ipsec.conf: conn Reference » History » Version 93

Tobias Brunner, 15.11.2017 14:59

1 50 Tobias Brunner
{{title(ipsec.conf: conn Reference)}}
2 49 Tobias Brunner
3 49 Tobias Brunner
h1. ipsec.conf: conn <name>
4 1 Martin Willi
5 44 Tobias Brunner
6 1 Martin Willi
7 44 Tobias Brunner
h2. General Connection Parameters
8 21 Andreas Steffen
9 36 Andreas Steffen
_aaa_identity = <id>_
10 36 Andreas Steffen
11 36 Andreas Steffen
p((. defines the identity of the AAA backend used during IKEv2 EAP authentication. This is required if
12 36 Andreas Steffen
     the EAP client uses a method that verifies the server identity (such as EAP-TLS), but it does not
13 36 Andreas Steffen
     match the IKEv2 gateway identity.
14 36 Andreas Steffen
15 68 Tobias Brunner
_ah = <cipher suites>_
16 68 Tobias Brunner
17 68 Tobias Brunner
p((. comma-separated list of AH algorithms to be used for the connection, e.g. _sha1-sha256-modp1024_.
18 68 Tobias Brunner
     The notation is integrity[-dhgroup]. For IKEv2, multiple algorithms (separated by -) of the same type
19 68 Tobias Brunner
     can be included in a single proposal. IKEv1 only includes the first algorithm in a proposal.
20 68 Tobias Brunner
     Only either the *ah* or the *esp* keyword may be used, AH+ESP bundles are not supported.
21 68 Tobias Brunner
22 76 Tobias Brunner
p((. There is no default AH cipher suite since by default ESP is used. The daemon adds its extensive default
23 76 Tobias Brunner
     proposal to the configured value. To restrict it to the configured proposal an exclamation mark (!) can
24 76 Tobias Brunner
     be added at the end.
25 83 Tobias Brunner
     *Note:* As a responder, the daemon defaults to selecting the first configured proposal that's also
26 83 Tobias Brunner
     supported by the peer. By disabling _charon.prefer_configured_proposals_ in [[strongswan.conf]] this may
27 83 Tobias Brunner
     be changed to selecting the first acceptable proposal sent by the peer instead.
28 83 Tobias Brunner
     In order to restrict a responder to only accept specific cipher suites, the strict flag (!, exclamation mark)
29 1 Martin Willi
     can be used, e.g: sha256-sha512-modp2048!
30 68 Tobias Brunner
31 83 Tobias Brunner
p((. If dh-group is specified, CHILD_SA/Quick Mode setup and rekeying include a separate Diffe-Hellman
32 83 Tobias Brunner
     exchange (refer to _esp_ for details).
33 68 Tobias Brunner
34 68 Tobias Brunner
p((. Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords.
35 68 Tobias Brunner
36 68 Tobias Brunner
p((. Available since [[5.1.1]].
37 68 Tobias Brunner
38 58 Tobias Brunner
_aggressive = yes | *no*_
39 58 Tobias Brunner
40 58 Tobias Brunner
p((. whether to use IKEv1 Aggressive or Main Mode (the default). Available since [[5.0.0]].
41 58 Tobias Brunner
42 80 Tobias Brunner
_also = <name>_
43 1 Martin Willi
44 80 Tobias Brunner
p((. includes conn section <name>. Some aspects of this changed with version:5.2.0 (refer to [[IpsecConf#Reusing-Existing-Parameters]] for details).
45 80 Tobias Brunner
46 1 Martin Willi
47 58 Tobias Brunner
_authby = *pubkey* | rsasig | ecdsasig | psk | secret | xauthrsasig | xauthpsk | never_
48 24 Andreas Steffen
49 31 Martin Willi
p((. how the two security gateways should authenticate each other; acceptable values are *secret* or *psk*
50 58 Tobias Brunner
     for pre-shared secrets, *pubkey* (the default) for public key signatures as well as the synonyms *rsasig*
51 58 Tobias Brunner
     for RSA digital signatures and *ecdsasig* for Elliptic Curve DSA signatures.
52 58 Tobias Brunner
     *never*  can be used if negotiation is never to be attempted or accepted (useful for shunt-only conns).
53 58 Tobias Brunner
     Digital signatures are superior in every way to shared secrets. IKEv1 additionally supports the values
54 58 Tobias Brunner
     *xauthpsk* and *xauthrsasig* that will enable _eXtended Authentication (XAuth)_ in addition to IKEv1 main
55 58 Tobias Brunner
     mode based on shared secrets or digital RSA signatures,  respectively.
56 58 Tobias Brunner
     This parameter is deprecated for IKEv2 connections (and IKEv1 connections since [[5.0.0]]), as two peers
57 58 Tobias Brunner
     do not need to agree on an authentication method. Use the _left|rightauth_ parameter instead to define
58 58 Tobias Brunner
     authentication methods.
59 1 Martin Willi
60 31 Martin Willi
_auto = *ignore* | add | route | start_
61 23 Tobias Brunner
62 1 Martin Willi
p((. what operation, if any, should be done automatically at IPsec startup. *add* loads a connection without
63 21 Andreas Steffen
     starting it. *route* loads a connection and installs kernel traps. If traffic is detected between
64 21 Andreas Steffen
     _leftsubnet_ and _rightsubnet_, a connection is established. *start* loads a connection and brings
65 58 Tobias Brunner
     it up immediately. *ignore* ignores the connection. This is equal to deleting a connection from the config
66 57 Tobias Brunner
     file. Relevant only locally, other end need not agree on it.
67 1 Martin Willi
68 23 Tobias Brunner
_closeaction = *none* | clear | hold | restart_
69 47 Tobias Brunner
70 85 James Birkett
p((. defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see _dpdaction_ for
71 1 Martin Willi
     meaning of values). A _closeaction_ should not be used if the peer uses reauthentication or uniqueids checking,
72 85 James Birkett
     as these events might trigger the defined action when not desired. Prior to version:5.1.0, _closeaction_ was 
73 85 James Birkett
     not supported for IKEv1 connections.
74 47 Tobias Brunner
75 23 Tobias Brunner
_compress = yes | *no*_
76 31 Martin Willi
77 23 Tobias Brunner
p((. whether IPComp compression of content is proposed on the connection (link-level compression does not work on
78 57 Tobias Brunner
     encrypted data, so to be effective, compression must be done before encryption). A value of *yes* causes the daemon
79 57 Tobias Brunner
     to propose both compressed and  uncompressed, and  prefer compressed. A value of *no* prevents the daemon from proposing or accepting compression.
80 1 Martin Willi
81 21 Andreas Steffen
_dpdaction = *none* | clear | hold | restart_
82 21 Andreas Steffen
83 21 Andreas Steffen
p((. controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages
84 1 Martin Willi
     (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the
85 81 Tobias Brunner
     IPsec peer. The values *clear*, *hold*, and *restart* all activate DPD and determine the action to perform on a timeout.
86 81 Tobias Brunner
     With *clear* the connection is closed with no further actions taken. *hold* installs a trap policy, which will catch
87 81 Tobias Brunner
     matching traffic and tries to re-negotiate the connection on demand. *restart* will immediately trigger an attempt
88 81 Tobias Brunner
     to re-negotiate the connection. The default is *none* which disables the active sending of DPD messages.
89 21 Andreas Steffen
90 21 Andreas Steffen
_dpddelay = *30s* | <time>_
91 41 Tobias Brunner
92 1 Martin Willi
p((. defines  the  period time interval with which R_U_THERE messages/INFORMATIONAL exchanges are sent to the peer.
93 31 Martin Willi
     These are only sent if no other traffic is received. In IKEv2, a value of 0 sends no additional INFORMATIONAL
94 1 Martin Willi
     messages and uses only standard messages (such as those to rekey) to detect dead peers.
95 30 Martin Willi
96 31 Martin Willi
_dpdtimeout = *150s* | <time>_
97 30 Martin Willi
98 54 Andreas Steffen
p((. defines the timeout interval, after which all connections to a peer are deleted in case of inactivity.
99 23 Tobias Brunner
     This only applies to IKEv1, in IKEv2 the default [[Retransmission|retransmission timeout]] applies, as every exchange is used to
100 41 Tobias Brunner
     detect dead peers.
101 1 Martin Willi
102 1 Martin Willi
_inactivity = <time>_
103 65 Andreas Steffen
104 1 Martin Willi
p((. defines the timeout interval, after which a CHILD_SA is closed if it did not send or receive any traffic.
105 41 Tobias Brunner
     Not supported for IKEv1 connections prior to [[5.0.0]].
106 1 Martin Willi
107 23 Tobias Brunner
_eap_identity = <id>_
108 1 Martin Willi
109 31 Martin Willi
p((. defines the identity the client uses to reply to an EAP Identity request. If defined on the EAP server, the defined
110 23 Tobias Brunner
     identity  will be used as peer identity during EAP authentication. The special value _%identity_ uses the EAP Identity method
111 14 Martin Willi
     to ask the client for a EAP identity. If not defined, the IKEv2 identity will be used as EAP identity.
112 1 Martin Willi
113 1 Martin Willi
_esp = <cipher suites>_
114 57 Tobias Brunner
115 48 Tobias Brunner
p((. comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g.
116 1 Martin Willi
     _aes128-sha256_. The notation is _encryption-integrity[-dhgroup][-esnmode]_.
117 68 Tobias Brunner
     For IKEv2, multiple algorithms (separated by -) of the same type can be included in a single proposal.
118 68 Tobias Brunner
     IKEv1 only includes the first algorithm in a proposal.  Only either the *ah* or the *esp* keyword may
119 1 Martin Willi
     be used, AH+ESP bundles are not supported.
120 1 Martin Willi
121 1 Martin Willi
p((. Defaults to *aes128-sha256* (_aes128-sha1,3des-sha1_ before version:5.4.0). The daemon adds its extensive default
122 1 Martin Willi
     proposal to this default or the configured value. To restrict it to the configured proposal an exclamation mark (*&#33;*)
123 1 Martin Willi
     can be added at the end.
124 83 Tobias Brunner
     *Note:* As a responder, the daemon defaults to selecting the first configured proposal that's also
125 83 Tobias Brunner
     supported by the peer. By disabling _charon.prefer_configured_proposals_ in [[strongswan.conf]] this may
126 83 Tobias Brunner
     be changed to selecting the first acceptable proposal sent by the peer instead.
127 83 Tobias Brunner
     In order to restrict a responder to only accept specific cipher suites, the strict flag (*&#33;*, exclamation mark)
128 1 Martin Willi
     can be used, e.g: _aes256-sha512-modp4096!_
129 1 Martin Willi
130 83 Tobias Brunner
p((. If _dh-group_ is specified, CHILD_SA rekeying and initial negotiation include a separate Diffe-Hellman
131 83 Tobias Brunner
     exchange (since [[5.0.0]] this also applies to IKEv1 Quick Mode). However, for IKEv2, the keys of the CHILD_SA
132 83 Tobias Brunner
     created implicitly with the IKE_SA will always be derived from the IKE_SA's key material. So any DH group
133 83 Tobias Brunner
     specified here will only apply when the CHILD_SA is later rekeyed or is created with a separate CREATE_CHILD_SA
134 83 Tobias Brunner
     exchange.  Therefore, a proposal mismatch might not immediately be noticed when the SA is established,
135 83 Tobias Brunner
     but may later cause rekeying to fail.
136 68 Tobias Brunner
137 83 Tobias Brunner
p((. Valid values for _esnmode_ are _esn_ and _noesn_.  Specifying both negotiates extended sequence
138 48 Tobias Brunner
     number support with the peer, the default is *noesn*.
139 1 Martin Willi
140 68 Tobias Brunner
p((. Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords.
141 68 Tobias Brunner
142 1 Martin Willi
_forceencaps = yes | *no*_
143 48 Tobias Brunner
144 48 Tobias Brunner
p((.  force UDP encapsulation for ESP packets even if no NAT situation is detected.
145 43 Tobias Brunner
      This may help to surmount restrictive firewalls. In order to force the peer to
146 57 Tobias Brunner
      encapsulate packets, NAT detection payloads are faked.
147 65 Andreas Steffen
      Not supported for IKEv1 connections prior to [[5.0.0]].
148 1 Martin Willi
149 88 Tobias Brunner
_fragmentation = *yes* | accept | force | no_
150 60 Tobias Brunner
151 1 Martin Willi
p((.  whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2 fragmentation as per "RFC 7383":
152 88 Tobias Brunner
      Fragmented messages sent by a peer are always processed irrespective of the value of this option (even when set to *no*).
153 88 Tobias Brunner
      If set to *yes* (the default since version:5.5.1) and the peer supports it, oversized IKE messages will be sent in fragments (the
154 88 Tobias Brunner
      maximum fragment size can be configured in [[strongswan.conf]]). If set to *accept* (available since version:5.5.3) support for
155 88 Tobias Brunner
      fragmentation is announced to the peer but the daemon does not send its own messages in fragments.
156 88 Tobias Brunner
      If set to *force* (only supported for IKEv1) the initial IKE message will already be fragmented if required.
157 74 Tobias Brunner
      Available for IKEv1 connections since version:5.0.2 and for IKEv2 connections since version:5.2.1.
158 60 Tobias Brunner
159 31 Martin Willi
_ike = <cipher suites>_
160 1 Martin Willi
161 1 Martin Willi
p((. comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms to be used, e.g.
162 82 Tobias Brunner
     _aes128-sha256-modp3072_. The notation is _encryption-integrity[-prf]-dhgroup_. In IKEv2, multiple algorithms
163 82 Tobias Brunner
     and proposals may be included, such as _aes128-aes256-sha1-modp3072-modp2048,3des-sha1-md5-modp1024_.
164 59 Tobias Brunner
165 1 Martin Willi
p((. The ability to configure a PRF algorithm different to that defined for integrity protection was added with [[5.0.2]].
166 59 Tobias Brunner
     If no PRF is configured, the algorithms defined for integrity are proposed as PRF.  The prf keywords are the same as
167 59 Tobias Brunner
     the integrity algorithms, but have a _prf_ prefix (such as _prfsha1_, _prfsha256_ or _prfaesxcbc_).
168 59 Tobias Brunner
169 82 Tobias Brunner
p((. Defaults to *aes128-sha256-modp3072* (_aes128-sha1-modp2048,3des-sha1-modp1536_ before version:5.4.0) for IKEv1.
170 82 Tobias Brunner
     The daemon adds its extensive default proposal to this default or the configured value. To restrict it to the
171 82 Tobias Brunner
     configured proposal an exclamation mark (*&#33;*) can be added at the end.
172 59 Tobias Brunner
     Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords.
173 59 Tobias Brunner
174 59 Tobias Brunner
p((. *Note*: As a responder both daemons accept the first supported proposal received from the peer. In order
175 51 Tobias Brunner
     to restrict a responder to only accept specific cipher suites, the strict flag (*&#33;*, exclamation mark)
176 48 Tobias Brunner
     can be used, e.g: _aes256-sha512-modp4096!_
177 51 Tobias Brunner
178 62 Tobias Brunner
_ikedscp = *000000* | <DSCP field>_
179 62 Tobias Brunner
180 62 Tobias Brunner
p((. Differentiated Services Field Codepoint to set on outgoing IKE packets sent
181 62 Tobias Brunner
     from this connection. The value is a six digit binary encoded string defining
182 62 Tobias Brunner
     the Codepoint to set, as defined in "RFC 2474":
183 62 Tobias Brunner
184 48 Tobias Brunner
_ikelifetime = *3h* | <time>_
185 43 Tobias Brunner
186 58 Tobias Brunner
p((. how long the keying channel of a connection (_ISAKMP or IKE SA_) should last before being renegotiated.
187 58 Tobias Brunner
     Also see [[ExpiryRekey|Expiry and Rekey]].
188 31 Martin Willi
189 40 Tobias Brunner
_installpolicy = *yes* | no_
190 1 Martin Willi
191 58 Tobias Brunner
p((. decides whether IPsec policies are installed in the kernel by the charon daemon for a given connection.
192 31 Martin Willi
     Allows peaceful cooperation e.g. with the Mobile IPv6  _mip6d_ daemon who wants to control the kernel policies.
193 23 Tobias Brunner
194 21 Andreas Steffen
_keyexchange = *ike* | ikev1 | ikev2_
195 1 Martin Willi
196 23 Tobias Brunner
p((. method of key exchange; which protocol should be used to initialize the connection.
197 58 Tobias Brunner
     Prior to [[5.0.0]] connections marked with *ikev1*  were initiated with Pluto, those marked with *ikev2* with Charon.
198 58 Tobias Brunner
     An incoming request from the remote peer was handled by the correct daemon, unaffected from the _keyexchange_ setting.
199 57 Tobias Brunner
     Starting with strongSwan [[4.5.0]] the default value *ike* is a synonym for *ikev2*, whereas in older strongSwan releases *ikev1* was assumed.
200 57 Tobias Brunner
     Since [[5.0.0]] both protocols are handled by Charon and connections marked with *ike* will use IKEv2 when initiating, but accept any protocol version when responding.
201 38 Andreas Steffen
202 38 Andreas Steffen
_keyingtries = *3* | <number> | %forever_
203 20 Andreas Steffen
204 45 Tobias Brunner
p((. how  many attempts (a positive integer or _%forever_) should be made to negotiate a connection, or a replacement
205 31 Martin Willi
     for one, before giving up (default 3). The value _%forever_ means 'never give up'.  Relevant  only  locally, other end need
206 46 Daniel Mentz
     not agree on it.
207 45 Tobias Brunner
208 1 Martin Willi
209 26 Tobias Brunner
210 31 Martin Willi
p((. synonym for _lifetime_.
211 26 Tobias Brunner
212 26 Tobias Brunner
_lifebytes = <number>_
213 31 Martin Willi
214 65 Andreas Steffen
p((. the number of bytes transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to [[5.0.0]].
215 26 Tobias Brunner
216 26 Tobias Brunner
_lifepackets = <number>_
217 1 Martin Willi
218 65 Andreas Steffen
p((. the number of packets transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to [[5.0.0]].
219 1 Martin Willi
220 31 Martin Willi
_lifetime = *1h* | <time>_
221 26 Tobias Brunner
222 31 Martin Willi
p((. how  long  a  particular  instance  of a connection (a set of encryption/authentication keys for user packets)
223 1 Martin Willi
     should last, from successful negotiation to expiry; acceptable values are an integer optionally followed by
224 1 Martin Willi
     _s_ (a time in seconds) or a decimal number followed by _m_, _h_, or _d_ (a time in minutes, hours,
225 21 Andreas Steffen
     or days respectively) (default _1h_, maximum _24h_).  Normally, the connection is renegotiated (via the
226 1 Martin Willi
     keying  channel) before it expires (see _margintime_).  The two ends need not exactly agree on _lifetime_, although if they
227 1 Martin Willi
     do not, there will be some clutter of superseded connections on the end which thinks the lifetime is longer.
228 1 Martin Willi
     Also see [[ExpiryRekey|Expiry and Rekey]].
229 40 Tobias Brunner
230 1 Martin Willi
_marginbytes = <number>_
231 26 Tobias Brunner
232 57 Tobias Brunner
p((. how many bytes before IPsec SA expiry (see _lifebytes_) should attempts to negotiate a replacement begin.
233 26 Tobias Brunner
234 26 Tobias Brunner
_marginpackets = <number>_
235 26 Tobias Brunner
236 57 Tobias Brunner
p((. how many packets before IPsec SA expiry (see _lifepackets_) should attempts to negotiate a replacement begin.
237 26 Tobias Brunner
238 40 Tobias Brunner
_margintime = *9m* | <time>_
239 1 Martin Willi
240 1 Martin Willi
p((. how long before connection expiry or keying-channel expiry should attempts to negotiate a replacement begin; acceptable values
241 26 Tobias Brunner
     as for _lifetime_ (default _9m_).  Relevant only locally, other end need not agree on it. Also see [[ExpiryRekey|Expiry and Rekey]].
242 35 Andreas Steffen
243 35 Andreas Steffen
_mark = <value>[/<mask>]_
244 37 Tobias Brunner
245 92 Tobias Brunner
p((. sets an XFRM mark on the inbound policy (before version:5.5.2 also on the IPsec SA) and outbound IPsec SA and policy.
246 92 Tobias Brunner
     If the mask is missing then a default mask of *0xffffffff* is assumed. Since version:5.3.0 the special value *%unique*
247 92 Tobias Brunner
     assigns a unique value to each newly created IPsec SA (used e.g. in combination with the [[forecast]] or
248 92 Tobias Brunner
     [[connmark]] plugins). To additionally make the mark unique for each IPsec SA direction (in/out) the special value
249 92 Tobias Brunner
     *%unique-dir* may be used since version:5.6.0.
250 35 Andreas Steffen
251 57 Tobias Brunner
_mark_in = <value>[/<mask>]_
252 1 Martin Willi
253 92 Tobias Brunner
p((. sets an XFRM mark on the inbound policy (and before version:5.5.2 also on the inbound SA). If the mask is missing then
254 57 Tobias Brunner
     a default mask of *0xffffffff* is assumed.
255 57 Tobias Brunner
256 39 Gerd v. Egidy
_mark_out = <value>[/<mask>]_
257 35 Andreas Steffen
258 92 Tobias Brunner
p((. sets an XFRM mark on the outbound IPsec SA and policy. If the mask is missing then
259 23 Tobias Brunner
     a default mask of *0xffffffff* is assumed.
260 31 Martin Willi
261 21 Andreas Steffen
_mobike = *yes* | no_
262 1 Martin Willi
263 1 Martin Willi
p((. enables the IKEv2 [[MobIke|MOBIKE]] protocol defined by RFC 4555. If set to *no*, the charon
264 23 Tobias Brunner
     daemon will not actively propose [[MobIke|MOBIKE]] as initiator and ignore the MOBIKE_SUPPORTED
265 31 Martin Willi
     notify as responder.
266 23 Tobias Brunner
267 57 Tobias Brunner
_modeconfig = push | *pull*_
268 21 Andreas Steffen
269 1 Martin Willi
p((. defines which mode is used to assign a virtual IP. Currently relevant for IKEv1 only since IKEv2 always uses
270 1 Martin Willi
     the configuration payload in *pull* mode. Cisco VPN gateways usually operate in *push* mode.
271 70 Tobias Brunner
     In versions prior to [[5.1.1]] the charon daemon did not support *push* mode.
272 87 Tobias Brunner
     This setting must be the same on both sides.
273 57 Tobias Brunner
274 21 Andreas Steffen
_reauth = *yes* | no_
275 31 Martin Willi
276 20 Andreas Steffen
p((. whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done.
277 1 Martin Willi
     In  IKEv2, a value of *no* rekeys without uninstalling the IPsec SAs, a value of *yes* (the default)
278 23 Tobias Brunner
     creates a new IKE_SA from scratch and tries to recreate all IPsec SAs.
279 23 Tobias Brunner
280 1 Martin Willi
_rekey = *yes* | no_
281 1 Martin Willi
282 1 Martin Willi
p((. whether a connection should be renegotiated when it is about to expire. The two ends need not agree, but
283 1 Martin Willi
     while a value of no prevents the daemon from requesting renegotiation, it does not prevent responding
284 58 Tobias Brunner
     to renegotiation requested from the other end, so no will be largely ineffective unless both ends agree on it.
285 58 Tobias Brunner
     Also see _reauth_.
286 1 Martin Willi
287 1 Martin Willi
_rekeyfuzz = *100%* | <percentage>_
288 1 Martin Willi
289 31 Martin Willi
p((. maximum percentage by which _marginbytes_, _marginpackets_ and _margintime_ should be randomly increased to randomize
290 1 Martin Willi
     rekeying intervals (important for hosts with many connections); acceptable values are an integer, which may exceed 100,
291 4 Martin Willi
     followed  by  a '%' .
292 77 Juergen Seifert
     The value of _marginTYPE_, after this random increase, must not exceed _lifeTYPE_ (where TYPE is one of bytes, packets or time).
293 31 Martin Willi
     The value _0%_ will suppress randomization. Relevant only locally, other end need not agree on it.
294 1 Martin Willi
     Also see [[ExpiryRekey|Expiry and Rekey]].
295 1 Martin Willi
296 1 Martin Willi
297 1 Martin Willi
298 1 Martin Willi
p((.  synonym for _margintime_.
299 1 Martin Willi
300 71 Tobias Brunner
_replay_window = -1 | <number>_
301 71 Tobias Brunner
302 71 Tobias Brunner
p((. The  IPsec  replay  window  size  for  this connection. With the default of -1 the value configured with _charon.replay_window_  in
303 71 Tobias Brunner
     [[strongswan.conf]]  is used. Larger values than 32 are supported using the Netlink backend only, a  value  of  0  disables  IPsec
304 90 Tobias Brunner
     replay protection. Available since version:5.2.0.
305 1 Martin Willi
306 1 Martin Willi
_reqid = <number>_
307 1 Martin Willi
308 1 Martin Willi
p((. sets the reqid for a given connection to a pre-configured fixed value.
309 88 Tobias Brunner
310 88 Tobias Brunner
_sha256_96 = *no* | yes_
311 88 Tobias Brunner
312 88 Tobias Brunner
p((. HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility with implementations that     incorrectly use 96-bit
313 88 Tobias Brunner
     truncation this option may be enabled to configure the shorter truncation length in the kernel.  This is not negotiated, so this
314 90 Tobias Brunner
     only works with peers that use the incorrect truncation length (or have this option enabled). Available since version:5.5.3.
315 57 Tobias Brunner
316 1 Martin Willi
_tfc = <value>_
317 57 Tobias Brunner
318 57 Tobias Brunner
p((. number of bytes to pad ESP payload data to. Traffic Flow Confidentiality is currently supported in IKEv2 and applies to outgoing packets only. The special value %mtu fills up ESP packets with padding to have the size of the MTU.
319 57 Tobias Brunner
320 57 Tobias Brunner
_type = *tunnel* | transport | transport_proxy | passthrough | drop_
321 1 Martin Willi
322 1 Martin Willi
p((. the type of the connection; currently the accepted values are *tunnel*, signifying a  host-to-host,
323 1 Martin Willi
     host-to-subnet, or subnet-to-subnet tunnel; *transport*, signifying host-to-host transport mode;
324 31 Martin Willi
     *transport_proxy*, signifying the special Mobile IPv6 transport proxy mode;
325 23 Tobias Brunner
     *passthrough*, signifying that no IPsec processing should be done at all; *drop*, signifying that packets
326 41 Tobias Brunner
     should be  discarded.
327 34 Tobias Brunner
328 57 Tobias Brunner
_xauth = *client* | server_
329 21 Andreas Steffen
330 1 Martin Willi
p((. specifies the role in the XAuth protocol if activated by _authby=xauthpsk_ or _authby=xauthrsasig_.
331 21 Andreas Steffen
332 23 Tobias Brunner
_xauth_identity = <id>_
333 20 Andreas Steffen
334 53 Tobias Brunner
p((. defines the identity/username the client uses to reply to an XAuth request. If not defined, the IKEv1 identity will be used as XAuth identity.
335 23 Tobias Brunner
336 20 Andreas Steffen
h2. left|right End Parameters
337 1 Martin Willi
338 1 Martin Willi
Connection descriptions are defined in terms of a left endpoint and a right endpoint. For example, the
339 1 Martin Willi
two parameters leftid and rightid specify the identity of the left and the right endpoint. For every
340 52 Tobias Brunner
connection description an attempt is made to figure out whether the local endpoint should act as the left or
341 52 Tobias Brunner
the right endpoint. This is done by matching the IP addresses defined for both endpoints with the
342 1 Martin Willi
IP addresses assigned to local network interfaces. If a match is found then the role (left or right) that
343 1 Martin Willi
matches is going to be considered "local". If no match is found during startup, "left" is considered "local".
344 1 Martin Willi
345 70 Tobias Brunner
_left|right = <ip address> | <fqdn> | *%any* | range | subnet_
346 52 Tobias Brunner
347 70 Tobias Brunner
p((. The IP address of the participant's public-network interface or one of several magic values.
348 57 Tobias Brunner
     The value _%any_ for the local endpoint signifies an address to be filled in
349 52 Tobias Brunner
     (by automatic keying) during negotiation. If the local peer initiates the connection setup the routing table
350 23 Tobias Brunner
     will be queried to determine the correct local IP address. In case the local peer is responding to a connection
351 1 Martin Willi
     setup then any IP address that is assigned to a local interface will be accepted.
352 1 Martin Willi
353 58 Tobias Brunner
p((. Prior to [[5.0.0]] specifying _%%any_ for the local endpoint was not supported for IKEv1 connections, instead
354 58 Tobias Brunner
     the keyword _%%defaultroute_ could be used, causing the value to be filled in automatically with the local
355 58 Tobias Brunner
     address of the default-route interface (as determined at IPsec startup time and during configuration
356 57 Tobias Brunner
     update). Either left or right may be _%defaultroute_, but not both.
357 57 Tobias Brunner
358 1 Martin Willi
p((. The prefix % in front of a fully-qualified domain name or an IP address will implicitly set _left|rightallowany=yes_.
359 1 Martin Willi
360 1 Martin Willi
p((. If _%any_ is used for the remote endpoint it literally means any IP address.
361 70 Tobias Brunner
362 86 Tobias Brunner
p((. If an FQDN is assigned it is resolved every time a configuration lookup is done. If DNS resolution times out,
363 86 Tobias Brunner
     the lookup is delayed for that time.
364 86 Tobias Brunner
365 70 Tobias Brunner
p((. Since [[5.1.1]] connections can be limited to a specific range of hosts. To do so a range (
366 70 Tobias Brunner
     or a subnet ( can be specified, and multiple addresses, ranges and subnets can be separated by commas.
367 70 Tobias Brunner
     While one can freely combine these items, to initiate the connection at least one non-range/subnet is required.
368 1 Martin Willi
369 31 Martin Willi
p((. Please note that with the usage of wildcards multiple connection descriptions might match a given incoming
370 33 Tobias Brunner
     connection attempt. The most specific description is used in that case.
371 33 Tobias Brunner
372 33 Tobias Brunner
_left|rightallowany = yes | *no*_
373 1 Martin Willi
374 29 Daniel Mentz
p((. a modifier for _left|right_, making it behave as _%any_ although a concrete IP address has been
375 1 Martin Willi
     assigned. Recommended for dynamic IP addresses that can be resolved by DynDNS at IPsec startup or update time.
376 1 Martin Willi
377 1 Martin Willi
_left|rightauth = <auth method>_
378 1 Martin Willi
379 1 Martin Willi
p((. Authentication method to use locally (left) or require from the remote (right) side. Acceptable values are *pubkey*
380 1 Martin Willi
     for public key encryption (RSA/ECDSA), *psk* for pre-shared key authentication, *eap* to [require the] use of the Extensible Authentication Protocol, and *xauth* for IKEv1 eXtended Authentication.
381 1 Martin Willi
382 1 Martin Willi
p((. To require a trustchain public key strength for the remote side, specify the key type followed
383 1 Martin Willi
     by the minimum strength in bits (for example *ecdsa-384* or *rsa-2048-ecdsa-256*).
384 75 Tobias Brunner
     To limit the acceptable set of hashing algorithms for trustchain validation, append hash algorithms
385 75 Tobias Brunner
     to *pubkey* or a key strength definition (for example *pubkey-sha1-sha256* or *rsa-2048-ecdsa-256-sha256-sha384-sha512*).
386 82 Tobias Brunner
     Since version:5.3.0 and unless disabled in [[strongswan.conf]], or explicit IKEv2 signature constraints are
387 82 Tobias Brunner
     configured (see below), such key types and hash algorithms are also applied as constraints against IKEv2 signature
388 82 Tobias Brunner
     authentication schemes used by the remote side.
389 1 Martin Willi
390 1 Martin Willi
p((. Since version:5.3.0 and if both peers support "RFC 7427": ("Signature  Authentication in IKEv2") specific hash
391 82 Tobias Brunner
     algorithms to be used during IKEv2 authentication may be configured. The syntax is the same as above,
392 82 Tobias Brunner
     but with _ike:_ prefix (before version:5.4.0 without that prefix).
393 82 Tobias Brunner
     For  example, with _ike:pubkey-sha384-sha256_ a public key signature scheme with either SHA-384 or SHA-256
394 75 Tobias Brunner
     would get used for authentication, in that order and depending on the hash algorithms supported by the peer.
395 75 Tobias Brunner
     If no specific hash algorithms are  configured, the default is to prefer an algorithm that matches or exceeds
396 75 Tobias Brunner
     the strength of the signature key.
397 82 Tobias Brunner
     If no constraints with _ike:_ prefix are configured any signature scheme constraint (without _ike:_ prefix) will
398 82 Tobias Brunner
     also apply to IKEv2 authentication, unless this is disabled in [[strongswan.conf]] (this is also the behavior before
399 82 Tobias Brunner
     version:5.4.0, which introduced the _ike:_ prefix).
400 93 Tobias Brunner
     Since version:5.6.1 RSASSA-PSS signatures are supported. To use or require them configure _rsa/pss_ instead of _rsa_
401 93 Tobias Brunner
     as in e.g. _ike:rsa/pss-sha256_. If _pubkey_ or _rsa_ constraints are configured RSASSA-PSS signatures will only be
402 93 Tobias Brunner
     used/accepted if enabled in [[strongswan.conf]].
403 75 Tobias Brunner
404 75 Tobias Brunner
p((. In the case of *eap*, an optional EAP method can be appended. Currently defined methods are *eap-aka*,
405 1 Martin Willi
     *eap-gtc*, *eap-md5*, *eap-mschapv2*, *eap-peap*, *eap-sim*, *eap-tls*, *eap-ttls*, *eap-dynamic*, and *eap-radius*.
406 75 Tobias Brunner
     Alternatively, IANA assigned EAP method numbers are accepted. Vendor specific EAP methods are defined
407 75 Tobias Brunner
     in the form *eap-type-vendor* (e.g. *eap-7-12345*).
408 75 Tobias Brunner
     Since version:5.3.0 signature and trust chain constraints for EAP-(T)TLS may be defined.  To do so, append a
409 75 Tobias Brunner
     colon to the EAP method, followed by the key type/size and hash algorithm as discussed above.
410 75 Tobias Brunner
     For *xauth*, an XAuth authentication backend can be specified, such as *xauth-generic* or *xauth-eap*.
411 75 Tobias Brunner
     If XAuth is used in _leftauth_, Hybrid authentication is used. For traditional XAuth authentication, define XAuth in _leftauth2_.
412 1 Martin Willi
413 57 Tobias Brunner
p((. Not supported for IKEv1 connections prior to [[5.0.0]].
414 27 Daniel Mentz
415 33 Tobias Brunner
416 58 Tobias Brunner
_left|rightauth2 = <auth method>_
417 58 Tobias Brunner
418 58 Tobias Brunner
p((. Same as _left|rightauth_, but defines an additional authentication exchange. In IKEv1, only XAuth can be used
419 57 Tobias Brunner
     in the second authentication round. IKEv2 supports multiple complete authentication rounds using
420 66 Andreas Steffen
     _Multiple Authentication Exchanges_ defined in "RFC 4739": This allows e.g. a separate authentication of host and user.
421 7 Martin Willi
422 31 Martin Willi
p((. Not supported for IKEv1 connections prior to [[5.0.0]].
423 57 Tobias Brunner
424 23 Tobias Brunner
425 57 Tobias Brunner
_left|rightca = <issuer dn> | %same_
426 57 Tobias Brunner
427 58 Tobias Brunner
p((. the distinguished name of a certificate authority which is required to lie in the trust path going from the
428 56 Andreas Steffen
     _left|right_ participant's certificate up to the root certification authority.
429 1 Martin Willi
     *%same* means that the value configured for the other participant should be reused.
430 56 Andreas Steffen
431 23 Tobias Brunner
_left|rightca2 = <issuer dn> | %same_
432 21 Andreas Steffen
433 1 Martin Willi
p((. Same as _left|rightca_ but for the second authentication (IKev2 only).
434 1 Martin Willi
435 1 Martin Willi
_left|rightcert = <path>_
436 1 Martin Willi
437 23 Tobias Brunner
p((. the path to the left|right participant's X.509 certificate. The file can be coded either in PEM or DER format.
438 58 Tobias Brunner
     OpenPGP certificates are supported as well.  Both absolute paths or paths relative to
439 58 Tobias Brunner
     [[IpsecDirectoryCerts|/etc/ipsec.d/certs]] are accepted. By default _left|rightcert_ sets _left|rightid_
440 31 Martin Willi
     to the distinguished name of the certificate's subject. The _left|right_ participant's ID can be overridden
441 61 Tobias Brunner
     by specifying a _left|rightid_ value which must be certified by the certificate, though.
442 61 Tobias Brunner
443 61 Tobias Brunner
p((. Since [[5.0.2]] certificates can be configured in the form _%smartcard[<slot nr>[@<module>]]:<keyid>_, which
444 61 Tobias Brunner
     defines a specific certificate to load from a PKCS#11 backend for this connection (e.g. via the [[PKCS11Plugin|pkcs11 plugin]]).
445 61 Tobias Brunner
     See [[PinSecret|ipsec.secrets]] for details about smartcard definitions.
446 61 Tobias Brunner
     Defining a certificate on a smartcard with _left|rightcert_ is only required if the automatic selection via _left|rightid_
447 64 Tobias Brunner
     is not sufficient, for example, if multiple certificates use the same subject.
448 64 Tobias Brunner
449 64 Tobias Brunner
p((. Since [[5.0.3]] multiple certificate paths or PKCS#11 backends can be specified in a comma separated list.
450 64 Tobias Brunner
     The daemon chooses the certificate based on the received certificate requests, if possible, before enforcing
451 23 Tobias Brunner
     the first.
452 23 Tobias Brunner
453 57 Tobias Brunner
_left|rightcert2 = <path>_
454 21 Andreas Steffen
455 1 Martin Willi
p((. Same as _left|rightcert_ but for the second authentication round (IKEv2 only).
456 33 Tobias Brunner
457 7 Martin Willi
_left|rightcertpolicy = <OIDs>_
458 66 Andreas Steffen
459 1 Martin Willi
p((. Comma separated list of certificate policy OIDs the peer's certificate must have.
460 58 Tobias Brunner
     OIDs are specified using the numerical dotted representation. Not supported for IKEv1 connections prior to [[5.0.0]].
461 58 Tobias Brunner
462 58 Tobias Brunner
_left|rightdns = <servers>_
463 58 Tobias Brunner
464 58 Tobias Brunner
p((. Comma separated list of DNS server addresses to exchange as configuration attributes. On the initiator,
465 58 Tobias Brunner
     a server is a fixed IPv4/IPv6 address, or _%config4/%config6_ to request attributes without an address.
466 58 Tobias Brunner
     On the responder, only fixed IPv4/IPv6 addresses are allowed and define DNS servers assigned to the client.
467 1 Martin Willi
     Available since [[5.0.1]].
468 23 Tobias Brunner
469 1 Martin Willi
_left|rightfirewall = yes | *no*_
470 1 Martin Willi
471 1 Martin Willi
p((. whether the _left|right_ participant is doing forwarding-firewalling (including  masquerading)
472 1 Martin Willi
     using iptables for traffic from _left|rightsubnet_, which should be turned off for traffic to the
473 1 Martin Willi
     other subnet) once the connection is established. May not be used in the same connection description with
474 1 Martin Willi
     _left|rightupdown_. Implemented as a parameter to the default _ipsec _updown_ script. Relevant only
475 1 Martin Willi
     locally, other end need not agree on it.
476 23 Tobias Brunner
477 20 Andreas Steffen
p((. If one or  both security gateways are doing forwarding firewalling (possibly including masquerading),
478 23 Tobias Brunner
     and this is specified using the firewall parameters, tunnels  established with  IPsec  are exempted from
479 57 Tobias Brunner
     it so that packets can flow unchanged through the tunnels. (This means that all subnets connected in this
480 1 Martin Willi
     manner must have distinct, non-overlapping subnet address blocks.)  This is done by the default 
481 1 Martin Willi
     _ipsec _updown_ script.
482 1 Martin Willi
483 1 Martin Willi
p((. In situations calling for more control, it may be preferable for the user to supply his own _updown_ script,
484 1 Martin Willi
     which makes the appropriate adjustments for his system.
485 1 Martin Willi
486 31 Martin Willi
_left|rightgroups = <group list>_
487 58 Tobias Brunner
488 58 Tobias Brunner
p((. a comma-separated list of group names. If the _left|rightgroups_ parameter is present then the peer must
489 57 Tobias Brunner
     be a member of at least one of the groups defined by the parameter. Groups may be used together with the
490 58 Tobias Brunner
     [[EapRadius#Group-selection|eap-radius]] plugin.
491 1 Martin Willi
492 58 Tobias Brunner
_left|rightgroups2 = <group list>_
493 58 Tobias Brunner
494 58 Tobias Brunner
p((. Same as _left|rightgroups_ but for the second authentication round defined with _left|rightauth2_.
495 1 Martin Willi
     Available since [[5.0.1]].
496 1 Martin Willi
497 1 Martin Willi
_left|righthostaccess = yes | *no*_
498 1 Martin Willi
499 1 Martin Willi
p((. inserts a pair of INPUT and OUTPUT iptables rules using the default _ipsec _updown_ script,
500 33 Tobias Brunner
     thus allowing access to the host itself in the case where the host's internal interface is part
501 23 Tobias Brunner
     of the negotiated client subnet. 
502 57 Tobias Brunner
503 73 Tobias Brunner
_left|rightid = <id>_
504 73 Tobias Brunner
505 79 Tobias Brunner
p((. how the _left|right_ participant should be identified for authentication; defaults to _left|right_ or the subject of the
506 79 Tobias Brunner
     certificate configured with _left|rightcert_.  If _left|rightcert_ is configured the identity has to be confirmed by the
507 79 Tobias Brunner
     certificate, that is, it has to match the full subject DN or one of the subjectAltName extensions contained in the
508 79 Tobias Brunner
509 1 Martin Willi
510 79 Tobias Brunner
p((. Can be an IP address, a fully-qualified domain name, an email address or a Distinguished Name for which the
511 79 Tobias Brunner
     ID type is determined automatically and the string is converted to the appropriate encoding. The rules for this
512 79 Tobias Brunner
     conversion are described on [[IdentityParsing]].  In versions before [[5.0.0]] fully-qualified domain names can be
513 79 Tobias Brunner
     preceded by an @ to avoid them being resolved to an IP address.
514 73 Tobias Brunner
515 79 Tobias Brunner
p((. In certain special situations the identity parsing above might be inadequate or produce the wrong result.
516 79 Tobias Brunner
     Examples are the need to encode a FQDN as KEY_ID or the string parser being unable to produce the correct
517 79 Tobias Brunner
     binary ASN.1 encoding of a certificate's DN. For these situations it is possible since version:5.2.2 to enforce a specific
518 79 Tobias Brunner
     identity type and to provide the binary encoding of the identity.  To do this a prefix may be used, followed by a
519 79 Tobias Brunner
     colon (:). If the number sign (#) follows the colon, the remaining data is interpreted as hex encoding, otherwise
520 79 Tobias Brunner
     the string is used as is as the identification data. *Note:* The latter implies that no conversion is performed for
521 79 Tobias Brunner
     non-string identities. For example, _ipv4: does not create a valid ID_IPV4_ADDR IKE identity, as it does not
522 79 Tobias Brunner
     get converted to binary 0x0a000001. Instead, one could use _ipv4:#0a000001_ to get a valid identity, but just using
523 79 Tobias Brunner
     the implicit type with [[IdentityParsing|automatic conversion]] is usually simpler. The same applies to the ASN.1 encoded types.
524 58 Tobias Brunner
     The following prefixes are known: _ipv4, ipv6, rfc822, email, userfqdn, fqdn, dns, asn1dn, asn1gn_ and _keyid_.
525 58 Tobias Brunner
     Custom type prefixes may be specified by surrounding the numerical type value with curly brackets.
526 58 Tobias Brunner
527 58 Tobias Brunner
p((. Since [[5.0.1]] _rightid_ for IKEv2 connections optionally takes a % as prefix in front of the identity.
528 58 Tobias Brunner
     If given it prevents the daemon from sending IDr in its IKE_AUTH request and will allow it to verify the 
529 58 Tobias Brunner
     configured identity against the subject and subjectAltNames contained in the responder's certificate (otherwise,
530 33 Tobias Brunner
     it is only compared with the IDr returned by the responder). The IDr sent by the initiator might otherwise 
531 7 Martin Willi
     prevent the responder from finding a config if it has configured a different value for _leftid_.
532 23 Tobias Brunner
533 23 Tobias Brunner
_left|rightid2 = <id>_
534 21 Andreas Steffen
535 1 Martin Willi
p((. Identity to use for the second authentication of the left participant (IKEv2 only).
536 1 Martin Willi
     Defaults to _left|rightid_.
537 1 Martin Willi
538 89 Tobias Brunner
_left|rightikeport = <port>_
539 58 Tobias Brunner
540 58 Tobias Brunner
p((. UDP port the left participant uses for IKE communication. If unspecified, port 500 is used with the port
541 63 Tobias Brunner
     floating to 4500 if a NAT is detected or MOBIKE is enabled.
542 63 Tobias Brunner
     Specifying a local IKE port different from the default additionally requires a socket implementation that
543 63 Tobias Brunner
     listens to this port. Not supported for IKEv1 connections prior to [[5.0.0]].
544 70 Tobias Brunner
545 70 Tobias Brunner
_left|rightprotoport = <protocol>/<port>_
546 67 Tobias Brunner
547 1 Martin Willi
p((. restrict the traffic selector to a single protocol and/or port.  Since [[5.1.0]] this option is deprecated
548 1 Martin Willi
     as protocol/port information can be defined for each subnet directly in _left|rightsubnet_.
549 67 Tobias Brunner
550 67 Tobias Brunner
_left|rightrsasigkey = <raw rsa public key> | <path to public key>_
551 72 Tobias Brunner
552 1 Martin Willi
p((. Since [[5.1.0]] a synonym for _left|rightsigkey_. Before that it denoted the left|right participant's public key
553 67 Tobias Brunner
for RSA signature authentication, in RFC 2537 format using hex (0x prefix) or base64 (0s prefix) encoding.
554 67 Tobias Brunner
Also accepted was the path to a file containing the public key in PEM or DER encoding.
555 72 Tobias Brunner
556 1 Martin Willi
_left|rightsigkey = <raw public key> | <path to public key>_
557 72 Tobias Brunner
558 67 Tobias Brunner
p((. Added with [[5.1.0]]. The left|right participant's public key for public key signature authentication, in PKCS#1
559 72 Tobias Brunner
format using  using hex (0x prefix) or base64 (0s prefix) encoding. With the optional _dns:_ or _ssh:_ prefix in front
560 72 Tobias Brunner
of 0x or 0s, the public key is expected in either the RFC 3110 (not the full RR, only the RSA key part) or
561 1 Martin Willi
RFC 4253 public key format, respectively.
562 1 Martin Willi
Also accepted is the path to a file containing the public key in PEM, DER or SSH encoding. Both absolute paths or
563 1 Martin Willi
paths relative to [[ipsecdirectorycerts|/etc/ipsec.d/certs]] are accepted.
564 58 Tobias Brunner
565 1 Martin Willi
_left|rightsendcert = never | no | *ifasked* | always | yes_
566 58 Tobias Brunner
567 58 Tobias Brunner
p((. Accepted values are *never* or *no*, *always* or *yes*, and *ifasked*, the latter meaning that 
568 58 Tobias Brunner
     the peer must send a certificate request (CR) payload in order to get a certificate in return.
569 58 Tobias Brunner
570 58 Tobias Brunner
_leftsourceip = %config4 | %config6 | <ip address>_
571 31 Martin Willi
572 23 Tobias Brunner
p((. The internal source IP to use in a tunnel, also known as [[VirtualIp|virtual IP]].
573 1 Martin Willi
     If the value is one of the synonyms _%config_, _%cfg_, _%modeconfig_ or _%modecfg_, an address (from
574 57 Tobias Brunner
     the tunnel address family) is requested from the peer.
575 1 Martin Willi
     Since [[5.0.1]] a comma-separated list is accepted to request multiple addresses, and with _%config4_ and
576 1 Martin Willi
     _%config6_ an address of the given address family will be requested explicitly.
577 73 Tobias Brunner
     If an IP address is configured, it will be requested from the responder, which is free to respond with a
578 7 Martin Willi
     different address.
579 23 Tobias Brunner
580 31 Martin Willi
_rightsourceip = %config | <network>/<netmask> | <from>-<to> | %poolname_
581 73 Tobias Brunner
582 73 Tobias Brunner
p((. The internal source IP to use in a tunnel for the remote peer. If the value is %config on the responder
583 1 Martin Willi
     side, the initiator must propose an address which is then echoed back. Also supported are address pools
584 73 Tobias Brunner
     expressed as _<network>/<netmask>_ and _<from>-<to>_ (since version:5.2.2) or the use of an external IP address pool
585 57 Tobias Brunner
     using _%%poolname_ where _poolname_ is the name of the IP address pool used for the lookup (see [[VirtualIp|virtual IP]] for details).
586 67 Tobias Brunner
     Since [[5.0.1]] a comma-separated list of IP addresses / pools is accepted, for instance, to define pools of
587 1 Martin Willi
     different address families.
588 1 Martin Willi
589 1 Martin Willi
_left|rightsubnet = <ip subnet>![[<proto/port>]][,...]_
590 1 Martin Willi
591 57 Tobias Brunner
p((. private subnet behind the left participant, expressed as network/netmask; if omitted, essentially assumed
592 58 Tobias Brunner
     to be _left_/32|128, signifying that the _left|right_ end of the connection goes to the _left|right_ participant only.
593 58 Tobias Brunner
     The configured subnets of the peers may differ, the protocol narrows it to the greatest common subnet.
594 58 Tobias Brunner
     Since [[5.0.0]] this is also done for IKEv1, but as this may lead to problems with other implementations,
595 58 Tobias Brunner
     make sure to configure identical subnets in such configurations.
596 1 Martin Willi
     IKEv2 supports multiple subnets separated by commas, IKEv1 only interprets the first subnet of such a definition,
597 87 Tobias Brunner
     unless the Cisco Unity extension plugin is enabled (available since version:5.0.1).  This is due to a limitation of the IKEv1
598 87 Tobias Brunner
     protocol, which only allows a single pair of subnets per CHILD_SA. So to tunnel several subnets a conn entry has
599 87 Tobias Brunner
     to be defined and brought up for each pair of subnets.
600 70 Tobias Brunner
601 70 Tobias Brunner
p((. Since [[5.1.0]] the optional part after each subnet enclosed in square brackets specifies a protocol/port to restrict
602 70 Tobias Brunner
     the selector for that subnet. *Examples:* leftsubnet=[tcp/http],[6/80] or leftsubnet=fec1::1[udp],[/53].
603 70 Tobias Brunner
     Instead of omitting either value _%any_ can be used to the same effect, e.g. leftsubnet=fec1::1[udp/%any],[%any/53].
604 70 Tobias Brunner
605 67 Tobias Brunner
p((. Since [[5.1.1]], if the protocol is _icmp_ or _ipv6-icmp_ the port is interpreted as ICMP message type if it is less than 256,
606 67 Tobias Brunner
     or as type and code if it greater or equal to 256, with the type in the most significant 8 bits and the code in the
607 67 Tobias Brunner
     least significant 8 bits.
608 67 Tobias Brunner
609 67 Tobias Brunner
p((. The port value can alternatively take the value _%opaque_ for RFC 4301 OPAQUE selectors, or a numerical range
610 67 Tobias Brunner
     in the form 1024-65535. None of the kernel backends currently supports opaque or port ranges and uses _%any_
611 67 Tobias Brunner
     for policy installation instead.
612 67 Tobias Brunner
613 23 Tobias Brunner
p((. Instead of specifying a subnet, _%dynamic_ can be used to replace it with the IKE address, having the same effect
614 21 Andreas Steffen
     as omitting _left|rightsubnet_ completely. Using _%dynamic_ can be used to define multiple dynamic selectors,
615 1 Martin Willi
     each having a potentially different protocol/port definition.
616 31 Martin Willi
617 1 Martin Willi
_left|rightupdown = <path>_
618 33 Tobias Brunner
619 33 Tobias Brunner
p((. what _updown_ script to run to adjust routing and/or firewalling when the status of the connection
620 33 Tobias Brunner
     changes (default _ipsec _updown_). Relevant only locally, other end need not agree on it.
621 33 Tobias Brunner
     Charon uses the _updown_ script to insert firewall rules only, since routing has been implemented directly
622 33 Tobias Brunner
     into the daemon.
623 33 Tobias Brunner
624 33 Tobias Brunner
h2. IKEv2 Mediation Extension Parameters
625 23 Tobias Brunner
626 23 Tobias Brunner
The following parameters are relevant to IKEv2 Mediation Extension operation only.
627 31 Martin Willi
628 57 Tobias Brunner
_mediation = yes | *no*_
629 57 Tobias Brunner
630 57 Tobias Brunner
p((. whether this connection is a mediation connection,  ie.  whether this connection is used to mediate other
631 57 Tobias Brunner
     connections.  Mediation connections create no child SA. Acceptable values  are  no (the default) and yes.
632 57 Tobias Brunner
633 21 Andreas Steffen
_mediated_by = <name>_
634 1 Martin Willi
635 31 Martin Willi
p((. the  name  of the connection to mediate this connection through. If given, the connection will  be  mediated
636 1 Martin Willi
     through  the  named mediation  connection.  The mediation connection must set *mediation=yes*.
637 57 Tobias Brunner
638 1 Martin Willi
_me_peerid = <id>_
639 1 Martin Willi
640 58 Tobias Brunner
p((. ID as which the peer is known to the mediation server, ie. which the  other end of this connection uses as
641 58 Tobias Brunner
     its leftid on its connection to the mediation server.  This is the ID we request  the mediation server to
642 58 Tobias Brunner
     mediate us with.  If me_peerid is not given, the rightid of this connection will be used as peer ID.
643 58 Tobias Brunner
644 58 Tobias Brunner
h2. Removed parameters (since 5.0.0)
645 58 Tobias Brunner
646 58 Tobias Brunner
_auth = *esp* | ah_
647 58 Tobias Brunner
648 69 Tobias Brunner
p((. whether authentication should be done as part of ESP encryption, or separately using the AH protocol.
649 69 Tobias Brunner
	Only supported by the IKEv1 daemon pluto.
650 58 Tobias Brunner
651 58 Tobias Brunner
p((. Since [[5.1.1]] the *ah* keyword can be used to configure AH with the charon IKE daemon.
652 58 Tobias Brunner
653 58 Tobias Brunner
_pfs = *yes* | no_
654 58 Tobias Brunner
655 58 Tobias Brunner
p((. whether _Perfect Forward Secrecy_ of keys is desired on the connection's keying channel (with PFS,
656 58 Tobias Brunner
     penetration of the key-exchange protocol does not compromise keys negotiated earlier). IKEv2 always uses
657 58 Tobias Brunner
     PFS for IKE_SA rekeying whereas for CHILD_SA rekeying PFS is enforced by defining a Diffie-Hellman dhgroup
658 58 Tobias Brunner
     in the _esp_ parameter.  Since [[5.0.0]] the latter also applies to IKEv1 and this parameter has no effect anymore.
659 58 Tobias Brunner
660 58 Tobias Brunner
_pfsgroup = <modp group>_
661 58 Tobias Brunner
662 58 Tobias Brunner
p((. defines a Diffie-Hellman group for _perfect forward secrecy_ in IKEv1 Quick Mode differing from the DH group
663 58 Tobias Brunner
     used for IKEv1 Main Mode (IKEv1 pluto daemon only).
664 58 Tobias Brunner
665 58 Tobias Brunner
_left|rightnexthop = %direct | %defaultroute | <ip address> | <fqdn>_
666 58 Tobias Brunner
667 58 Tobias Brunner
p((. This parameter is usually not needed any more because the NETKEY IPsec stack does not require
668 58 Tobias Brunner
     explicit routing entries for the traffic to be tunneled. If _left|sourceip_ is used with IKEv1
669 58 Tobias Brunner
     then _left|rightnexthop_ must still be set in order for the source routes to work properly.
670 58 Tobias Brunner
671 58 Tobias Brunner
_left|rightsubnetwithin = <ip subnet>_
672 1 Martin Willi
673 1 Martin Willi
p((. the  peer can propose any subnet or single IP address that fits within the range defined by
674 1 Martin Willi
     _left|rightsubnetwithin_.  Is a synonym for _left|rightsubnet_ since [[5.0.0]], as subnets are narrowed.