ipsec.conf: conn Reference » History » Version 79
Tobias Brunner, 27.08.2015 17:23
ID type prefixes in left|rightid clarified
1 | 50 | Tobias Brunner | {{title(ipsec.conf: conn Reference)}} |
---|---|---|---|
2 | 49 | Tobias Brunner | |
3 | 49 | Tobias Brunner | h1. ipsec.conf: conn <name> |
4 | 1 | Martin Willi | |
5 | 44 | Tobias Brunner | {{>toc}} |
6 | 1 | Martin Willi | |
7 | 44 | Tobias Brunner | h2. General Connection Parameters |
8 | 21 | Andreas Steffen | |
9 | 36 | Andreas Steffen | _aaa_identity = <id>_ |
10 | 36 | Andreas Steffen | |
11 | 36 | Andreas Steffen | p((. defines the identity of the AAA backend used during IKEv2 EAP authentication. This is required if |
12 | 36 | Andreas Steffen | the EAP client uses a method that verifies the server identity (such as EAP-TLS), but it does not |
13 | 36 | Andreas Steffen | match the IKEv2 gateway identity. |
14 | 36 | Andreas Steffen | |
15 | 68 | Tobias Brunner | _ah = <cipher suites>_ |
16 | 68 | Tobias Brunner | |
17 | 68 | Tobias Brunner | p((. comma-separated list of AH algorithms to be used for the connection, e.g. _sha1-sha256-modp1024_. |
18 | 68 | Tobias Brunner | The notation is integrity[-dhgroup]. For IKEv2, multiple algorithms (separated by -) of the same type |
19 | 68 | Tobias Brunner | can be included in a single proposal. IKEv1 only includes the first algorithm in a proposal. |
20 | 68 | Tobias Brunner | Only either the *ah* or the *esp* keyword may be used, AH+ESP bundles are not supported. |
21 | 68 | Tobias Brunner | |
22 | 76 | Tobias Brunner | p((. There is no default AH cipher suite since by default ESP is used. The daemon adds its extensive default |
23 | 76 | Tobias Brunner | proposal to the configured value. To restrict it to the configured proposal an exclamation mark (!) can |
24 | 76 | Tobias Brunner | be added at the end. |
25 | 68 | Tobias Brunner | *Note:* As a responder the daemon accepts the first supported proposal received from the peer. In order |
26 | 68 | Tobias Brunner | to restrict a responder to only accept specific cipher suites, the strict flag (!, exclamation mark) |
27 | 68 | Tobias Brunner | can be used, e.g: sha256-sha512-modp2048! |
28 | 68 | Tobias Brunner | |
29 | 68 | Tobias Brunner | p((. If dh-group is specified, CHILD_SA/Quick Mode setup and rekeying include a separate Diffe-Hellman exchange. |
30 | 68 | Tobias Brunner | |
31 | 68 | Tobias Brunner | p((. Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords. |
32 | 68 | Tobias Brunner | |
33 | 68 | Tobias Brunner | p((. Available since [[5.1.1]]. |
34 | 68 | Tobias Brunner | |
35 | 58 | Tobias Brunner | _aggressive = yes | *no*_ |
36 | 58 | Tobias Brunner | |
37 | 58 | Tobias Brunner | p((. whether to use IKEv1 Aggressive or Main Mode (the default). Available since [[5.0.0]]. |
38 | 58 | Tobias Brunner | |
39 | 31 | Martin Willi | _also = <section name>_ |
40 | 1 | Martin Willi | |
41 | 57 | Tobias Brunner | p((. includes conn section <name>. |
42 | 1 | Martin Willi | |
43 | 58 | Tobias Brunner | _authby = *pubkey* | rsasig | ecdsasig | psk | secret | xauthrsasig | xauthpsk | never_ |
44 | 24 | Andreas Steffen | |
45 | 31 | Martin Willi | p((. how the two security gateways should authenticate each other; acceptable values are *secret* or *psk* |
46 | 58 | Tobias Brunner | for pre-shared secrets, *pubkey* (the default) for public key signatures as well as the synonyms *rsasig* |
47 | 58 | Tobias Brunner | for RSA digital signatures and *ecdsasig* for Elliptic Curve DSA signatures. |
48 | 58 | Tobias Brunner | *never* can be used if negotiation is never to be attempted or accepted (useful for shunt-only conns). |
49 | 58 | Tobias Brunner | Digital signatures are superior in every way to shared secrets. IKEv1 additionally supports the values |
50 | 58 | Tobias Brunner | *xauthpsk* and *xauthrsasig* that will enable _eXtended Authentication (XAuth)_ in addition to IKEv1 main |
51 | 58 | Tobias Brunner | mode based on shared secrets or digital RSA signatures, respectively. |
52 | 58 | Tobias Brunner | This parameter is deprecated for IKEv2 connections (and IKEv1 connections since [[5.0.0]]), as two peers |
53 | 58 | Tobias Brunner | do not need to agree on an authentication method. Use the _left|rightauth_ parameter instead to define |
54 | 58 | Tobias Brunner | authentication methods. |
55 | 1 | Martin Willi | |
56 | 31 | Martin Willi | _auto = *ignore* | add | route | start_ |
57 | 23 | Tobias Brunner | |
58 | 1 | Martin Willi | p((. what operation, if any, should be done automatically at IPsec startup. *add* loads a connection without |
59 | 21 | Andreas Steffen | starting it. *route* loads a connection and installs kernel traps. If traffic is detected between |
60 | 21 | Andreas Steffen | _leftsubnet_ and _rightsubnet_, a connection is established. *start* loads a connection and brings |
61 | 58 | Tobias Brunner | it up immediately. *ignore* ignores the connection. This is equal to deleting a connection from the config |
62 | 57 | Tobias Brunner | file. Relevant only locally, other end need not agree on it. |
63 | 1 | Martin Willi | |
64 | 23 | Tobias Brunner | _closeaction = *none* | clear | hold | restart_ |
65 | 47 | Tobias Brunner | |
66 | 47 | Tobias Brunner | p((. defines the action to take if the remote peer unexpectedly closes a CHILD_SA (IKEv2 only, see _dpdaction_ for |
67 | 47 | Tobias Brunner | meaning of values). A _closeaction_ should not be used if the peer uses reauthentication or uniqueids checking, |
68 | 57 | Tobias Brunner | as these events might trigger the defined action when not desired. |
69 | 47 | Tobias Brunner | |
70 | 23 | Tobias Brunner | _compress = yes | *no*_ |
71 | 31 | Martin Willi | |
72 | 23 | Tobias Brunner | p((. whether IPComp compression of content is proposed on the connection (link-level compression does not work on |
73 | 57 | Tobias Brunner | encrypted data, so to be effective, compression must be done before encryption). A value of *yes* causes the daemon |
74 | 57 | Tobias Brunner | to propose both compressed and uncompressed, and prefer compressed. A value of *no* prevents the daemon from proposing or accepting compression. |
75 | 1 | Martin Willi | |
76 | 21 | Andreas Steffen | _dpdaction = *none* | clear | hold | restart_ |
77 | 21 | Andreas Steffen | |
78 | 21 | Andreas Steffen | p((. controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages |
79 | 1 | Martin Willi | (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the |
80 | 1 | Martin Willi | IPsec peer. The values *clear*, *hold*, and *restart* all activate DPD. If no activity is detected, |
81 | 1 | Martin Willi | all connections with a dead peer are stopped and unrouted (*clear*), put in the hold state (*hold*) |
82 | 57 | Tobias Brunner | or restarted (*restart*). The default is *none* which disables the active sending of DPD messages. |
83 | 21 | Andreas Steffen | |
84 | 21 | Andreas Steffen | _dpddelay = *30s* | <time>_ |
85 | 41 | Tobias Brunner | |
86 | 1 | Martin Willi | p((. defines the period time interval with which R_U_THERE messages/INFORMATIONAL exchanges are sent to the peer. |
87 | 31 | Martin Willi | These are only sent if no other traffic is received. In IKEv2, a value of 0 sends no additional INFORMATIONAL |
88 | 1 | Martin Willi | messages and uses only standard messages (such as those to rekey) to detect dead peers. |
89 | 30 | Martin Willi | |
90 | 31 | Martin Willi | _dpdtimeout = *150s* | <time>_ |
91 | 30 | Martin Willi | |
92 | 54 | Andreas Steffen | p((. defines the timeout interval, after which all connections to a peer are deleted in case of inactivity. |
93 | 23 | Tobias Brunner | This only applies to IKEv1, in IKEv2 the default [[Retransmission|retransmission timeout]] applies, as every exchange is used to |
94 | 41 | Tobias Brunner | detect dead peers. |
95 | 1 | Martin Willi | |
96 | 1 | Martin Willi | _inactivity = <time>_ |
97 | 65 | Andreas Steffen | |
98 | 1 | Martin Willi | p((. defines the timeout interval, after which a CHILD_SA is closed if it did not send or receive any traffic. |
99 | 41 | Tobias Brunner | Not supported for IKEv1 connections prior to [[5.0.0]]. |
100 | 1 | Martin Willi | |
101 | 23 | Tobias Brunner | _eap_identity = <id>_ |
102 | 1 | Martin Willi | |
103 | 31 | Martin Willi | p((. defines the identity the client uses to reply to an EAP Identity request. If defined on the EAP server, the defined |
104 | 23 | Tobias Brunner | identity will be used as peer identity during EAP authentication. The special value _%identity_ uses the EAP Identity method |
105 | 14 | Martin Willi | to ask the client for a EAP identity. If not defined, the IKEv2 identity will be used as EAP identity. |
106 | 1 | Martin Willi | |
107 | 1 | Martin Willi | _esp = <cipher suites>_ |
108 | 57 | Tobias Brunner | |
109 | 48 | Tobias Brunner | p((. comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g. |
110 | 1 | Martin Willi | _aes128-sha256_. The notation is _encryption-integrity[-dhgroup][-esnmode]_. |
111 | 68 | Tobias Brunner | For IKEv2, multiple algorithms (separated by -) of the same type can be included in a single proposal. |
112 | 68 | Tobias Brunner | IKEv1 only includes the first algorithm in a proposal. Only either the *ah* or the *esp* keyword may |
113 | 68 | Tobias Brunner | be used, AH+ESP bundles are not supported. |
114 | 68 | Tobias Brunner | |
115 | 68 | Tobias Brunner | p((. Defaults to *aes128-sha1,3des-sha1*. The daemon adds its extensive default proposal to |
116 | 51 | Tobias Brunner | this default or the configured value. To restrict it to the configured proposal an exclamation mark (*!*) |
117 | 48 | Tobias Brunner | can be added at the end. |
118 | 58 | Tobias Brunner | *Note*: As a responder both daemons accept the first supported proposal received from the peer. In order |
119 | 1 | Martin Willi | to restrict a responder to only accept specific cipher suites, the strict flag (*!*, exclamation mark) |
120 | 1 | Martin Willi | can be used, e.g: _aes256-sha512-modp4096!_ |
121 | 68 | Tobias Brunner | |
122 | 68 | Tobias Brunner | p((. If _dh-group_ is specified, CHILD_SA setup and rekeying include a separate Diffe-Hellman exchange (since |
123 | 58 | Tobias Brunner | [[5.0.0]] this also applies to IKEv1 Quick Mode). |
124 | 68 | Tobias Brunner | |
125 | 68 | Tobias Brunner | p((. Valid values for _esnmode_ (IKEv2 only) are _esn_ and _noesn_. Specifying both negotiates extended sequence |
126 | 48 | Tobias Brunner | number support with the peer, the default is *noesn*. |
127 | 1 | Martin Willi | |
128 | 68 | Tobias Brunner | p((. Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords. |
129 | 68 | Tobias Brunner | |
130 | 1 | Martin Willi | _forceencaps = yes | *no*_ |
131 | 48 | Tobias Brunner | |
132 | 48 | Tobias Brunner | p((. force UDP encapsulation for ESP packets even if no NAT situation is detected. |
133 | 43 | Tobias Brunner | This may help to surmount restrictive firewalls. In order to force the peer to |
134 | 57 | Tobias Brunner | encapsulate packets, NAT detection payloads are faked. |
135 | 65 | Andreas Steffen | Not supported for IKEv1 connections prior to [[5.0.0]]. |
136 | 1 | Martin Willi | |
137 | 60 | Tobias Brunner | _fragmentation = yes | force | *no*_ |
138 | 60 | Tobias Brunner | |
139 | 74 | Tobias Brunner | p((. whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2 fragmentation as per "RFC 7383":http://tools.ietf.org/html/rfc7383). |
140 | 74 | Tobias Brunner | Fragmented messages sent by a peer are always accepted irrespective of the value of this option. |
141 | 74 | Tobias Brunner | If set to *yes* and the peer supports it, larger IKE messages will be sent in fragments (the maximum fragment size |
142 | 74 | Tobias Brunner | can be configured in [[strongswan.conf]]). If set to *force* (only supported for IKEv1) the initial IKE message will already |
143 | 74 | Tobias Brunner | be fragmented if required. |
144 | 74 | Tobias Brunner | Available for IKEv1 connections since version:5.0.2 and for IKEv2 connections since version:5.2.1. |
145 | 60 | Tobias Brunner | |
146 | 31 | Martin Willi | _ike = <cipher suites>_ |
147 | 1 | Martin Willi | |
148 | 1 | Martin Willi | p((. comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms to be used, e.g. |
149 | 59 | Tobias Brunner | _aes128-sha1-modp2048_. The notation is _encryption-integrity[-prf]-dhgroup_. In IKEv2, multiple algorithms |
150 | 1 | Martin Willi | and proposals may be included, such as _aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1024_. |
151 | 59 | Tobias Brunner | |
152 | 59 | Tobias Brunner | p((. The ability to configure a PRF algorithm different to that defined for integrity protection was added with [[5.0.2]]. |
153 | 59 | Tobias Brunner | If no PRF is configured, the algorithms defined for integrity are proposed as PRF. The prf keywords are the same as |
154 | 59 | Tobias Brunner | the integrity algorithms, but have a _prf_ prefix (such as _prfsha1_, _prfsha256_ or _prfaesxcbc_). |
155 | 59 | Tobias Brunner | |
156 | 59 | Tobias Brunner | p((. Defaults to *aes128-sha1-modp2048,3des-sha1-modp1536* for IKEv1. The daemon adds its extensive default proposal |
157 | 59 | Tobias Brunner | to this default or the configured value. To restrict it to the configured proposal an exclamation mark (*!*) can be added at the end. |
158 | 59 | Tobias Brunner | Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords. |
159 | 59 | Tobias Brunner | |
160 | 59 | Tobias Brunner | p((. *Note*: As a responder both daemons accept the first supported proposal received from the peer. In order |
161 | 51 | Tobias Brunner | to restrict a responder to only accept specific cipher suites, the strict flag (*!*, exclamation mark) |
162 | 48 | Tobias Brunner | can be used, e.g: _aes256-sha512-modp4096!_ |
163 | 51 | Tobias Brunner | |
164 | 62 | Tobias Brunner | _ikedscp = *000000* | <DSCP field>_ |
165 | 62 | Tobias Brunner | |
166 | 62 | Tobias Brunner | p((. Differentiated Services Field Codepoint to set on outgoing IKE packets sent |
167 | 62 | Tobias Brunner | from this connection. The value is a six digit binary encoded string defining |
168 | 62 | Tobias Brunner | the Codepoint to set, as defined in "RFC 2474":http://tools.ietf.org/html/rfc2474. |
169 | 62 | Tobias Brunner | |
170 | 48 | Tobias Brunner | _ikelifetime = *3h* | <time>_ |
171 | 43 | Tobias Brunner | |
172 | 58 | Tobias Brunner | p((. how long the keying channel of a connection (_ISAKMP or IKE SA_) should last before being renegotiated. |
173 | 58 | Tobias Brunner | Also see [[ExpiryRekey|Expiry and Rekey]]. |
174 | 31 | Martin Willi | |
175 | 40 | Tobias Brunner | _installpolicy = *yes* | no_ |
176 | 1 | Martin Willi | |
177 | 58 | Tobias Brunner | p((. decides whether IPsec policies are installed in the kernel by the charon daemon for a given connection. |
178 | 31 | Martin Willi | Allows peaceful cooperation e.g. with the Mobile IPv6 _mip6d_ daemon who wants to control the kernel policies. |
179 | 23 | Tobias Brunner | |
180 | 21 | Andreas Steffen | _keyexchange = *ike* | ikev1 | ikev2_ |
181 | 1 | Martin Willi | |
182 | 23 | Tobias Brunner | p((. method of key exchange; which protocol should be used to initialize the connection. |
183 | 58 | Tobias Brunner | Prior to [[5.0.0]] connections marked with *ikev1* were initiated with Pluto, those marked with *ikev2* with Charon. |
184 | 58 | Tobias Brunner | An incoming request from the remote peer was handled by the correct daemon, unaffected from the _keyexchange_ setting. |
185 | 57 | Tobias Brunner | Starting with strongSwan [[4.5.0]] the default value *ike* is a synonym for *ikev2*, whereas in older strongSwan releases *ikev1* was assumed. |
186 | 57 | Tobias Brunner | Since [[5.0.0]] both protocols are handled by Charon and connections marked with *ike* will use IKEv2 when initiating, but accept any protocol version when responding. |
187 | 38 | Andreas Steffen | |
188 | 38 | Andreas Steffen | _keyingtries = *3* | <number> | %forever_ |
189 | 20 | Andreas Steffen | |
190 | 45 | Tobias Brunner | p((. how many attempts (a positive integer or _%forever_) should be made to negotiate a connection, or a replacement |
191 | 31 | Martin Willi | for one, before giving up (default 3). The value _%forever_ means 'never give up'. Relevant only locally, other end need |
192 | 46 | Daniel Mentz | not agree on it. |
193 | 45 | Tobias Brunner | |
194 | 1 | Martin Willi | _keylife_ |
195 | 26 | Tobias Brunner | |
196 | 31 | Martin Willi | p((. synonym for _lifetime_. |
197 | 26 | Tobias Brunner | |
198 | 26 | Tobias Brunner | _lifebytes = <number>_ |
199 | 31 | Martin Willi | |
200 | 65 | Andreas Steffen | p((. the number of bytes transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to [[5.0.0]]. |
201 | 26 | Tobias Brunner | |
202 | 26 | Tobias Brunner | _lifepackets = <number>_ |
203 | 1 | Martin Willi | |
204 | 65 | Andreas Steffen | p((. the number of packets transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to [[5.0.0]]. |
205 | 1 | Martin Willi | |
206 | 31 | Martin Willi | _lifetime = *1h* | <time>_ |
207 | 26 | Tobias Brunner | |
208 | 31 | Martin Willi | p((. how long a particular instance of a connection (a set of encryption/authentication keys for user packets) |
209 | 1 | Martin Willi | should last, from successful negotiation to expiry; acceptable values are an integer optionally followed by |
210 | 1 | Martin Willi | _s_ (a time in seconds) or a decimal number followed by _m_, _h_, or _d_ (a time in minutes, hours, |
211 | 21 | Andreas Steffen | or days respectively) (default _1h_, maximum _24h_). Normally, the connection is renegotiated (via the |
212 | 1 | Martin Willi | keying channel) before it expires (see _margintime_). The two ends need not exactly agree on _lifetime_, although if they |
213 | 1 | Martin Willi | do not, there will be some clutter of superseded connections on the end which thinks the lifetime is longer. |
214 | 1 | Martin Willi | Also see [[ExpiryRekey|Expiry and Rekey]]. |
215 | 40 | Tobias Brunner | |
216 | 1 | Martin Willi | _marginbytes = <number>_ |
217 | 26 | Tobias Brunner | |
218 | 57 | Tobias Brunner | p((. how many bytes before IPsec SA expiry (see _lifebytes_) should attempts to negotiate a replacement begin. |
219 | 26 | Tobias Brunner | |
220 | 26 | Tobias Brunner | _marginpackets = <number>_ |
221 | 26 | Tobias Brunner | |
222 | 57 | Tobias Brunner | p((. how many packets before IPsec SA expiry (see _lifepackets_) should attempts to negotiate a replacement begin. |
223 | 26 | Tobias Brunner | |
224 | 40 | Tobias Brunner | _margintime = *9m* | <time>_ |
225 | 1 | Martin Willi | |
226 | 1 | Martin Willi | p((. how long before connection expiry or keying-channel expiry should attempts to negotiate a replacement begin; acceptable values |
227 | 26 | Tobias Brunner | as for _lifetime_ (default _9m_). Relevant only locally, other end need not agree on it. Also see [[ExpiryRekey|Expiry and Rekey]]. |
228 | 35 | Andreas Steffen | |
229 | 35 | Andreas Steffen | _mark = <value>[/<mask>]_ |
230 | 37 | Tobias Brunner | |
231 | 35 | Andreas Steffen | p((. sets an XFRM mark in the inbound and outbound IPsec SAs and policies. If the mask is missing then |
232 | 75 | Tobias Brunner | a default mask of *0xffffffff* is assumed. Since version:5.3.0 the special value *%unique* assigns a unique |
233 | 75 | Tobias Brunner | value to each newly created IPsec SA (used e.g. in combination with the [[forecast]] or [[connmark]] plugins). |
234 | 35 | Andreas Steffen | |
235 | 57 | Tobias Brunner | _mark_in = <value>[/<mask>]_ |
236 | 1 | Martin Willi | |
237 | 1 | Martin Willi | p((. sets an XFRM mark in the inbound IPsec SA and policy. If the mask is missing then |
238 | 57 | Tobias Brunner | a default mask of *0xffffffff* is assumed. |
239 | 57 | Tobias Brunner | |
240 | 39 | Gerd v. Egidy | _mark_out = <value>[/<mask>]_ |
241 | 35 | Andreas Steffen | |
242 | 1 | Martin Willi | p((. sets an XFRM mark in the outbound IPsec SA and policy. If the mask is missing then |
243 | 23 | Tobias Brunner | a default mask of *0xffffffff* is assumed. |
244 | 31 | Martin Willi | |
245 | 21 | Andreas Steffen | _mobike = *yes* | no_ |
246 | 1 | Martin Willi | |
247 | 1 | Martin Willi | p((. enables the IKEv2 [[MobIke|MOBIKE]] protocol defined by RFC 4555. If set to *no*, the charon |
248 | 23 | Tobias Brunner | daemon will not actively propose [[MobIke|MOBIKE]] as initiator and ignore the MOBIKE_SUPPORTED |
249 | 31 | Martin Willi | notify as responder. |
250 | 23 | Tobias Brunner | |
251 | 57 | Tobias Brunner | _modeconfig = push | *pull*_ |
252 | 21 | Andreas Steffen | |
253 | 1 | Martin Willi | p((. defines which mode is used to assign a virtual IP. Currently relevant for IKEv1 only since IKEv2 always uses |
254 | 1 | Martin Willi | the configuration payload in *pull* mode. Cisco VPN gateways usually operate in *push* mode. |
255 | 70 | Tobias Brunner | In versions prior to [[5.1.1]] the charon daemon did not support *push* mode. |
256 | 57 | Tobias Brunner | |
257 | 21 | Andreas Steffen | _reauth = *yes* | no_ |
258 | 31 | Martin Willi | |
259 | 20 | Andreas Steffen | p((. whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. |
260 | 1 | Martin Willi | In IKEv2, a value of *no* rekeys without uninstalling the IPsec SAs, a value of *yes* (the default) |
261 | 23 | Tobias Brunner | creates a new IKE_SA from scratch and tries to recreate all IPsec SAs. |
262 | 23 | Tobias Brunner | |
263 | 1 | Martin Willi | _rekey = *yes* | no_ |
264 | 1 | Martin Willi | |
265 | 1 | Martin Willi | p((. whether a connection should be renegotiated when it is about to expire. The two ends need not agree, but |
266 | 1 | Martin Willi | while a value of no prevents the daemon from requesting renegotiation, it does not prevent responding |
267 | 58 | Tobias Brunner | to renegotiation requested from the other end, so no will be largely ineffective unless both ends agree on it. |
268 | 58 | Tobias Brunner | Also see _reauth_. |
269 | 1 | Martin Willi | |
270 | 1 | Martin Willi | _rekeyfuzz = *100%* | <percentage>_ |
271 | 1 | Martin Willi | |
272 | 31 | Martin Willi | p((. maximum percentage by which _marginbytes_, _marginpackets_ and _margintime_ should be randomly increased to randomize |
273 | 1 | Martin Willi | rekeying intervals (important for hosts with many connections); acceptable values are an integer, which may exceed 100, |
274 | 4 | Martin Willi | followed by a '%' . |
275 | 77 | Juergen Seifert | The value of _marginTYPE_, after this random increase, must not exceed _lifeTYPE_ (where TYPE is one of bytes, packets or time). |
276 | 31 | Martin Willi | The value _0%_ will suppress randomization. Relevant only locally, other end need not agree on it. |
277 | 1 | Martin Willi | Also see [[ExpiryRekey|Expiry and Rekey]]. |
278 | 1 | Martin Willi | |
279 | 1 | Martin Willi | _rekeymargin_ |
280 | 1 | Martin Willi | |
281 | 1 | Martin Willi | p((. synonym for _margintime_. |
282 | 1 | Martin Willi | |
283 | 71 | Tobias Brunner | _replay_window = -1 | <number>_ |
284 | 71 | Tobias Brunner | |
285 | 71 | Tobias Brunner | p((. The IPsec replay window size for this connection. With the default of -1 the value configured with _charon.replay_window_ in |
286 | 71 | Tobias Brunner | [[strongswan.conf]] is used. Larger values than 32 are supported using the Netlink backend only, a value of 0 disables IPsec |
287 | 71 | Tobias Brunner | replay protection. Available since [[5.2.0]]. |
288 | 71 | Tobias Brunner | |
289 | 1 | Martin Willi | _reqid = <number>_ |
290 | 57 | Tobias Brunner | |
291 | 26 | Tobias Brunner | p((. sets the reqid for a given connection to a pre-configured fixed value. |
292 | 57 | Tobias Brunner | |
293 | 1 | Martin Willi | _tfc = <value>_ |
294 | 57 | Tobias Brunner | |
295 | 57 | Tobias Brunner | p((. number of bytes to pad ESP payload data to. Traffic Flow Confidentiality is currently supported in IKEv2 and applies to outgoing packets only. The special value %mtu fills up ESP packets with padding to have the size of the MTU. |
296 | 57 | Tobias Brunner | |
297 | 57 | Tobias Brunner | _type = *tunnel* | transport | transport_proxy | passthrough | drop_ |
298 | 1 | Martin Willi | |
299 | 1 | Martin Willi | p((. the type of the connection; currently the accepted values are *tunnel*, signifying a host-to-host, |
300 | 1 | Martin Willi | host-to-subnet, or subnet-to-subnet tunnel; *transport*, signifying host-to-host transport mode; |
301 | 31 | Martin Willi | *transport_proxy*, signifying the special Mobile IPv6 transport proxy mode; |
302 | 23 | Tobias Brunner | *passthrough*, signifying that no IPsec processing should be done at all; *drop*, signifying that packets |
303 | 41 | Tobias Brunner | should be discarded. |
304 | 34 | Tobias Brunner | |
305 | 57 | Tobias Brunner | _xauth = *client* | server_ |
306 | 21 | Andreas Steffen | |
307 | 1 | Martin Willi | p((. specifies the role in the XAuth protocol if activated by _authby=xauthpsk_ or _authby=xauthrsasig_. |
308 | 21 | Andreas Steffen | |
309 | 23 | Tobias Brunner | _xauth_identity = <id>_ |
310 | 20 | Andreas Steffen | |
311 | 53 | Tobias Brunner | p((. defines the identity/username the client uses to reply to an XAuth request. If not defined, the IKEv1 identity will be used as XAuth identity. |
312 | 23 | Tobias Brunner | |
313 | 20 | Andreas Steffen | h2. left|right End Parameters |
314 | 1 | Martin Willi | |
315 | 1 | Martin Willi | Connection descriptions are defined in terms of a left endpoint and a right endpoint. For example, the |
316 | 1 | Martin Willi | two parameters leftid and rightid specify the identity of the left and the right endpoint. For every |
317 | 52 | Tobias Brunner | connection description an attempt is made to figure out whether the local endpoint should act as the left or |
318 | 52 | Tobias Brunner | the right endpoint. This is done by matching the IP addresses defined for both endpoints with the |
319 | 1 | Martin Willi | IP addresses assigned to local network interfaces. If a match is found then the role (left or right) that |
320 | 1 | Martin Willi | matches is going to be considered "local". If no match is found during startup, "left" is considered "local". |
321 | 1 | Martin Willi | |
322 | 70 | Tobias Brunner | _left|right = <ip address> | <fqdn> | *%any* | range | subnet_ |
323 | 52 | Tobias Brunner | |
324 | 70 | Tobias Brunner | p((. The IP address of the participant's public-network interface or one of several magic values. |
325 | 57 | Tobias Brunner | The value _%any_ for the local endpoint signifies an address to be filled in |
326 | 52 | Tobias Brunner | (by automatic keying) during negotiation. If the local peer initiates the connection setup the routing table |
327 | 23 | Tobias Brunner | will be queried to determine the correct local IP address. In case the local peer is responding to a connection |
328 | 1 | Martin Willi | setup then any IP address that is assigned to a local interface will be accepted. |
329 | 1 | Martin Willi | |
330 | 58 | Tobias Brunner | p((. Prior to [[5.0.0]] specifying _%%any_ for the local endpoint was not supported for IKEv1 connections, instead |
331 | 58 | Tobias Brunner | the keyword _%%defaultroute_ could be used, causing the value to be filled in automatically with the local |
332 | 58 | Tobias Brunner | address of the default-route interface (as determined at IPsec startup time and during configuration |
333 | 57 | Tobias Brunner | update). Either left or right may be _%defaultroute_, but not both. |
334 | 57 | Tobias Brunner | |
335 | 1 | Martin Willi | p((. The prefix % in front of a fully-qualified domain name or an IP address will implicitly set _left|rightallowany=yes_. |
336 | 1 | Martin Willi | |
337 | 1 | Martin Willi | p((. If _%any_ is used for the remote endpoint it literally means any IP address. |
338 | 70 | Tobias Brunner | |
339 | 70 | Tobias Brunner | p((. Since [[5.1.1]] connections can be limited to a specific range of hosts. To do so a range (10.1.0.0-10.2.255.255) |
340 | 70 | Tobias Brunner | or a subnet (10.1.0.0/16) can be specified, and multiple addresses, ranges and subnets can be separated by commas. |
341 | 70 | Tobias Brunner | While one can freely combine these items, to initiate the connection at least one non-range/subnet is required. |
342 | 1 | Martin Willi | |
343 | 31 | Martin Willi | p((. Please note that with the usage of wildcards multiple connection descriptions might match a given incoming |
344 | 33 | Tobias Brunner | connection attempt. The most specific description is used in that case. |
345 | 33 | Tobias Brunner | |
346 | 33 | Tobias Brunner | _left|rightallowany = yes | *no*_ |
347 | 1 | Martin Willi | |
348 | 29 | Daniel Mentz | p((. a modifier for _left|right_, making it behave as _%any_ although a concrete IP address has been |
349 | 1 | Martin Willi | assigned. Recommended for dynamic IP addresses that can be resolved by DynDNS at IPsec startup or update time. |
350 | 1 | Martin Willi | |
351 | 1 | Martin Willi | _left|rightauth = <auth method>_ |
352 | 1 | Martin Willi | |
353 | 1 | Martin Willi | p((. Authentication method to use locally (left) or require from the remote (right) side. Acceptable values are *pubkey* |
354 | 1 | Martin Willi | for public key encryption (RSA/ECDSA), *psk* for pre-shared key authentication, *eap* to [require the] use of the Extensible Authentication Protocol, and *xauth* for IKEv1 eXtended Authentication. |
355 | 75 | Tobias Brunner | |
356 | 75 | Tobias Brunner | p((. To require a trustchain public key strength for the remote side, specify the key type followed |
357 | 75 | Tobias Brunner | by the minimum strength in bits (for example *ecdsa-384* or *rsa-2048-ecdsa-256*). |
358 | 1 | Martin Willi | To limit the acceptable set of hashing algorithms for trustchain validation, append hash algorithms |
359 | 1 | Martin Willi | to *pubkey* or a key strength definition (for example *pubkey-sha1-sha256* or *rsa-2048-ecdsa-256-sha256-sha384-sha512*). |
360 | 75 | Tobias Brunner | Since version:5.3.0 and unless disabled in [[strongswan.conf]] such key types and hash algorithms are also |
361 | 75 | Tobias Brunner | applied as constraints against IKEv2 signature authentication schemes used by the remote side. |
362 | 75 | Tobias Brunner | |
363 | 75 | Tobias Brunner | p((. Since version:5.3.0 and if both peers support "RFC 7427":http://tools.ietf.org/html/rfc7427 ("Signature Authentication in IKEv2") specific hash |
364 | 75 | Tobias Brunner | algorithms to be used during IKEv2 authentication may be configured. The syntax is the same as above. |
365 | 75 | Tobias Brunner | For example, with pubkey-sha384-sha256 a public key signature scheme with either SHA-384 or SHA-256 |
366 | 75 | Tobias Brunner | would get used for authentication, in that order and depending on the hash algorithms supported by the peer. |
367 | 75 | Tobias Brunner | If no specific hash algorithms are configured, the default is to prefer an algorithm that matches or exceeds |
368 | 75 | Tobias Brunner | the strength of the signature key. |
369 | 75 | Tobias Brunner | |
370 | 75 | Tobias Brunner | p((. In the case of *eap*, an optional EAP method can be appended. Currently defined methods are *eap-aka*, |
371 | 1 | Martin Willi | *eap-gtc*, *eap-md5*, *eap-mschapv2*, *eap-peap*, *eap-sim*, *eap-tls*, *eap-ttls*, *eap-dynamic*, and *eap-radius*. |
372 | 75 | Tobias Brunner | Alternatively, IANA assigned EAP method numbers are accepted. Vendor specific EAP methods are defined |
373 | 75 | Tobias Brunner | in the form *eap-type-vendor* (e.g. *eap-7-12345*). |
374 | 75 | Tobias Brunner | Since version:5.3.0 signature and trust chain constraints for EAP-(T)TLS may be defined. To do so, append a |
375 | 75 | Tobias Brunner | colon to the EAP method, followed by the key type/size and hash algorithm as discussed above. |
376 | 75 | Tobias Brunner | For *xauth*, an XAuth authentication backend can be specified, such as *xauth-generic* or *xauth-eap*. |
377 | 75 | Tobias Brunner | If XAuth is used in _leftauth_, Hybrid authentication is used. For traditional XAuth authentication, define XAuth in _leftauth2_. |
378 | 1 | Martin Willi | |
379 | 57 | Tobias Brunner | p((. Not supported for IKEv1 connections prior to [[5.0.0]]. |
380 | 27 | Daniel Mentz | |
381 | 33 | Tobias Brunner | |
382 | 58 | Tobias Brunner | _left|rightauth2 = <auth method>_ |
383 | 58 | Tobias Brunner | |
384 | 58 | Tobias Brunner | p((. Same as _left|rightauth_, but defines an additional authentication exchange. In IKEv1, only XAuth can be used |
385 | 57 | Tobias Brunner | in the second authentication round. IKEv2 supports multiple complete authentication rounds using |
386 | 66 | Andreas Steffen | _Multiple Authentication Exchanges_ defined in "RFC 4739":http://tools.ietf.org/html/rfc4739. This allows e.g. a separate authentication of host and user. |
387 | 7 | Martin Willi | |
388 | 31 | Martin Willi | p((. Not supported for IKEv1 connections prior to [[5.0.0]]. |
389 | 57 | Tobias Brunner | |
390 | 23 | Tobias Brunner | |
391 | 57 | Tobias Brunner | _left|rightca = <issuer dn> | %same_ |
392 | 57 | Tobias Brunner | |
393 | 58 | Tobias Brunner | p((. the distinguished name of a certificate authority which is required to lie in the trust path going from the |
394 | 56 | Andreas Steffen | _left|right_ participant's certificate up to the root certification authority. |
395 | 1 | Martin Willi | *%same* means that the value configured for the other participant should be reused. |
396 | 56 | Andreas Steffen | |
397 | 23 | Tobias Brunner | _left|rightca2 = <issuer dn> | %same_ |
398 | 21 | Andreas Steffen | |
399 | 1 | Martin Willi | p((. Same as _left|rightca_ but for the second authentication (IKev2 only). |
400 | 1 | Martin Willi | |
401 | 1 | Martin Willi | _left|rightcert = <path>_ |
402 | 1 | Martin Willi | |
403 | 23 | Tobias Brunner | p((. the path to the left|right participant's X.509 certificate. The file can be coded either in PEM or DER format. |
404 | 58 | Tobias Brunner | OpenPGP certificates are supported as well. Both absolute paths or paths relative to |
405 | 58 | Tobias Brunner | [[IpsecDirectoryCerts|/etc/ipsec.d/certs]] are accepted. By default _left|rightcert_ sets _left|rightid_ |
406 | 31 | Martin Willi | to the distinguished name of the certificate's subject. The _left|right_ participant's ID can be overridden |
407 | 61 | Tobias Brunner | by specifying a _left|rightid_ value which must be certified by the certificate, though. |
408 | 61 | Tobias Brunner | |
409 | 61 | Tobias Brunner | p((. Since [[5.0.2]] certificates can be configured in the form _%smartcard[<slot nr>[@<module>]]:<keyid>_, which |
410 | 61 | Tobias Brunner | defines a specific certificate to load from a PKCS#11 backend for this connection (e.g. via the [[PKCS11Plugin|pkcs11 plugin]]). |
411 | 61 | Tobias Brunner | See [[PinSecret|ipsec.secrets]] for details about smartcard definitions. |
412 | 61 | Tobias Brunner | Defining a certificate on a smartcard with _left|rightcert_ is only required if the automatic selection via _left|rightid_ |
413 | 64 | Tobias Brunner | is not sufficient, for example, if multiple certificates use the same subject. |
414 | 64 | Tobias Brunner | |
415 | 64 | Tobias Brunner | p((. Since [[5.0.3]] multiple certificate paths or PKCS#11 backends can be specified in a comma separated list. |
416 | 64 | Tobias Brunner | The daemon chooses the certificate based on the received certificate requests, if possible, before enforcing |
417 | 23 | Tobias Brunner | the first. |
418 | 23 | Tobias Brunner | |
419 | 57 | Tobias Brunner | _left|rightcert2 = <path>_ |
420 | 21 | Andreas Steffen | |
421 | 1 | Martin Willi | p((. Same as _left|rightcert_ but for the second authentication round (IKEv2 only). |
422 | 33 | Tobias Brunner | |
423 | 7 | Martin Willi | _left|rightcertpolicy = <OIDs>_ |
424 | 66 | Andreas Steffen | |
425 | 1 | Martin Willi | p((. Comma separated list of certificate policy OIDs the peer's certificate must have. |
426 | 58 | Tobias Brunner | OIDs are specified using the numerical dotted representation. Not supported for IKEv1 connections prior to [[5.0.0]]. |
427 | 58 | Tobias Brunner | |
428 | 58 | Tobias Brunner | _left|rightdns = <servers>_ |
429 | 58 | Tobias Brunner | |
430 | 58 | Tobias Brunner | p((. Comma separated list of DNS server addresses to exchange as configuration attributes. On the initiator, |
431 | 58 | Tobias Brunner | a server is a fixed IPv4/IPv6 address, or _%config4/%config6_ to request attributes without an address. |
432 | 58 | Tobias Brunner | On the responder, only fixed IPv4/IPv6 addresses are allowed and define DNS servers assigned to the client. |
433 | 1 | Martin Willi | Available since [[5.0.1]]. |
434 | 23 | Tobias Brunner | |
435 | 1 | Martin Willi | _left|rightfirewall = yes | *no*_ |
436 | 1 | Martin Willi | |
437 | 1 | Martin Willi | p((. whether the _left|right_ participant is doing forwarding-firewalling (including masquerading) |
438 | 1 | Martin Willi | using iptables for traffic from _left|rightsubnet_, which should be turned off for traffic to the |
439 | 1 | Martin Willi | other subnet) once the connection is established. May not be used in the same connection description with |
440 | 1 | Martin Willi | _left|rightupdown_. Implemented as a parameter to the default _ipsec _updown_ script. Relevant only |
441 | 1 | Martin Willi | locally, other end need not agree on it. |
442 | 23 | Tobias Brunner | |
443 | 20 | Andreas Steffen | p((. If one or both security gateways are doing forwarding firewalling (possibly including masquerading), |
444 | 23 | Tobias Brunner | and this is specified using the firewall parameters, tunnels established with IPsec are exempted from |
445 | 57 | Tobias Brunner | it so that packets can flow unchanged through the tunnels. (This means that all subnets connected in this |
446 | 1 | Martin Willi | manner must have distinct, non-overlapping subnet address blocks.) This is done by the default |
447 | 1 | Martin Willi | _ipsec _updown_ script. |
448 | 1 | Martin Willi | |
449 | 1 | Martin Willi | p((. In situations calling for more control, it may be preferable for the user to supply his own _updown_ script, |
450 | 1 | Martin Willi | which makes the appropriate adjustments for his system. |
451 | 1 | Martin Willi | |
452 | 31 | Martin Willi | _left|rightgroups = <group list>_ |
453 | 58 | Tobias Brunner | |
454 | 58 | Tobias Brunner | p((. a comma-separated list of group names. If the _left|rightgroups_ parameter is present then the peer must |
455 | 57 | Tobias Brunner | be a member of at least one of the groups defined by the parameter. Groups may be used together with the |
456 | 58 | Tobias Brunner | [[EapRadius#Group-selection|eap-radius]] plugin. |
457 | 1 | Martin Willi | |
458 | 58 | Tobias Brunner | _left|rightgroups2 = <group list>_ |
459 | 58 | Tobias Brunner | |
460 | 58 | Tobias Brunner | p((. Same as _left|rightgroups_ but for the second authentication round defined with _left|rightauth2_. |
461 | 1 | Martin Willi | Available since [[5.0.1]]. |
462 | 1 | Martin Willi | |
463 | 1 | Martin Willi | _left|righthostaccess = yes | *no*_ |
464 | 1 | Martin Willi | |
465 | 1 | Martin Willi | p((. inserts a pair of INPUT and OUTPUT iptables rules using the default _ipsec _updown_ script, |
466 | 33 | Tobias Brunner | thus allowing access to the host itself in the case where the host's internal interface is part |
467 | 23 | Tobias Brunner | of the negotiated client subnet. |
468 | 57 | Tobias Brunner | |
469 | 73 | Tobias Brunner | _left|rightid = <id>_ |
470 | 73 | Tobias Brunner | |
471 | 79 | Tobias Brunner | p((. how the _left|right_ participant should be identified for authentication; defaults to _left|right_ or the subject of the |
472 | 79 | Tobias Brunner | certificate configured with _left|rightcert_. If _left|rightcert_ is configured the identity has to be confirmed by the |
473 | 79 | Tobias Brunner | certificate, that is, it has to match the full subject DN or one of the subjectAltName extensions contained in the |
474 | 79 | Tobias Brunner | certificate. |
475 | 1 | Martin Willi | |
476 | 79 | Tobias Brunner | p((. Can be an IP address, a fully-qualified domain name, an email address or a Distinguished Name for which the |
477 | 79 | Tobias Brunner | ID type is determined automatically and the string is converted to the appropriate encoding. The rules for this |
478 | 79 | Tobias Brunner | conversion are described on [[IdentityParsing]]. In versions before [[5.0.0]] fully-qualified domain names can be |
479 | 79 | Tobias Brunner | preceded by an @ to avoid them being resolved to an IP address. |
480 | 73 | Tobias Brunner | |
481 | 79 | Tobias Brunner | p((. In certain special situations the identity parsing above might be inadequate or produce the wrong result. |
482 | 79 | Tobias Brunner | Examples are the need to encode a FQDN as KEY_ID or the string parser being unable to produce the correct |
483 | 79 | Tobias Brunner | binary ASN.1 encoding of a certificate's DN. For these situations it is possible since version:5.2.2 to enforce a specific |
484 | 79 | Tobias Brunner | identity type and to provide the binary encoding of the identity. To do this a prefix may be used, followed by a |
485 | 79 | Tobias Brunner | colon (:). If the number sign (#) follows the colon, the remaining data is interpreted as hex encoding, otherwise |
486 | 79 | Tobias Brunner | the string is used as is as the identification data. *Note:* The latter implies that no conversion is performed for |
487 | 79 | Tobias Brunner | non-string identities. For example, _ipv4:10.0.0.1_ does not create a valid ID_IPV4_ADDR IKE identity, as it does not |
488 | 79 | Tobias Brunner | get converted to binary 0x0a000001. Instead, one could use _ipv4:#0a000001_ to get a valid identity, but just using |
489 | 79 | Tobias Brunner | the implicit type with [[IdentityParsing|automatic conversion]] is usually simpler. The same applies to the ASN.1 encoded types. |
490 | 58 | Tobias Brunner | The following prefixes are known: _ipv4, ipv6, rfc822, email, userfqdn, fqdn, dns, asn1dn, asn1gn_ and _keyid_. |
491 | 58 | Tobias Brunner | Custom type prefixes may be specified by surrounding the numerical type value with curly brackets. |
492 | 58 | Tobias Brunner | |
493 | 58 | Tobias Brunner | p((. Since [[5.0.1]] _rightid_ for IKEv2 connections optionally takes a % as prefix in front of the identity. |
494 | 58 | Tobias Brunner | If given it prevents the daemon from sending IDr in its IKE_AUTH request and will allow it to verify the |
495 | 58 | Tobias Brunner | configured identity against the subject and subjectAltNames contained in the responder's certificate (otherwise, |
496 | 33 | Tobias Brunner | it is only compared with the IDr returned by the responder). The IDr sent by the initiator might otherwise |
497 | 7 | Martin Willi | prevent the responder from finding a config if it has configured a different value for _leftid_. |
498 | 23 | Tobias Brunner | |
499 | 23 | Tobias Brunner | _left|rightid2 = <id>_ |
500 | 21 | Andreas Steffen | |
501 | 1 | Martin Willi | p((. Identity to use for the second authentication of the left participant (IKEv2 only). |
502 | 1 | Martin Willi | Defaults to _left|rightid_. |
503 | 1 | Martin Willi | |
504 | 1 | Martin Willi | _leftikeport = <port>_ |
505 | 58 | Tobias Brunner | |
506 | 58 | Tobias Brunner | p((. UDP port the left participant uses for IKE communication. If unspecified, port 500 is used with the port |
507 | 63 | Tobias Brunner | floating to 4500 if a NAT is detected or MOBIKE is enabled. |
508 | 63 | Tobias Brunner | Specifying a local IKE port different from the default additionally requires a socket implementation that |
509 | 63 | Tobias Brunner | listens to this port. Not supported for IKEv1 connections prior to [[5.0.0]]. |
510 | 70 | Tobias Brunner | |
511 | 70 | Tobias Brunner | _left|rightprotoport = <protocol>/<port>_ |
512 | 67 | Tobias Brunner | |
513 | 1 | Martin Willi | p((. restrict the traffic selector to a single protocol and/or port. Since [[5.1.0]] this option is deprecated |
514 | 1 | Martin Willi | as protocol/port information can be defined for each subnet directly in _left|rightsubnet_. |
515 | 67 | Tobias Brunner | |
516 | 67 | Tobias Brunner | _left|rightrsasigkey = <raw rsa public key> | <path to public key>_ |
517 | 72 | Tobias Brunner | |
518 | 1 | Martin Willi | p((. Since [[5.1.0]] a synonym for _left|rightsigkey_. Before that it denoted the left|right participant's public key |
519 | 67 | Tobias Brunner | for RSA signature authentication, in RFC 2537 format using hex (0x prefix) or base64 (0s prefix) encoding. |
520 | 67 | Tobias Brunner | Also accepted was the path to a file containing the public key in PEM or DER encoding. |
521 | 72 | Tobias Brunner | |
522 | 1 | Martin Willi | _left|rightsigkey = <raw public key> | <path to public key>_ |
523 | 72 | Tobias Brunner | |
524 | 67 | Tobias Brunner | p((. Added with [[5.1.0]]. The left|right participant's public key for public key signature authentication, in PKCS#1 |
525 | 72 | Tobias Brunner | format using using hex (0x prefix) or base64 (0s prefix) encoding. With the optional _dns:_ or _ssh:_ prefix in front |
526 | 72 | Tobias Brunner | of 0x or 0s, the public key is expected in either the RFC 3110 (not the full RR, only the RSA key part) or |
527 | 1 | Martin Willi | RFC 4253 public key format, respectively. |
528 | 1 | Martin Willi | Also accepted is the path to a file containing the public key in PEM, DER or SSH encoding. Both absolute paths or |
529 | 1 | Martin Willi | paths relative to [[ipsecdirectorycerts|/etc/ipsec.d/certs]] are accepted. |
530 | 58 | Tobias Brunner | |
531 | 1 | Martin Willi | _left|rightsendcert = never | no | *ifasked* | always | yes_ |
532 | 58 | Tobias Brunner | |
533 | 58 | Tobias Brunner | p((. Accepted values are *never* or *no*, *always* or *yes*, and *ifasked*, the latter meaning that |
534 | 58 | Tobias Brunner | the peer must send a certificate request (CR) payload in order to get a certificate in return. |
535 | 58 | Tobias Brunner | |
536 | 58 | Tobias Brunner | _leftsourceip = %config4 | %config6 | <ip address>_ |
537 | 31 | Martin Willi | |
538 | 23 | Tobias Brunner | p((. The internal source IP to use in a tunnel, also known as [[VirtualIp|virtual IP]]. |
539 | 1 | Martin Willi | If the value is one of the synonyms _%config_, _%cfg_, _%modeconfig_ or _%modecfg_, an address (from |
540 | 57 | Tobias Brunner | the tunnel address family) is requested from the peer. |
541 | 1 | Martin Willi | Since [[5.0.1]] a comma-separated list is accepted to request multiple addresses, and with _%config4_ and |
542 | 1 | Martin Willi | _%config6_ an address of the given address family will be requested explicitly. |
543 | 73 | Tobias Brunner | If an IP address is configured, it will be requested from the responder, which is free to respond with a |
544 | 7 | Martin Willi | different address. |
545 | 23 | Tobias Brunner | |
546 | 31 | Martin Willi | _rightsourceip = %config | <network>/<netmask> | <from>-<to> | %poolname_ |
547 | 73 | Tobias Brunner | |
548 | 73 | Tobias Brunner | p((. The internal source IP to use in a tunnel for the remote peer. If the value is %config on the responder |
549 | 1 | Martin Willi | side, the initiator must propose an address which is then echoed back. Also supported are address pools |
550 | 73 | Tobias Brunner | expressed as _<network>/<netmask>_ and _<from>-<to>_ (since version:5.2.2) or the use of an external IP address pool |
551 | 57 | Tobias Brunner | using _%%poolname_ where _poolname_ is the name of the IP address pool used for the lookup (see [[VirtualIp|virtual IP]] for details). |
552 | 67 | Tobias Brunner | Since [[5.0.1]] a comma-separated list of IP addresses / pools is accepted, for instance, to define pools of |
553 | 1 | Martin Willi | different address families. |
554 | 1 | Martin Willi | |
555 | 1 | Martin Willi | _left|rightsubnet = <ip subnet>![[<proto/port>]][,...]_ |
556 | 1 | Martin Willi | |
557 | 57 | Tobias Brunner | p((. private subnet behind the left participant, expressed as network/netmask; if omitted, essentially assumed |
558 | 58 | Tobias Brunner | to be _left_/32|128, signifying that the _left|right_ end of the connection goes to the _left|right_ participant only. |
559 | 58 | Tobias Brunner | The configured subnets of the peers may differ, the protocol narrows it to the greatest common subnet. |
560 | 58 | Tobias Brunner | Since [[5.0.0]] this is also done for IKEv1, but as this may lead to problems with other implementations, |
561 | 58 | Tobias Brunner | make sure to configure identical subnets in such configurations. |
562 | 1 | Martin Willi | IKEv2 supports multiple subnets separated by commas, IKEv1 only interprets the first subnet of such a definition, |
563 | 1 | Martin Willi | unless the Cisco Unity extension plugin is enabled (available since [[5.0.1]]). |
564 | 70 | Tobias Brunner | |
565 | 70 | Tobias Brunner | p((. Since [[5.1.0]] the optional part after each subnet enclosed in square brackets specifies a protocol/port to restrict |
566 | 70 | Tobias Brunner | the selector for that subnet. *Examples:* leftsubnet=10.0.0.1[tcp/http],10.0.0.2[6/80] or leftsubnet=fec1::1[udp],10.0.0.0/16[/53]. |
567 | 70 | Tobias Brunner | Instead of omitting either value _%any_ can be used to the same effect, e.g. leftsubnet=fec1::1[udp/%any],10.0.0.0/16[%any/53]. |
568 | 70 | Tobias Brunner | |
569 | 67 | Tobias Brunner | p((. Since [[5.1.1]], if the protocol is _icmp_ or _ipv6-icmp_ the port is interpreted as ICMP message type if it is less than 256, |
570 | 67 | Tobias Brunner | or as type and code if it greater or equal to 256, with the type in the most significant 8 bits and the code in the |
571 | 67 | Tobias Brunner | least significant 8 bits. |
572 | 67 | Tobias Brunner | |
573 | 67 | Tobias Brunner | p((. The port value can alternatively take the value _%opaque_ for RFC 4301 OPAQUE selectors, or a numerical range |
574 | 67 | Tobias Brunner | in the form 1024-65535. None of the kernel backends currently supports opaque or port ranges and uses _%any_ |
575 | 67 | Tobias Brunner | for policy installation instead. |
576 | 67 | Tobias Brunner | |
577 | 23 | Tobias Brunner | p((. Instead of specifying a subnet, _%dynamic_ can be used to replace it with the IKE address, having the same effect |
578 | 21 | Andreas Steffen | as omitting _left|rightsubnet_ completely. Using _%dynamic_ can be used to define multiple dynamic selectors, |
579 | 1 | Martin Willi | each having a potentially different protocol/port definition. |
580 | 31 | Martin Willi | |
581 | 1 | Martin Willi | _left|rightupdown = <path>_ |
582 | 33 | Tobias Brunner | |
583 | 33 | Tobias Brunner | p((. what _updown_ script to run to adjust routing and/or firewalling when the status of the connection |
584 | 33 | Tobias Brunner | changes (default _ipsec _updown_). Relevant only locally, other end need not agree on it. |
585 | 33 | Tobias Brunner | Charon uses the _updown_ script to insert firewall rules only, since routing has been implemented directly |
586 | 33 | Tobias Brunner | into the daemon. |
587 | 33 | Tobias Brunner | |
588 | 33 | Tobias Brunner | h2. IKEv2 Mediation Extension Parameters |
589 | 23 | Tobias Brunner | |
590 | 23 | Tobias Brunner | The following parameters are relevant to IKEv2 Mediation Extension operation only. |
591 | 31 | Martin Willi | |
592 | 57 | Tobias Brunner | _mediation = yes | *no*_ |
593 | 57 | Tobias Brunner | |
594 | 57 | Tobias Brunner | p((. whether this connection is a mediation connection, ie. whether this connection is used to mediate other |
595 | 57 | Tobias Brunner | connections. Mediation connections create no child SA. Acceptable values are no (the default) and yes. |
596 | 57 | Tobias Brunner | |
597 | 21 | Andreas Steffen | _mediated_by = <name>_ |
598 | 1 | Martin Willi | |
599 | 31 | Martin Willi | p((. the name of the connection to mediate this connection through. If given, the connection will be mediated |
600 | 1 | Martin Willi | through the named mediation connection. The mediation connection must set *mediation=yes*. |
601 | 57 | Tobias Brunner | |
602 | 1 | Martin Willi | _me_peerid = <id>_ |
603 | 1 | Martin Willi | |
604 | 58 | Tobias Brunner | p((. ID as which the peer is known to the mediation server, ie. which the other end of this connection uses as |
605 | 58 | Tobias Brunner | its leftid on its connection to the mediation server. This is the ID we request the mediation server to |
606 | 58 | Tobias Brunner | mediate us with. If me_peerid is not given, the rightid of this connection will be used as peer ID. |
607 | 58 | Tobias Brunner | |
608 | 58 | Tobias Brunner | h2. Removed parameters (since 5.0.0) |
609 | 58 | Tobias Brunner | |
610 | 58 | Tobias Brunner | _auth = *esp* | ah_ |
611 | 58 | Tobias Brunner | |
612 | 69 | Tobias Brunner | p((. whether authentication should be done as part of ESP encryption, or separately using the AH protocol. |
613 | 69 | Tobias Brunner | Only supported by the IKEv1 daemon pluto. |
614 | 58 | Tobias Brunner | |
615 | 58 | Tobias Brunner | p((. Since [[5.1.1]] the *ah* keyword can be used to configure AH with the charon IKE daemon. |
616 | 58 | Tobias Brunner | |
617 | 58 | Tobias Brunner | _pfs = *yes* | no_ |
618 | 58 | Tobias Brunner | |
619 | 58 | Tobias Brunner | p((. whether _Perfect Forward Secrecy_ of keys is desired on the connection's keying channel (with PFS, |
620 | 58 | Tobias Brunner | penetration of the key-exchange protocol does not compromise keys negotiated earlier). IKEv2 always uses |
621 | 58 | Tobias Brunner | PFS for IKE_SA rekeying whereas for CHILD_SA rekeying PFS is enforced by defining a Diffie-Hellman dhgroup |
622 | 58 | Tobias Brunner | in the _esp_ parameter. Since [[5.0.0]] the latter also applies to IKEv1 and this parameter has no effect anymore. |
623 | 58 | Tobias Brunner | |
624 | 58 | Tobias Brunner | _pfsgroup = <modp group>_ |
625 | 58 | Tobias Brunner | |
626 | 58 | Tobias Brunner | p((. defines a Diffie-Hellman group for _perfect forward secrecy_ in IKEv1 Quick Mode differing from the DH group |
627 | 58 | Tobias Brunner | used for IKEv1 Main Mode (IKEv1 pluto daemon only). |
628 | 58 | Tobias Brunner | |
629 | 58 | Tobias Brunner | _left|rightnexthop = %direct | %defaultroute | <ip address> | <fqdn>_ |
630 | 58 | Tobias Brunner | |
631 | 58 | Tobias Brunner | p((. This parameter is usually not needed any more because the NETKEY IPsec stack does not require |
632 | 58 | Tobias Brunner | explicit routing entries for the traffic to be tunneled. If _left|sourceip_ is used with IKEv1 |
633 | 58 | Tobias Brunner | then _left|rightnexthop_ must still be set in order for the source routes to work properly. |
634 | 58 | Tobias Brunner | |
635 | 58 | Tobias Brunner | _left|rightsubnetwithin = <ip subnet>_ |
636 | 1 | Martin Willi | |
637 | 1 | Martin Willi | p((. the peer can propose any subnet or single IP address that fits within the range defined by |
638 | 1 | Martin Willi | _left|rightsubnetwithin_. Is a synonym for _left|rightsubnet_ since [[5.0.0]], as subnets are narrowed. |