a responder to only accept specific cipher suites, the strict flag (*&#33;*, exclamation mark)
134 48 Tobias Brunner
     can be used, e.g: _aes256-sha512-modp4096!_
135 51 Tobias Brunner
136 62 Tobias Brunner
_ikedscp = *000000* | <DSCP field>_
137 62 Tobias Brunner
138 62 Tobias Brunner
p((. Differentiated Services Field Codepoint to set on outgoing IKE packets sent
139 62 Tobias Brunner
     from this connection. The value is a six digit binary encoded string defining
140 62 Tobias Brunner
     the Codepoint to set, as defined in "RFC 2474":http://tools.ietf.org/html/rfc2474.
141 62 Tobias Brunner
142 48 Tobias Brunner
_ikelifetime = *3h* | <time>_
143 43 Tobias Brunner
144 58 Tobias Brunner
p((. how long the keying channel of a connection (_ISAKMP or IKE SA_) should last before being renegotiated.
145 58 Tobias Brunner
     Also see [[ExpiryRekey|Expiry and Rekey]].
146 31 Martin Willi
147 40 Tobias Brunner
_installpolicy = *yes* | no_
148 1 Martin Willi
149 58 Tobias Brunner
p((. decides whether IPsec policies are installed in the kernel by the charon daemon for a given connection.
150 31 Martin Willi
     Allows peaceful cooperation e.g. with the Mobile IPv6  _mip6d_ daemon who wants to control the kernel policies.
151 23 Tobias Brunner
152 21 Andreas Steffen
_keyexchange = *ike* | ikev1 | ikev2_
153 1 Martin Willi
154 23 Tobias Brunner
p((. method of key exchange; which protocol should be used to initialize the connection.
155 58 Tobias Brunner
     Prior to [[5.0.0]] connections marked with *ikev1*  were initiated with Pluto, those marked with *ikev2* with Charon.
156 58 Tobias Brunner
     An incoming request from the remote peer was handled by the correct daemon, unaffected from the _keyexchange_ setting.
157 57 Tobias Brunner
     Starting with strongSwan [[4.5.0]] the default value *ike* is a synonym for *ikev2*, whereas in older strongSwan releases *ikev1* was assumed.
158 57 Tobias Brunner
     Since [[5.0.0]] both protocols are handled by Charon and connections marked with *ike* will use IKEv2 when initiating, but accept any protocol version when responding.
159 38 Andreas Steffen
160 38 Andreas Steffen
_keyingtries = *3* | <number> | %forever_
161 20 Andreas Steffen
162 45 Tobias Brunner
p((. how  many attempts (a positive integer or _%forever_) should be made to negotiate a connection, or a replacement
163 31 Martin Willi
     for one, before giving up (default 3). The value _%forever_ means 'never give up'.  Relevant  only  locally, other end need
164 46 Daniel Mentz
     not agree on it.
165 45 Tobias Brunner
166 1 Martin Willi
_keylife_
167 26 Tobias Brunner
168 31 Martin Willi
p((. synonym for _lifetime_.
169 26 Tobias Brunner
170 26 Tobias Brunner
_lifebytes = <number>_
171 31 Martin Willi
172 65 Andreas Steffen
p((. the number of bytes transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to [[5.0.0]].
173 26 Tobias Brunner
174 26 Tobias Brunner
_lifepackets = <number>_
175 1 Martin Willi
176 65 Andreas Steffen
p((. the number of packets transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to [[5.0.0]].
177 1 Martin Willi
178 31 Martin Willi
_lifetime = *1h* | <time>_
179 26 Tobias Brunner
180 31 Martin Willi
p((. how  long  a  particular  instance  of a connection (a set of encryption/authentication keys for user packets)
181 1 Martin Willi
     should last, from successful negotiation to expiry; acceptable values are an integer optionally followed by
182 1 Martin Willi
     _s_ (a time in seconds) or a decimal number followed by _m_, _h_, or _d_ (a time in minutes, hours,
183 21 Andreas Steffen
     or days respectively) (default _1h_, maximum _24h_).  Normally, the connection is renegotiated (via the
184 1 Martin Willi
     keying  channel) before it expires (see _margintime_).  The two ends need not exactly agree on _lifetime_, although if they
185 1 Martin Willi
     do not, there will be some clutter of superseded connections on the end which thinks the lifetime is longer.
186 1 Martin Willi
     Also see [[ExpiryRekey|Expiry and Rekey]].
187 40 Tobias Brunner
188 1 Martin Willi
_marginbytes = <number>_
189 26 Tobias Brunner
190 57 Tobias Brunner
p((. how many bytes before IPsec SA expiry (see _lifebytes_) should attempts to negotiate a replacement begin.
191 26 Tobias Brunner
192 26 Tobias Brunner
_marginpackets = <number>_
193 26 Tobias Brunner
194 57 Tobias Brunner
p((. how many packets before IPsec SA expiry (see _lifepackets_) should attempts to negotiate a replacement begin.
195 26 Tobias Brunner
196 40 Tobias Brunner
_margintime = *9m* | <time>_
197 1 Martin Willi
198 1 Martin Willi
p((. how long before connection expiry or keying-channel expiry should attempts to negotiate a replacement begin; acceptable values
199 26 Tobias Brunner
     as for _lifetime_ (default _9m_).  Relevant only locally, other end need not agree on it. Also see [[ExpiryRekey|Expiry and Rekey]].
200 35 Andreas Steffen
201 35 Andreas Steffen
_mark = <value>[/<mask>]_
202 37 Tobias Brunner
203 35 Andreas Steffen
p((. sets  an XFRM mark in the inbound and outbound IPsec SAs and policies. If the mask is missing then
204 39 Gerd v. Egidy
     a default mask of *0xffffffff* is assumed.
205 35 Andreas Steffen
206 57 Tobias Brunner
_mark_in = <value>[/<mask>]_
207 1 Martin Willi
208 1 Martin Willi
p((. sets an XFRM mark in the inbound IPsec SA and policy. If the mask is missing then
209 57 Tobias Brunner
     a default mask of *0xffffffff* is assumed.
210 57 Tobias Brunner
211 39 Gerd v. Egidy
_mark_out = <value>[/<mask>]_
212 35 Andreas Steffen
213 1 Martin Willi
p((. sets an XFRM mark in the outbound IPsec SA and policy. If the mask is missing then
214 23 Tobias Brunner
     a default mask of *0xffffffff* is assumed.
215 31 Martin Willi
216 21 Andreas Steffen
_mobike = *yes* | no_
217 1 Martin Willi
218 1 Martin Willi
p((. enables the IKEv2 [[MobIke|MOBIKE]] protocol defined by RFC 4555. If set to *no*, the charon
219 23 Tobias Brunner
     daemon will not actively propose [[MobIke|MOBIKE]] as initiator and ignore the MOBIKE_SUPPORTED
220 31 Martin Willi
     notify as responder.
221 23 Tobias Brunner
222 57 Tobias Brunner
_modeconfig = push | *pull*_
223 21 Andreas Steffen
224 1 Martin Willi
p((. defines which mode is used to assign a virtual IP. Currently relevant for IKEv1 only since IKEv2 always uses
225 1 Martin Willi
     the configuration payload in *pull* mode. Cisco VPN gateways usually operate in *push* mode.
226 23 Tobias Brunner
     The charon daemon currently does not support push mode, hence with [[5.0.0]] this parameter has no effect.
227 57 Tobias Brunner
228 21 Andreas Steffen
_reauth = *yes* | no_
229 31 Martin Willi
230 20 Andreas Steffen
p((. whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done.
231 1 Martin Willi
     In  IKEv2, a value of *no* rekeys without uninstalling the IPsec SAs, a value of *yes* (the default)
232 23 Tobias Brunner
     creates a new IKE_SA from scratch and tries to recreate all IPsec SAs.
233 23 Tobias Brunner
234 1 Martin Willi
_rekey = *yes* | no_
235 1 Martin Willi
236 1 Martin Willi
p((. whether a connection should be renegotiated when it is about to expire. The two ends need not agree, but
237 1 Martin Willi
     while a value of no prevents the daemon from requesting renegotiation, it does not prevent responding
238 58 Tobias Brunner
     to renegotiation requested from the other end, so no will be largely ineffective unless both ends agree on it.
239 58 Tobias Brunner
     Also see _reauth_.
240 1 Martin Willi
241 1 Martin Willi
_rekeyfuzz = *100%* | <percentage>_
242 1 Martin Willi
243 31 Martin Willi
p((. maximum percentage by which _marginbytes_, _marginpackets_ and _margintime_ should be randomly increased to randomize
244 1 Martin Willi
     rekeying intervals (important for hosts with many connections); acceptable values are an integer, which may exceed 100,
245 4 Martin Willi
     followed  by  a '%' .
246 23 Tobias Brunner
     The value of _marginTYPE_, after this random increase, must not exceed _lifeTYPE_ (where TYPE is one of bytes, packets or type).
247 23 Tobias Brunner
     The value _0%_ will suppress randomization. Relevant only locally, other end need not agree on it.
248 31 Martin Willi
     Also see [[ExpiryRekey|Expiry and Rekey]].
249 1 Martin Willi
250 1 Martin Willi
_rekeymargin_
251 1 Martin Willi
252 1 Martin Willi
p((.  synonym for _margintime_.
253 1 Martin Willi
254 1 Martin Willi
_reqid = <number>_
255 1 Martin Willi
256 57 Tobias Brunner
p((. sets the reqid for a given connection to a pre-configured fixed value.
257 26 Tobias Brunner
258 57 Tobias Brunner
_tfc = <value>_
259 1 Martin Willi
260 57 Tobias Brunner
p((. number of bytes to pad ESP payload data to. Traffic Flow Confidentiality is currently supported in IKEv2 and applies to outgoing packets only. The special value %mtu fills up ESP packets with padding to have the size of the MTU.
261 57 Tobias Brunner
262 57 Tobias Brunner
_type = *tunnel* | transport | transport_proxy | passthrough | drop_
263 57 Tobias Brunner
264 1 Martin Willi
p((. the type of the connection; currently the accepted values are *tunnel*, signifying a  host-to-host,
265 1 Martin Willi
     host-to-subnet, or subnet-to-subnet tunnel; *transport*, signifying host-to-host transport mode;
266 1 Martin Willi
     *transport_proxy*, signifying the special Mobile IPv6 transport proxy mode;
267 31 Martin Willi
     *passthrough*, signifying that no IPsec processing should be done at all; *drop*, signifying that packets
268 23 Tobias Brunner
     should be  discarded.
269 41 Tobias Brunner
270 34 Tobias Brunner
_xauth = *client* | server_
271 57 Tobias Brunner
272 21 Andreas Steffen
p((. specifies the role in the XAuth protocol if activated by _authby=xauthpsk_ or _authby=xauthrsasig_.
273 1 Martin Willi
274 21 Andreas Steffen
_xauth_identity = <id>_
275 23 Tobias Brunner
276 20 Andreas Steffen
p((. defines the identity/username the client uses to reply to an XAuth request. If not defined, the IKEv1 identity will be used as XAuth identity.
277 53 Tobias Brunner
278 23 Tobias Brunner
279 20 Andreas Steffen
h2. left|right End Parameters
280 1 Martin Willi
281 1 Martin Willi
Connection descriptions are defined in terms of a left endpoint and a right endpoint. For example, the
282 1 Martin Willi
two parameters leftid and rightid specify the identity of the left and the right endpoint. For every
283 52 Tobias Brunner
connection description an attempt is made to figure out whether the local endpoint should act as the left or
284 52 Tobias Brunner
the right endpoint. This is done by matching the IP addresses defined for both endpoints with the
285 1 Martin Willi
IP addresses assigned to local network interfaces. If a match is found then the role (left or right) that
286 1 Martin Willi
matches is going to be considered "local". If no match is found during startup, "left" is considered "local".
287 1 Martin Willi
288 1 Martin Willi
_left|right = <ip address> | <fqdn> | *%any*_
289 52 Tobias Brunner
290 52 Tobias Brunner
p((. (required) the IP address of the participant's public-network interface or one of several magic values.
291 57 Tobias Brunner
     The value _%any_ for the local endpoint signifies an address to be filled in
292 52 Tobias Brunner
     (by automatic keying) during negotiation. If the local peer initiates the connection setup the routing table
293 23 Tobias Brunner
     will be queried to determine the correct local IP address. In case the local peer is responding to a connection
294 1 Martin Willi
     setup then any IP address that is assigned to a local interface will be accepted.
295 1 Martin Willi
296 58 Tobias Brunner
p((. Prior to [[5.0.0]] specifying _%%any_ for the local endpoint was not supported for IKEv1 connections, instead
297 58 Tobias Brunner
     the keyword _%%defaultroute_ could be used, causing the value to be filled in automatically with the local
298 58 Tobias Brunner
     address of the default-route interface (as determined at IPsec startup time and during configuration
299 57 Tobias Brunner
     update). Either left or right may be _%defaultroute_, but not both.
300 57 Tobias Brunner
301 57 Tobias Brunner
p((. The prefix % in front of a fully-qualified domain name or an IP address will implicitly set _left|rightallowany=yes_.
302 1 Martin Willi
          
303 57 Tobias Brunner
p((. If _%any_ is used for the remote endpoint it literally means any IP address.
304 1 Martin Willi
     
305 31 Martin Willi
p((. Please note that with the usage of wildcards multiple connection descriptions might match a given incoming
306 33 Tobias Brunner
     connection attempt. The most specific description is used in that case.
307 33 Tobias Brunner
308 33 Tobias Brunner
_left|rightallowany = yes | *no*_
309 1 Martin Willi
310 29 Daniel Mentz
p((. a modifier for _left|right_, making it behave as _%any_ although a concrete IP address has been
311 1 Martin Willi
     assigned. Recommended for dynamic IP addresses that can be resolved by DynDNS at IPsec startup or update time.
312 1 Martin Willi
313 1 Martin Willi
_left|rightauth = <auth method>_
314 1 Martin Willi
315 58 Tobias Brunner
p((. Authentication method to use locally (left) or require from the remote (right) side. Acceptable values are *pubkey*
316 58 Tobias Brunner
     for public key encryption (RSA/ECDSA), *psk* for pre-shared key authentication, *eap* to [require the] use of the Extensible Authentication Protocol, and *xauth* for IKEv1 eXtended Authentication.
317 32 Daniel Mentz
     To require a trustchain public key strength for the remote side, specify the key type followed
318 57 Tobias Brunner
     by the minimum strength iin bits (for example *ecdsa-384* or *rsa-2048-ecdsa-256*).
319 57 Tobias Brunner
     To limit the acceptable set of hashing algorithms for trustchain validation, append hash algorithms
320 57 Tobias Brunner
     to *pubkey* or a key strength definition (for example *pubkey-sha1-sha256* or *rsa-2048-ecdsa-256-sha256-sha384-sha512*).
321 1 Martin Willi
     In the case of *eap*, an optional EAP method can be appended. Currently defined methods are *eap-aka*,
322 58 Tobias Brunner
     *eap-gtc*, *eap-md5*, *eap-mschapv2*, *eap-peap*, *eap-sim*, *eap-tls*, *eap-ttls*, *eap-dynamic*, and *eap-radius*.
323 58 Tobias Brunner
     Alternatively, IANA assigned EAP method numbers are accepted. Vendor specific EAP methods are defined in the form
324 1 Martin Willi
     *eap-type-vendor* (e.g. *eap-7-12345*).
325 1 Martin Willi
     For *xauth*, an XAuth authentication backend can be specified, such as *xauth-generic* or *xauth-eap*. If XAuth is used in _leftauth_, Hybrid authentication is used. For traditional XAuth authentication, define XAuth in _leftauth2_.
326 1 Martin Willi
327 66 Andreas Steffen
p((. Not supported for IKEv1 connections prior to [[5.0.0]].
328 1 Martin Willi
329 57 Tobias Brunner
330 27 Daniel Mentz
_left|rightauth2 = <auth method>_
331 33 Tobias Brunner
332 58 Tobias Brunner
p((. Same as _left|rightauth_, but defines an additional authentication exchange. In IKEv1, only XAuth can be used
333 58 Tobias Brunner
     in the second authentication round. IKEv2 supports multiple complete authentication rounds using
334 58 Tobias Brunner
     _Multiple Authentication Exchanges_ defined in "RFC 4739":http://tools.ietf.org/html/rfc4739. This allows e.g. a separate authentication of host and user.
335 57 Tobias Brunner
336 66 Andreas Steffen
p((. Not supported for IKEv1 connections prior to [[5.0.0]].
337 7 Martin Willi
    
338 31 Martin Willi
339 57 Tobias Brunner
_left|rightca = <issuer dn> | %same_
340 23 Tobias Brunner
341 57 Tobias Brunner
p((. the distinguished name of a certificate authority which is required to lie in the trust path going from the
342 57 Tobias Brunner
     _left|right_ participant's certificate up to the root certification authority.
343 58 Tobias Brunner
     *%same* means that the value configured for the other participant should be reused.
344 56 Andreas Steffen
345 1 Martin Willi
_left|rightca2 = <issuer dn> | %same_
346 56 Andreas Steffen
347 23 Tobias Brunner
p((. Same as _left|rightca_ but for the second authentication (IKev2 only).
348 21 Andreas Steffen
349 1 Martin Willi
_left|rightcert = <path>_
350 1 Martin Willi
351 1 Martin Willi
p((. the path to the left|right participant's X.509 certificate. The file can be coded either in PEM or DER format.
352 1 Martin Willi
     OpenPGP certificates are supported as well.  Both absolute paths or paths relative to
353 23 Tobias Brunner
     [[IpsecDirectoryCerts|/etc/ipsec.d/certs]] are accepted. By default _left|rightcert_ sets _left|rightid_
354 58 Tobias Brunner
     to the distinguished name of the certificate's subject. The _left|right_ participant's ID can be overridden
355 58 Tobias Brunner
     by specifying a _left|rightid_ value which must be certified by the certificate, though.
356 31 Martin Willi
357 61 Tobias Brunner
p((. Since [[5.0.2]] certificates can be configured in the form _%smartcard[<slot nr>[@<module>]]:<keyid>_, which
358 61 Tobias Brunner
     defines a specific certificate to load from a PKCS#11 backend for this connection (e.g. via the [[PKCS11Plugin|pkcs11 plugin]]).
359 61 Tobias Brunner
     See [[PinSecret|ipsec.secrets]] for details about smartcard definitions.
360 61 Tobias Brunner
     Defining a certificate on a smartcard with _left|rightcert_ is only required if the automatic selection via _left|rightid_
361 61 Tobias Brunner
     is not sufficient, for example, if multiple certificates use the same subject.
362 61 Tobias Brunner
363 64 Tobias Brunner
p((. Since [[5.0.3]] multiple certificate paths or PKCS#11 backends can be specified in a comma separated list.
364 64 Tobias Brunner
     The daemon chooses the certificate based on the received certificate requests, if possible, before enforcing
365 64 Tobias Brunner
     the first.
366 64 Tobias Brunner
367 23 Tobias Brunner
_left|rightcert2 = <path>_
368 23 Tobias Brunner
369 57 Tobias Brunner
p((. Same as _left|rightcert_ but for the second authentication round (IKEv2 only).
370 21 Andreas Steffen
371 1 Martin Willi
_left|rightcertpolicy = <OIDs>_
372 33 Tobias Brunner
373 7 Martin Willi
p((. Comma separated list of certificate policy OIDs the peer's certificate must have.
374 66 Andreas Steffen
     OIDs are specified using the numerical dotted representation. Not supported for IKEv1 connections prior to [[5.0.0]].
375 1 Martin Willi
376 58 Tobias Brunner
_left|rightdns = <servers>_
377 58 Tobias Brunner
378 58 Tobias Brunner
p((. Comma separated list of DNS server addresses to exchange as configuration attributes. On the initiator,
379 58 Tobias Brunner
     a server is a fixed IPv4/IPv6 address, or _%config4/%config6_ to request attributes without an address.
380 58 Tobias Brunner
     On the responder, only fixed IPv4/IPv6 addresses are allowed and define DNS servers assigned to the client.
381 58 Tobias Brunner
     Available since [[5.0.1]].
382 58 Tobias Brunner
383 1 Martin Willi
_left|rightfirewall = yes | *no*_
384 23 Tobias Brunner
385 1 Martin Willi
p((. whether the _left|right_ participant is doing forwarding-firewalling (including  masquerading)
386 1 Martin Willi
     using iptables for traffic from _left|rightsubnet_, which should be turned off for traffic to the
387 1 Martin Willi
     other subnet) once the connection is established. May not be used in the same connection description with
388 1 Martin Willi
     _left|rightupdown_. Implemented as a parameter to the default _ipsec _updown_ script. Relevant only
389 1 Martin Willi
     locally, other end need not agree on it.
390 1 Martin Willi
391 1 Martin Willi
p((. If one or  both security gateways are doing forwarding firewalling (possibly including masquerading),
392 23 Tobias Brunner
     and this is specified using the firewall parameters, tunnels  established with  IPsec  are exempted from
393 20 Andreas Steffen
     it so that packets can flow unchanged through the tunnels. (This means that all subnets connected in this
394 23 Tobias Brunner
     manner must have distinct, non-overlapping subnet address blocks.)  This is done by the default 
395 57 Tobias Brunner
     _ipsec _updown_ script.
396 1 Martin Willi
397 1 Martin Willi
p((. In situations calling for more control, it may be preferable for the user to supply his own _updown_ script,
398 1 Martin Willi
     which makes the appropriate adjustments for his system.
399 1 Martin Willi
400 1 Martin Willi
_left|rightgroups = <group list>_
401 1 Martin Willi
402 31 Martin Willi
p((. a comma-separated list of group names. If the _left|rightgroups_ parameter is present then the peer must
403 58 Tobias Brunner
     be a member of at least one of the groups defined by the parameter. Groups may be used together with the
404 58 Tobias Brunner
     [[EapRadius#Group-selection|eap-radius]] plugin.
405 57 Tobias Brunner
406 58 Tobias Brunner
_left|rightgroups2 = <group list>_
407 1 Martin Willi
408 58 Tobias Brunner
p((. Same as _left|rightgroups_ but for the second authentication round defined with _left|rightauth2_.
409 58 Tobias Brunner
     Available since [[5.0.1]].
410 58 Tobias Brunner
411 1 Martin Willi
_left|righthostaccess = yes | *no*_
412 1 Martin Willi
413 1 Martin Willi
p((. inserts a pair of INPUT and OUTPUT iptables rules using the default _ipsec _updown_ script,
414 1 Martin Willi
     thus allowing access to the host itself in the case where the host's internal interface is part
415 1 Martin Willi
     of the negotiated client subnet. 
416 33 Tobias Brunner
417 23 Tobias Brunner
_left|rightid = <id>_
418 57 Tobias Brunner
419 57 Tobias Brunner
p((. how the _left|right_ participant should be identified for authentication; defaults to _left|right_ or the subject of the certificate configured with _left|rightcert_.
420 57 Tobias Brunner
     Can be an IP address, a fully-qualified domain name, an email address, or a keyid.
421 33 Tobias Brunner
     Prior to [[5.0.0]] fully-qualified domain names can be preceded by an @ to avoid them being resolved to an IP address.
422 23 Tobias Brunner
423 58 Tobias Brunner
p((. Since [[5.0.1]] _rightid_ for IKEv2 connections optionally takes a % as prefix in front of the identity.
424 58 Tobias Brunner
     If given it prevents the daemon from sending IDr in its IKE_AUTH request and will allow it to verify the 
425 58 Tobias Brunner
     configured identity against the subject and subjectAltNames contained in the responder's certificate (otherwise,
426 58 Tobias Brunner
     it is only compared with the IDr returned by the responder). The IDr sent by the initiator might otherwise 
427 58 Tobias Brunner
     prevent the responder from finding a config if it has configured a different value for _leftid_.
428 58 Tobias Brunner
429 33 Tobias Brunner
_left|rightid2 = <id>_
430 7 Martin Willi
431 23 Tobias Brunner
p((. Identity to use for the second authentication of the left participant (IKEv2 only).
432 23 Tobias Brunner
     Defaults to _left|rightid_.
433 21 Andreas Steffen
434 1 Martin Willi
_leftikeport = <port>_
435 1 Martin Willi
436 58 Tobias Brunner
p((. UDP port the left participant uses for IKE communication. If unspecified, port 500 is used with the port
437 1 Martin Willi
     floating to 4500 if a NAT is detected or MOBIKE is enabled.
438 1 Martin Willi
     Specifying a local IKE port different from the default additionally requires a socket implementation that
439 66 Andreas Steffen
     listens to this port. Not supported for IKEv1 connections prior to [[5.0.0]].
440 1 Martin Willi
441 1 Martin Willi
_left|rightprotoport = <protocol>/<port>_
442 1 Martin Willi
443 1 Martin Willi
p((. restrict the traffic selector to a single protocol and/or port. Examples: _leftprotoport=tcp/http_
444 58 Tobias Brunner
     or _leftprotoport=6/80_ or _leftprotoport=udp_ or _leftprotoport=/53_. Instead of omitting either value
445 58 Tobias Brunner
     *%any* can be used to the same effect, e.g. _leftprotoport=udp/%any_ or _leftprotoport=%any/53_.
446 63 Tobias Brunner
     Since [[5.0.3]] the port value can alternatively take the value _%opaque_ for RFC 4301 OPAQUE selectors,
447 63 Tobias Brunner
     or a numerical range in the form _1024-65535_. None of the kernel backends currently supports opaque or
448 63 Tobias Brunner
     port ranges and uses _%any_ for policy installation instead.
449 1 Martin Willi
450 67 Tobias Brunner
p((. Since [[5.1.0]] protocol/port information can be defined for each subnet directly in _left|rightsubnet_.
451 67 Tobias Brunner
452 1 Martin Willi
_left|rightrsasigkey = <raw rsa public key> | <path to public key>_
453 1 Martin Willi
454 67 Tobias Brunner
p((. Since [[5.1.0]] a synonym for _left|rightsigkey_. Before that it denoted the left|right participant's public key
455 67 Tobias Brunner
for RSA signature authentication, in RFC 2537 format using hex (0x prefix) or base64 (0s prefix) encoding.
456 67 Tobias Brunner
Also accepted is the path to a file containing the public key in PEM or DER encoding.
457 1 Martin Willi
458 67 Tobias Brunner
_left|rightsigkey = <raw public key> | <path to public key>_
459 67 Tobias Brunner
460 67 Tobias Brunner
p((. Added with [[5.1.0]]. The left|right participant's public key for public key signature authenticaiton, in PKCS#1
461 67 Tobias Brunner
format using  using hex (0x prefix) or base64 (0s prefix) encoding. With the optional _dns:_ or _ssh:_ prefix in front
462 67 Tobias Brunner
of 0x or 0x, the public key is expected in either the RFC 3110 (not the full RR, only the RSA key part) or
463 67 Tobias Brunner
RFC 4253 public key format, respectively.
464 67 Tobias Brunner
Also accepted is the path to a file containing the public key in PEM or DER encoding.
465 67 Tobias Brunner
466 1 Martin Willi
_left|rightsendcert = never | no | *ifasked* | always | yes_
467 1 Martin Willi
468 1 Martin Willi
p((. Accepted values are *never* or *no*, *always* or *yes*, and *ifasked*, the latter meaning that 
469 1 Martin Willi
     the peer must send a certificate request (CR) payload in order to get a certificate in return.
470 1 Martin Willi
471 58 Tobias Brunner
_leftsourceip = %config4 | %config6 | <ip address>_
472 1 Martin Willi
473 1 Martin Willi
p((. The internal source IP to use in a tunnel, also known as [[VirtualIp|virtual IP]].
474 58 Tobias Brunner
     If the value is one of the synonyms _%config_, _%cfg_, _%modeconfig_ or _%modecfg_, an address (from
475 58 Tobias Brunner
     the tunnel address family) is requested from the peer.
476 58 Tobias Brunner
     Since [[5.0.1]] a comma-separated list is accepted to request multiple addresses, and with _%config4_ and
477 58 Tobias Brunner
     _%config6_ an address of the given address family will be requested explicitly.
478 58 Tobias Brunner
     If an IP address is configured, it will be requested from the responder, which is free to respond with a
479 31 Martin Willi
     different address.
480 23 Tobias Brunner
481 57 Tobias Brunner
_rightsourceip = %config | <network>/<netmask> | %poolname_
482 7 Martin Willi
483 23 Tobias Brunner
p((. The internal source IP to use in a tunnel for the remote peer. If the value is %config on the responder
484 31 Martin Willi
     side, the initiator must propose an address which is then echoed back. Also supported are address pools
485 58 Tobias Brunner
     expressed as _<network>/<netmask>_ or the use of an external IP address pool using _%%poolname_ where
486 58 Tobias Brunner
     _poolname_ is the name of the IP address pool used for the lookup (see [[VirtualIp|virtual IP]] for details).
487 1 Martin Willi
     Since [[5.0.1]] a comma-separated list of IP addresses / pools is accepted, for instance, to define pools of
488 58 Tobias Brunner
     different address families. 
489 57 Tobias Brunner
490 67 Tobias Brunner
_left|rightsubnet = <ip subnet>![[<proto/port>]][,...]_
491 57 Tobias Brunner
492 58 Tobias Brunner
p((. private subnet behind the left participant, expressed as network/netmask; if omitted, essentially assumed
493 58 Tobias Brunner
     to be _left_/32|128, signifying that the _left|right_ end of the connection goes to the _left|right_ participant only.
494 58 Tobias Brunner
     The configured subnets of the peers may differ, the protocol narrows it to the greatest common subnet.
495 58 Tobias Brunner
     Since [[5.0.0]] this is also done for IKEv1, but as this may lead to problems with other implementations,
496 1 Martin Willi
     make sure to configure identical subnets in such configurations.
497 1 Martin Willi
     IKEv2 supports multiple subnets separated by commas, IKEv1 only interprets the first subnet of such a definition,
498 1 Martin Willi
     unless the Cisco Unity extension plugin is enabled (available since [[5.0.1]]). 
499 67 Tobias Brunner
500 67 Tobias Brunner
p((. Since [[5.1.0]] the optional part after each subnet enclosed in square brackets specifies a protocol/port to restrict
501 67 Tobias Brunner
     the selector for that subnet. *Examples:* leftsubnet=10.0.0.1[tcp/http],10.0.0.2[6/80] or leftsubnet=fec1::1[udp],10.0.0.0/16[/53].
502 67 Tobias Brunner
     Instead of omitting either value _%any_ can be used to the same effect, e.g. leftsubnet=fec1::1[udp/%any],10.0.0.0/16[%any/53]
503 67 Tobias Brunner
504 67 Tobias Brunner
p((. The port value can alternatively take the value _%opaque_ for RFC 4301 OPAQUE selectors, or a numerical range
505 67 Tobias Brunner
     in the form 1024-65535. None of the kernel backends currently supports opaque or port ranges and uses _%any_
506 67 Tobias Brunner
     for policy installation instead.
507 67 Tobias Brunner
508 67 Tobias Brunner
p((. Instead of specifying a subnet, _%dynamic_ can be used to replace it with the IKE address, having the same effect
509 67 Tobias Brunner
     as omitting _left|rightsubnet_ completely. Using _%dynamic_ can be used to define multiple dynamic selectors,
510 67 Tobias Brunner
     each having a potentially different protocol/port definition.
511 23 Tobias Brunner
512 21 Andreas Steffen
_left|rightupdown = <path>_
513 1 Martin Willi
514 31 Martin Willi
p((. what _updown_ script to run to adjust routing and/or firewalling when the status of the connection
515 1 Martin Willi
     changes (default _ipsec _updown_). Relevant only locally, other end need not agree on it.
516 33 Tobias Brunner
     Charon uses the _updown_ script to insert firewall rules only, since routing has been implemented directly
517 33 Tobias Brunner
     into the daemon.
518 33 Tobias Brunner
519 33 Tobias Brunner
h2. IKEv2 Mediation Extension Parameters
520 33 Tobias Brunner
521 33 Tobias Brunner
The following parameters are relevant to IKEv2 Mediation Extension operation only.
522 33 Tobias Brunner
523 23 Tobias Brunner
_mediation = yes | *no*_
524 23 Tobias Brunner
525 31 Martin Willi
p((. whether this connection is a mediation connection,  ie.  whether this connection is used to mediate other
526 57 Tobias Brunner
     connections.  Mediation connections create no child SA. Acceptable values  are  no (the default) and yes.
527 57 Tobias Brunner
528 57 Tobias Brunner
_mediated_by = <name>_
529 57 Tobias Brunner
530 57 Tobias Brunner
p((. the  name  of the connection to mediate this connection through. If given, the connection will  be  mediated
531 21 Andreas Steffen
     through  the  named mediation  connection.  The mediation connection must set *mediation=yes*.
532 1 Martin Willi
533 31 Martin Willi
_me_peerid = <id>_
534 1 Martin Willi
535 57 Tobias Brunner
p((. ID as which the peer is known to the mediation server, ie. which the  other end of this connection uses as
536 1 Martin Willi
     its leftid on its connection to the mediation server.  This is the ID we request  the mediation server to
537 1 Martin Willi
     mediate us with.  If me_peerid is not given, the rightid of this connection will be used as peer ID.
538 58 Tobias Brunner
539 58 Tobias Brunner
h2. Removed parameters (since 5.0.0)
540 58 Tobias Brunner
541 58 Tobias Brunner
_auth = *esp* | ah_
542 58 Tobias Brunner
543 58 Tobias Brunner
p((. whether authentication should be done as part of ESP encryption, or separately using the AH protocol.
544 58 Tobias Brunner
	Only supported by the IKEv1 daemon pluto.
545 58 Tobias Brunner
546 58 Tobias Brunner
_pfs = *yes* | no_
547 58 Tobias Brunner
548 58 Tobias Brunner
p((. whether _Perfect Forward Secrecy_ of keys is desired on the connection's keying channel (with PFS,
549 58 Tobias Brunner
     penetration of the key-exchange protocol does not compromise keys negotiated earlier). IKEv2 always uses
550 58 Tobias Brunner
     PFS for IKE_SA rekeying whereas for CHILD_SA rekeying PFS is enforced by defining a Diffie-Hellman dhgroup
551 58 Tobias Brunner
     in the _esp_ parameter.  Since [[5.0.0]] the latter also applies to IKEv1 and this parameter has no effect anymore.
552 58 Tobias Brunner
553 58 Tobias Brunner
_pfsgroup = <modp group>_
554 58 Tobias Brunner
555 58 Tobias Brunner
p((. defines a Diffie-Hellman group for _perfect forward secrecy_ in IKEv1 Quick Mode differing from the DH group
556 58 Tobias Brunner
     used for IKEv1 Main Mode (IKEv1 pluto daemon only).
557 58 Tobias Brunner
558 58 Tobias Brunner
_left|rightnexthop = %direct | %defaultroute | <ip address> | <fqdn>_
559 58 Tobias Brunner
560 58 Tobias Brunner
p((. This parameter is usually not needed any more because the NETKEY IPsec stack does not require
561 58 Tobias Brunner
     explicit routing entries for the traffic to be tunneled. If _left|sourceip_ is used with IKEv1
562 58 Tobias Brunner
     then _left|rightnexthop_ must still be set in order for the source routes to work properly.
563 58 Tobias Brunner
564 58 Tobias Brunner
_left|rightsubnetwithin = <ip subnet>_
565 58 Tobias Brunner
566 58 Tobias Brunner
p((. the  peer can propose any subnet or single IP address that fits within the range defined by
567 58 Tobias Brunner
     _left|rightsubnetwithin_.  Is a synonym for _left|rightsubnet_ since [[5.0.0]], as subnets are narrowed.