ipsec.conf: conn Reference » History » Version 93
Tobias Brunner, 15.11.2017 14:59
1 | 50 | Tobias Brunner | {{title(ipsec.conf: conn Reference)}} |
---|---|---|---|
2 | 49 | Tobias Brunner | |
3 | 49 | Tobias Brunner | h1. ipsec.conf: conn <name> |
4 | 1 | Martin Willi | |
5 | 44 | Tobias Brunner | {{>toc}} |
6 | 1 | Martin Willi | |
7 | 44 | Tobias Brunner | h2. General Connection Parameters |
8 | 21 | Andreas Steffen | |
9 | 36 | Andreas Steffen | _aaa_identity = <id>_ |
10 | 36 | Andreas Steffen | |
11 | 36 | Andreas Steffen | p((. defines the identity of the AAA backend used during IKEv2 EAP authentication. This is required if |
12 | 36 | Andreas Steffen | the EAP client uses a method that verifies the server identity (such as EAP-TLS), but it does not |
13 | 36 | Andreas Steffen | match the IKEv2 gateway identity. |
14 | 36 | Andreas Steffen | |
15 | 68 | Tobias Brunner | _ah = <cipher suites>_ |
16 | 68 | Tobias Brunner | |
17 | 68 | Tobias Brunner | p((. comma-separated list of AH algorithms to be used for the connection, e.g. _sha1-sha256-modp1024_. |
18 | 68 | Tobias Brunner | The notation is integrity[-dhgroup]. For IKEv2, multiple algorithms (separated by -) of the same type |
19 | 68 | Tobias Brunner | can be included in a single proposal. IKEv1 only includes the first algorithm in a proposal. |
20 | 68 | Tobias Brunner | Only either the *ah* or the *esp* keyword may be used, AH+ESP bundles are not supported. |
21 | 68 | Tobias Brunner | |
22 | 76 | Tobias Brunner | p((. There is no default AH cipher suite since by default ESP is used. The daemon adds its extensive default |
23 | 76 | Tobias Brunner | proposal to the configured value. To restrict it to the configured proposal an exclamation mark (!) can |
24 | 76 | Tobias Brunner | be added at the end. |
25 | 83 | Tobias Brunner | *Note:* As a responder, the daemon defaults to selecting the first configured proposal that's also |
26 | 83 | Tobias Brunner | supported by the peer. By disabling _charon.prefer_configured_proposals_ in [[strongswan.conf]] this may |
27 | 83 | Tobias Brunner | be changed to selecting the first acceptable proposal sent by the peer instead. |
28 | 83 | Tobias Brunner | In order to restrict a responder to only accept specific cipher suites, the strict flag (!, exclamation mark) |
29 | 1 | Martin Willi | can be used, e.g: sha256-sha512-modp2048! |
30 | 68 | Tobias Brunner | |
31 | 83 | Tobias Brunner | p((. If dh-group is specified, CHILD_SA/Quick Mode setup and rekeying include a separate Diffe-Hellman |
32 | 83 | Tobias Brunner | exchange (refer to _esp_ for details). |
33 | 68 | Tobias Brunner | |
34 | 68 | Tobias Brunner | p((. Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords. |
35 | 68 | Tobias Brunner | |
36 | 68 | Tobias Brunner | p((. Available since [[5.1.1]]. |
37 | 68 | Tobias Brunner | |
38 | 58 | Tobias Brunner | _aggressive = yes | *no*_ |
39 | 58 | Tobias Brunner | |
40 | 58 | Tobias Brunner | p((. whether to use IKEv1 Aggressive or Main Mode (the default). Available since [[5.0.0]]. |
41 | 58 | Tobias Brunner | |
42 | 80 | Tobias Brunner | _also = <name>_ |
43 | 1 | Martin Willi | |
44 | 80 | Tobias Brunner | p((. includes conn section <name>. Some aspects of this changed with version:5.2.0 (refer to [[IpsecConf#Reusing-Existing-Parameters]] for details). |
45 | 80 | Tobias Brunner | |
46 | 1 | Martin Willi | |
47 | 58 | Tobias Brunner | _authby = *pubkey* | rsasig | ecdsasig | psk | secret | xauthrsasig | xauthpsk | never_ |
48 | 24 | Andreas Steffen | |
49 | 31 | Martin Willi | p((. how the two security gateways should authenticate each other; acceptable values are *secret* or *psk* |
50 | 58 | Tobias Brunner | for pre-shared secrets, *pubkey* (the default) for public key signatures as well as the synonyms *rsasig* |
51 | 58 | Tobias Brunner | for RSA digital signatures and *ecdsasig* for Elliptic Curve DSA signatures. |
52 | 58 | Tobias Brunner | *never* can be used if negotiation is never to be attempted or accepted (useful for shunt-only conns). |
53 | 58 | Tobias Brunner | Digital signatures are superior in every way to shared secrets. IKEv1 additionally supports the values |
54 | 58 | Tobias Brunner | *xauthpsk* and *xauthrsasig* that will enable _eXtended Authentication (XAuth)_ in addition to IKEv1 main |
55 | 58 | Tobias Brunner | mode based on shared secrets or digital RSA signatures, respectively. |
56 | 58 | Tobias Brunner | This parameter is deprecated for IKEv2 connections (and IKEv1 connections since [[5.0.0]]), as two peers |
57 | 58 | Tobias Brunner | do not need to agree on an authentication method. Use the _left|rightauth_ parameter instead to define |
58 | 58 | Tobias Brunner | authentication methods. |
59 | 1 | Martin Willi | |
60 | 31 | Martin Willi | _auto = *ignore* | add | route | start_ |
61 | 23 | Tobias Brunner | |
62 | 1 | Martin Willi | p((. what operation, if any, should be done automatically at IPsec startup. *add* loads a connection without |
63 | 21 | Andreas Steffen | starting it. *route* loads a connection and installs kernel traps. If traffic is detected between |
64 | 21 | Andreas Steffen | _leftsubnet_ and _rightsubnet_, a connection is established. *start* loads a connection and brings |
65 | 58 | Tobias Brunner | it up immediately. *ignore* ignores the connection. This is equal to deleting a connection from the config |
66 | 57 | Tobias Brunner | file. Relevant only locally, other end need not agree on it. |
67 | 1 | Martin Willi | |
68 | 23 | Tobias Brunner | _closeaction = *none* | clear | hold | restart_ |
69 | 47 | Tobias Brunner | |
70 | 85 | James Birkett | p((. defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see _dpdaction_ for |
71 | 1 | Martin Willi | meaning of values). A _closeaction_ should not be used if the peer uses reauthentication or uniqueids checking, |
72 | 85 | James Birkett | as these events might trigger the defined action when not desired. Prior to version:5.1.0, _closeaction_ was |
73 | 85 | James Birkett | not supported for IKEv1 connections. |
74 | 47 | Tobias Brunner | |
75 | 23 | Tobias Brunner | _compress = yes | *no*_ |
76 | 31 | Martin Willi | |
77 | 23 | Tobias Brunner | p((. whether IPComp compression of content is proposed on the connection (link-level compression does not work on |
78 | 57 | Tobias Brunner | encrypted data, so to be effective, compression must be done before encryption). A value of *yes* causes the daemon |
79 | 57 | Tobias Brunner | to propose both compressed and uncompressed, and prefer compressed. A value of *no* prevents the daemon from proposing or accepting compression. |
80 | 1 | Martin Willi | |
81 | 21 | Andreas Steffen | _dpdaction = *none* | clear | hold | restart_ |
82 | 21 | Andreas Steffen | |
83 | 21 | Andreas Steffen | p((. controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages |
84 | 1 | Martin Willi | (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the |
85 | 81 | Tobias Brunner | IPsec peer. The values *clear*, *hold*, and *restart* all activate DPD and determine the action to perform on a timeout. |
86 | 81 | Tobias Brunner | With *clear* the connection is closed with no further actions taken. *hold* installs a trap policy, which will catch |
87 | 81 | Tobias Brunner | matching traffic and tries to re-negotiate the connection on demand. *restart* will immediately trigger an attempt |
88 | 81 | Tobias Brunner | to re-negotiate the connection. The default is *none* which disables the active sending of DPD messages. |
89 | 21 | Andreas Steffen | |
90 | 21 | Andreas Steffen | _dpddelay = *30s* | <time>_ |
91 | 41 | Tobias Brunner | |
92 | 1 | Martin Willi | p((. defines the period time interval with which R_U_THERE messages/INFORMATIONAL exchanges are sent to the peer. |
93 | 31 | Martin Willi | These are only sent if no other traffic is received. In IKEv2, a value of 0 sends no additional INFORMATIONAL |
94 | 1 | Martin Willi | messages and uses only standard messages (such as those to rekey) to detect dead peers. |
95 | 30 | Martin Willi | |
96 | 31 | Martin Willi | _dpdtimeout = *150s* | <time>_ |
97 | 30 | Martin Willi | |
98 | 54 | Andreas Steffen | p((. defines the timeout interval, after which all connections to a peer are deleted in case of inactivity. |
99 | 23 | Tobias Brunner | This only applies to IKEv1, in IKEv2 the default [[Retransmission|retransmission timeout]] applies, as every exchange is used to |
100 | 41 | Tobias Brunner | detect dead peers. |
101 | 1 | Martin Willi | |
102 | 1 | Martin Willi | _inactivity = <time>_ |
103 | 65 | Andreas Steffen | |
104 | 1 | Martin Willi | p((. defines the timeout interval, after which a CHILD_SA is closed if it did not send or receive any traffic. |
105 | 41 | Tobias Brunner | Not supported for IKEv1 connections prior to [[5.0.0]]. |
106 | 1 | Martin Willi | |
107 | 23 | Tobias Brunner | _eap_identity = <id>_ |
108 | 1 | Martin Willi | |
109 | 31 | Martin Willi | p((. defines the identity the client uses to reply to an EAP Identity request. If defined on the EAP server, the defined |
110 | 23 | Tobias Brunner | identity will be used as peer identity during EAP authentication. The special value _%identity_ uses the EAP Identity method |
111 | 14 | Martin Willi | to ask the client for a EAP identity. If not defined, the IKEv2 identity will be used as EAP identity. |
112 | 1 | Martin Willi | |
113 | 1 | Martin Willi | _esp = <cipher suites>_ |
114 | 57 | Tobias Brunner | |
115 | 48 | Tobias Brunner | p((. comma-separated list of ESP encryption/authentication algorithms to be used for the connection, e.g. |
116 | 1 | Martin Willi | _aes128-sha256_. The notation is _encryption-integrity[-dhgroup][-esnmode]_. |
117 | 68 | Tobias Brunner | For IKEv2, multiple algorithms (separated by -) of the same type can be included in a single proposal. |
118 | 68 | Tobias Brunner | IKEv1 only includes the first algorithm in a proposal. Only either the *ah* or the *esp* keyword may |
119 | 1 | Martin Willi | be used, AH+ESP bundles are not supported. |
120 | 1 | Martin Willi | |
121 | 1 | Martin Willi | p((. Defaults to *aes128-sha256* (_aes128-sha1,3des-sha1_ before version:5.4.0). The daemon adds its extensive default |
122 | 1 | Martin Willi | proposal to this default or the configured value. To restrict it to the configured proposal an exclamation mark (*!*) |
123 | 1 | Martin Willi | can be added at the end. |
124 | 83 | Tobias Brunner | *Note:* As a responder, the daemon defaults to selecting the first configured proposal that's also |
125 | 83 | Tobias Brunner | supported by the peer. By disabling _charon.prefer_configured_proposals_ in [[strongswan.conf]] this may |
126 | 83 | Tobias Brunner | be changed to selecting the first acceptable proposal sent by the peer instead. |
127 | 83 | Tobias Brunner | In order to restrict a responder to only accept specific cipher suites, the strict flag (*!*, exclamation mark) |
128 | 1 | Martin Willi | can be used, e.g: _aes256-sha512-modp4096!_ |
129 | 1 | Martin Willi | |
130 | 83 | Tobias Brunner | p((. If _dh-group_ is specified, CHILD_SA rekeying and initial negotiation include a separate Diffe-Hellman |
131 | 83 | Tobias Brunner | exchange (since [[5.0.0]] this also applies to IKEv1 Quick Mode). However, for IKEv2, the keys of the CHILD_SA |
132 | 83 | Tobias Brunner | created implicitly with the IKE_SA will always be derived from the IKE_SA's key material. So any DH group |
133 | 83 | Tobias Brunner | specified here will only apply when the CHILD_SA is later rekeyed or is created with a separate CREATE_CHILD_SA |
134 | 83 | Tobias Brunner | exchange. Therefore, a proposal mismatch might not immediately be noticed when the SA is established, |
135 | 83 | Tobias Brunner | but may later cause rekeying to fail. |
136 | 68 | Tobias Brunner | |
137 | 83 | Tobias Brunner | p((. Valid values for _esnmode_ are _esn_ and _noesn_. Specifying both negotiates extended sequence |
138 | 48 | Tobias Brunner | number support with the peer, the default is *noesn*. |
139 | 1 | Martin Willi | |
140 | 68 | Tobias Brunner | p((. Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords. |
141 | 68 | Tobias Brunner | |
142 | 1 | Martin Willi | _forceencaps = yes | *no*_ |
143 | 48 | Tobias Brunner | |
144 | 48 | Tobias Brunner | p((. force UDP encapsulation for ESP packets even if no NAT situation is detected. |
145 | 43 | Tobias Brunner | This may help to surmount restrictive firewalls. In order to force the peer to |
146 | 57 | Tobias Brunner | encapsulate packets, NAT detection payloads are faked. |
147 | 65 | Andreas Steffen | Not supported for IKEv1 connections prior to [[5.0.0]]. |
148 | 1 | Martin Willi | |
149 | 88 | Tobias Brunner | _fragmentation = *yes* | accept | force | no_ |
150 | 60 | Tobias Brunner | |
151 | 1 | Martin Willi | p((. whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2 fragmentation as per "RFC 7383":http://tools.ietf.org/html/rfc7383). |
152 | 88 | Tobias Brunner | Fragmented messages sent by a peer are always processed irrespective of the value of this option (even when set to *no*). |
153 | 88 | Tobias Brunner | If set to *yes* (the default since version:5.5.1) and the peer supports it, oversized IKE messages will be sent in fragments (the |
154 | 88 | Tobias Brunner | maximum fragment size can be configured in [[strongswan.conf]]). If set to *accept* (available since version:5.5.3) support for |
155 | 88 | Tobias Brunner | fragmentation is announced to the peer but the daemon does not send its own messages in fragments. |
156 | 88 | Tobias Brunner | If set to *force* (only supported for IKEv1) the initial IKE message will already be fragmented if required. |
157 | 74 | Tobias Brunner | Available for IKEv1 connections since version:5.0.2 and for IKEv2 connections since version:5.2.1. |
158 | 60 | Tobias Brunner | |
159 | 31 | Martin Willi | _ike = <cipher suites>_ |
160 | 1 | Martin Willi | |
161 | 1 | Martin Willi | p((. comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms to be used, e.g. |
162 | 82 | Tobias Brunner | _aes128-sha256-modp3072_. The notation is _encryption-integrity[-prf]-dhgroup_. In IKEv2, multiple algorithms |
163 | 82 | Tobias Brunner | and proposals may be included, such as _aes128-aes256-sha1-modp3072-modp2048,3des-sha1-md5-modp1024_. |
164 | 59 | Tobias Brunner | |
165 | 1 | Martin Willi | p((. The ability to configure a PRF algorithm different to that defined for integrity protection was added with [[5.0.2]]. |
166 | 59 | Tobias Brunner | If no PRF is configured, the algorithms defined for integrity are proposed as PRF. The prf keywords are the same as |
167 | 59 | Tobias Brunner | the integrity algorithms, but have a _prf_ prefix (such as _prfsha1_, _prfsha256_ or _prfaesxcbc_). |
168 | 59 | Tobias Brunner | |
169 | 82 | Tobias Brunner | p((. Defaults to *aes128-sha256-modp3072* (_aes128-sha1-modp2048,3des-sha1-modp1536_ before version:5.4.0) for IKEv1. |
170 | 82 | Tobias Brunner | The daemon adds its extensive default proposal to this default or the configured value. To restrict it to the |
171 | 82 | Tobias Brunner | configured proposal an exclamation mark (*!*) can be added at the end. |
172 | 59 | Tobias Brunner | Refer to [[IKEv1CipherSuites]] and [[IKEv2CipherSuites]] for a list of valid keywords. |
173 | 59 | Tobias Brunner | |
174 | 59 | Tobias Brunner | p((. *Note*: As a responder both daemons accept the first supported proposal received from the peer. In order |
175 | 51 | Tobias Brunner | to restrict a responder to only accept specific cipher suites, the strict flag (*!*, exclamation mark) |
176 | 48 | Tobias Brunner | can be used, e.g: _aes256-sha512-modp4096!_ |
177 | 51 | Tobias Brunner | |
178 | 62 | Tobias Brunner | _ikedscp = *000000* | <DSCP field>_ |
179 | 62 | Tobias Brunner | |
180 | 62 | Tobias Brunner | p((. Differentiated Services Field Codepoint to set on outgoing IKE packets sent |
181 | 62 | Tobias Brunner | from this connection. The value is a six digit binary encoded string defining |
182 | 62 | Tobias Brunner | the Codepoint to set, as defined in "RFC 2474":http://tools.ietf.org/html/rfc2474. |
183 | 62 | Tobias Brunner | |
184 | 48 | Tobias Brunner | _ikelifetime = *3h* | <time>_ |
185 | 43 | Tobias Brunner | |
186 | 58 | Tobias Brunner | p((. how long the keying channel of a connection (_ISAKMP or IKE SA_) should last before being renegotiated. |
187 | 58 | Tobias Brunner | Also see [[ExpiryRekey|Expiry and Rekey]]. |
188 | 31 | Martin Willi | |
189 | 40 | Tobias Brunner | _installpolicy = *yes* | no_ |
190 | 1 | Martin Willi | |
191 | 58 | Tobias Brunner | p((. decides whether IPsec policies are installed in the kernel by the charon daemon for a given connection. |
192 | 31 | Martin Willi | Allows peaceful cooperation e.g. with the Mobile IPv6 _mip6d_ daemon who wants to control the kernel policies. |
193 | 23 | Tobias Brunner | |
194 | 21 | Andreas Steffen | _keyexchange = *ike* | ikev1 | ikev2_ |
195 | 1 | Martin Willi | |
196 | 23 | Tobias Brunner | p((. method of key exchange; which protocol should be used to initialize the connection. |
197 | 58 | Tobias Brunner | Prior to [[5.0.0]] connections marked with *ikev1* were initiated with Pluto, those marked with *ikev2* with Charon. |
198 | 58 | Tobias Brunner | An incoming request from the remote peer was handled by the correct daemon, unaffected from the _keyexchange_ setting. |
199 | 57 | Tobias Brunner | Starting with strongSwan [[4.5.0]] the default value *ike* is a synonym for *ikev2*, whereas in older strongSwan releases *ikev1* was assumed. |
200 | 57 | Tobias Brunner | Since [[5.0.0]] both protocols are handled by Charon and connections marked with *ike* will use IKEv2 when initiating, but accept any protocol version when responding. |
201 | 38 | Andreas Steffen | |
202 | 38 | Andreas Steffen | _keyingtries = *3* | <number> | %forever_ |
203 | 20 | Andreas Steffen | |
204 | 45 | Tobias Brunner | p((. how many attempts (a positive integer or _%forever_) should be made to negotiate a connection, or a replacement |
205 | 31 | Martin Willi | for one, before giving up (default 3). The value _%forever_ means 'never give up'. Relevant only locally, other end need |
206 | 46 | Daniel Mentz | not agree on it. |
207 | 45 | Tobias Brunner | |
208 | 1 | Martin Willi | _keylife_ |
209 | 26 | Tobias Brunner | |
210 | 31 | Martin Willi | p((. synonym for _lifetime_. |
211 | 26 | Tobias Brunner | |
212 | 26 | Tobias Brunner | _lifebytes = <number>_ |
213 | 31 | Martin Willi | |
214 | 65 | Andreas Steffen | p((. the number of bytes transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to [[5.0.0]]. |
215 | 26 | Tobias Brunner | |
216 | 26 | Tobias Brunner | _lifepackets = <number>_ |
217 | 1 | Martin Willi | |
218 | 65 | Andreas Steffen | p((. the number of packets transmitted over an IPsec SA before it expires. Not supported for IKEv1 connections prior to [[5.0.0]]. |
219 | 1 | Martin Willi | |
220 | 31 | Martin Willi | _lifetime = *1h* | <time>_ |
221 | 26 | Tobias Brunner | |
222 | 31 | Martin Willi | p((. how long a particular instance of a connection (a set of encryption/authentication keys for user packets) |
223 | 1 | Martin Willi | should last, from successful negotiation to expiry; acceptable values are an integer optionally followed by |
224 | 1 | Martin Willi | _s_ (a time in seconds) or a decimal number followed by _m_, _h_, or _d_ (a time in minutes, hours, |
225 | 21 | Andreas Steffen | or days respectively) (default _1h_, maximum _24h_). Normally, the connection is renegotiated (via the |
226 | 1 | Martin Willi | keying channel) before it expires (see _margintime_). The two ends need not exactly agree on _lifetime_, although if they |
227 | 1 | Martin Willi | do not, there will be some clutter of superseded connections on the end which thinks the lifetime is longer. |
228 | 1 | Martin Willi | Also see [[ExpiryRekey|Expiry and Rekey]]. |
229 | 40 | Tobias Brunner | |
230 | 1 | Martin Willi | _marginbytes = <number>_ |
231 | 26 | Tobias Brunner | |
232 | 57 | Tobias Brunner | p((. how many bytes before IPsec SA expiry (see _lifebytes_) should attempts to negotiate a replacement begin. |
233 | 26 | Tobias Brunner | |
234 | 26 | Tobias Brunner | _marginpackets = <number>_ |
235 | 26 | Tobias Brunner | |
236 | 57 | Tobias Brunner | p((. how many packets before IPsec SA expiry (see _lifepackets_) should attempts to negotiate a replacement begin. |
237 | 26 | Tobias Brunner | |
238 | 40 | Tobias Brunner | _margintime = *9m* | <time>_ |
239 | 1 | Martin Willi | |
240 | 1 | Martin Willi | p((. how long before connection expiry or keying-channel expiry should attempts to negotiate a replacement begin; acceptable values |
241 | 26 | Tobias Brunner | as for _lifetime_ (default _9m_). Relevant only locally, other end need not agree on it. Also see [[ExpiryRekey|Expiry and Rekey]]. |
242 | 35 | Andreas Steffen | |
243 | 35 | Andreas Steffen | _mark = <value>[/<mask>]_ |
244 | 37 | Tobias Brunner | |
245 | 92 | Tobias Brunner | p((. sets an XFRM mark on the inbound policy (before version:5.5.2 also on the IPsec SA) and outbound IPsec SA and policy. |
246 | 92 | Tobias Brunner | If the mask is missing then a default mask of *0xffffffff* is assumed. Since version:5.3.0 the special value *%unique* |
247 | 92 | Tobias Brunner | assigns a unique value to each newly created IPsec SA (used e.g. in combination with the [[forecast]] or |
248 | 92 | Tobias Brunner | [[connmark]] plugins). To additionally make the mark unique for each IPsec SA direction (in/out) the special value |
249 | 92 | Tobias Brunner | *%unique-dir* may be used since version:5.6.0. |
250 | 35 | Andreas Steffen | |
251 | 57 | Tobias Brunner | _mark_in = <value>[/<mask>]_ |
252 | 1 | Martin Willi | |
253 | 92 | Tobias Brunner | p((. sets an XFRM mark on the inbound policy (and before version:5.5.2 also on the inbound SA). If the mask is missing then |
254 | 57 | Tobias Brunner | a default mask of *0xffffffff* is assumed. |
255 | 57 | Tobias Brunner | |
256 | 39 | Gerd v. Egidy | _mark_out = <value>[/<mask>]_ |
257 | 35 | Andreas Steffen | |
258 | 92 | Tobias Brunner | p((. sets an XFRM mark on the outbound IPsec SA and policy. If the mask is missing then |
259 | 23 | Tobias Brunner | a default mask of *0xffffffff* is assumed. |
260 | 31 | Martin Willi | |
261 | 21 | Andreas Steffen | _mobike = *yes* | no_ |
262 | 1 | Martin Willi | |
263 | 1 | Martin Willi | p((. enables the IKEv2 [[MobIke|MOBIKE]] protocol defined by RFC 4555. If set to *no*, the charon |
264 | 23 | Tobias Brunner | daemon will not actively propose [[MobIke|MOBIKE]] as initiator and ignore the MOBIKE_SUPPORTED |
265 | 31 | Martin Willi | notify as responder. |
266 | 23 | Tobias Brunner | |
267 | 57 | Tobias Brunner | _modeconfig = push | *pull*_ |
268 | 21 | Andreas Steffen | |
269 | 1 | Martin Willi | p((. defines which mode is used to assign a virtual IP. Currently relevant for IKEv1 only since IKEv2 always uses |
270 | 1 | Martin Willi | the configuration payload in *pull* mode. Cisco VPN gateways usually operate in *push* mode. |
271 | 70 | Tobias Brunner | In versions prior to [[5.1.1]] the charon daemon did not support *push* mode. |
272 | 87 | Tobias Brunner | This setting must be the same on both sides. |
273 | 57 | Tobias Brunner | |
274 | 21 | Andreas Steffen | _reauth = *yes* | no_ |
275 | 31 | Martin Willi | |
276 | 20 | Andreas Steffen | p((. whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. |
277 | 1 | Martin Willi | In IKEv2, a value of *no* rekeys without uninstalling the IPsec SAs, a value of *yes* (the default) |
278 | 23 | Tobias Brunner | creates a new IKE_SA from scratch and tries to recreate all IPsec SAs. |
279 | 23 | Tobias Brunner | |
280 | 1 | Martin Willi | _rekey = *yes* | no_ |
281 | 1 | Martin Willi | |
282 | 1 | Martin Willi | p((. whether a connection should be renegotiated when it is about to expire. The two ends need not agree, but |
283 | 1 | Martin Willi | while a value of no prevents the daemon from requesting renegotiation, it does not prevent responding |
284 | 58 | Tobias Brunner | to renegotiation requested from the other end, so no will be largely ineffective unless both ends agree on it. |
285 | 58 | Tobias Brunner | Also see _reauth_. |
286 | 1 | Martin Willi | |
287 | 1 | Martin Willi | _rekeyfuzz = *100%* | <percentage>_ |
288 | 1 | Martin Willi | |
289 | 31 | Martin Willi | p((. maximum percentage by which _marginbytes_, _marginpackets_ and _margintime_ should be randomly increased to randomize |
290 | 1 | Martin Willi | rekeying intervals (important for hosts with many connections); acceptable values are an integer, which may exceed 100, |
291 | 4 | Martin Willi | followed by a '%' . |
292 | 77 | Juergen Seifert | The value of _marginTYPE_, after this random increase, must not exceed _lifeTYPE_ (where TYPE is one of bytes, packets or time). |
293 | 31 | Martin Willi | The value _0%_ will suppress randomization. Relevant only locally, other end need not agree on it. |
294 | 1 | Martin Willi | Also see [[ExpiryRekey|Expiry and Rekey]]. |
295 | 1 | Martin Willi | |
296 | 1 | Martin Willi | _rekeymargin_ |
297 | 1 | Martin Willi | |
298 | 1 | Martin Willi | p((. synonym for _margintime_. |
299 | 1 | Martin Willi | |
300 | 71 | Tobias Brunner | _replay_window = -1 | <number>_ |
301 | 71 | Tobias Brunner | |
302 | 71 | Tobias Brunner | p((. The IPsec replay window size for this connection. With the default of -1 the value configured with _charon.replay_window_ in |
303 | 71 | Tobias Brunner | [[strongswan.conf]] is used. Larger values than 32 are supported using the Netlink backend only, a value of 0 disables IPsec |
304 | 90 | Tobias Brunner | replay protection. Available since version:5.2.0. |
305 | 1 | Martin Willi | |
306 | 1 | Martin Willi | _reqid = <number>_ |
307 | 1 | Martin Willi | |
308 | 1 | Martin Willi | p((. sets the reqid for a given connection to a pre-configured fixed value. |
309 | 88 | Tobias Brunner | |
310 | 88 | Tobias Brunner | _sha256_96 = *no* | yes_ |
311 | 88 | Tobias Brunner | |
312 | 88 | Tobias Brunner | p((. HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility with implementations that incorrectly use 96-bit |
313 | 88 | Tobias Brunner | truncation this option may be enabled to configure the shorter truncation length in the kernel. This is not negotiated, so this |
314 | 90 | Tobias Brunner | only works with peers that use the incorrect truncation length (or have this option enabled). Available since version:5.5.3. |
315 | 57 | Tobias Brunner | |
316 | 1 | Martin Willi | _tfc = <value>_ |
317 | 57 | Tobias Brunner | |
318 | 57 | Tobias Brunner | p((. number of bytes to pad ESP payload data to. Traffic Flow Confidentiality is currently supported in IKEv2 and applies to outgoing packets only. The special value %mtu fills up ESP packets with padding to have the size of the MTU. |
319 | 57 | Tobias Brunner | |
320 | 57 | Tobias Brunner | _type = *tunnel* | transport | transport_proxy | passthrough | drop_ |
321 | 1 | Martin Willi | |
322 | 1 | Martin Willi | p((. the type of the connection; currently the accepted values are *tunnel*, signifying a host-to-host, |
323 | 1 | Martin Willi | host-to-subnet, or subnet-to-subnet tunnel; *transport*, signifying host-to-host transport mode; |
324 | 31 | Martin Willi | *transport_proxy*, signifying the special Mobile IPv6 transport proxy mode; |
325 | 23 | Tobias Brunner | *passthrough*, signifying that no IPsec processing should be done at all; *drop*, signifying that packets |
326 | 41 | Tobias Brunner | should be discarded. |
327 | 34 | Tobias Brunner | |
328 | 57 | Tobias Brunner | _xauth = *client* | server_ |
329 | 21 | Andreas Steffen | |
330 | 1 | Martin Willi | p((. specifies the role in the XAuth protocol if activated by _authby=xauthpsk_ or _authby=xauthrsasig_. |
331 | 21 | Andreas Steffen | |
332 | 23 | Tobias Brunner | _xauth_identity = <id>_ |
333 | 20 | Andreas Steffen | |
334 | 53 | Tobias Brunner | p((. defines the identity/username the client uses to reply to an XAuth request. If not defined, the IKEv1 identity will be used as XAuth identity. |
335 | 23 | Tobias Brunner | |
336 | 20 | Andreas Steffen | h2. left|right End Parameters |
337 | 1 | Martin Willi | |
338 | 1 | Martin Willi | Connection descriptions are defined in terms of a left endpoint and a right endpoint. For example, the |
339 | 1 | Martin Willi | two parameters leftid and rightid specify the identity of the left and the right endpoint. For every |
340 | 52 | Tobias Brunner | connection description an attempt is made to figure out whether the local endpoint should act as the left or |
341 | 52 | Tobias Brunner | the right endpoint. This is done by matching the IP addresses defined for both endpoints with the |
342 | 1 | Martin Willi | IP addresses assigned to local network interfaces. If a match is found then the role (left or right) that |
343 | 1 | Martin Willi | matches is going to be considered "local". If no match is found during startup, "left" is considered "local". |
344 | 1 | Martin Willi | |
345 | 70 | Tobias Brunner | _left|right = <ip address> | <fqdn> | *%any* | range | subnet_ |
346 | 52 | Tobias Brunner | |
347 | 70 | Tobias Brunner | p((. The IP address of the participant's public-network interface or one of several magic values. |
348 | 57 | Tobias Brunner | The value _%any_ for the local endpoint signifies an address to be filled in |
349 | 52 | Tobias Brunner | (by automatic keying) during negotiation. If the local peer initiates the connection setup the routing table |
350 | 23 | Tobias Brunner | will be queried to determine the correct local IP address. In case the local peer is responding to a connection |
351 | 1 | Martin Willi | setup then any IP address that is assigned to a local interface will be accepted. |
352 | 1 | Martin Willi | |
353 | 58 | Tobias Brunner | p((. Prior to [[5.0.0]] specifying _%%any_ for the local endpoint was not supported for IKEv1 connections, instead |
354 | 58 | Tobias Brunner | the keyword _%%defaultroute_ could be used, causing the value to be filled in automatically with the local |
355 | 58 | Tobias Brunner | address of the default-route interface (as determined at IPsec startup time and during configuration |
356 | 57 | Tobias Brunner | update). Either left or right may be _%defaultroute_, but not both. |
357 | 57 | Tobias Brunner | |
358 | 1 | Martin Willi | p((. The prefix % in front of a fully-qualified domain name or an IP address will implicitly set _left|rightallowany=yes_. |
359 | 1 | Martin Willi | |
360 | 1 | Martin Willi | p((. If _%any_ is used for the remote endpoint it literally means any IP address. |
361 | 70 | Tobias Brunner | |
362 | 86 | Tobias Brunner | p((. If an FQDN is assigned it is resolved every time a configuration lookup is done. If DNS resolution times out, |
363 | 86 | Tobias Brunner | the lookup is delayed for that time. |
364 | 86 | Tobias Brunner | |
365 | 70 | Tobias Brunner | p((. Since [[5.1.1]] connections can be limited to a specific range of hosts. To do so a range (10.1.0.0-10.2.255.255) |
366 | 70 | Tobias Brunner | or a subnet (10.1.0.0/16) can be specified, and multiple addresses, ranges and subnets can be separated by commas. |
367 | 70 | Tobias Brunner | While one can freely combine these items, to initiate the connection at least one non-range/subnet is required. |
368 | 1 | Martin Willi | |
369 | 31 | Martin Willi | p((. Please note that with the usage of wildcards multiple connection descriptions might match a given incoming |
370 | 33 | Tobias Brunner | connection attempt. The most specific description is used in that case. |
371 | 33 | Tobias Brunner | |
372 | 33 | Tobias Brunner | _left|rightallowany = yes | *no*_ |
373 | 1 | Martin Willi | |
374 | 29 | Daniel Mentz | p((. a modifier for _left|right_, making it behave as _%any_ although a concrete IP address has been |
375 | 1 | Martin Willi | assigned. Recommended for dynamic IP addresses that can be resolved by DynDNS at IPsec startup or update time. |
376 | 1 | Martin Willi | |
377 | 1 | Martin Willi | _left|rightauth = <auth method>_ |
378 | 1 | Martin Willi | |
379 | 1 | Martin Willi | p((. Authentication method to use locally (left) or require from the remote (right) side. Acceptable values are *pubkey* |
380 | 1 | Martin Willi | for public key encryption (RSA/ECDSA), *psk* for pre-shared key authentication, *eap* to [require the] use of the Extensible Authentication Protocol, and *xauth* for IKEv1 eXtended Authentication. |
381 | 1 | Martin Willi | |
382 | 1 | Martin Willi | p((. To require a trustchain public key strength for the remote side, specify the key type followed |
383 | 1 | Martin Willi | by the minimum strength in bits (for example *ecdsa-384* or *rsa-2048-ecdsa-256*). |
384 | 75 | Tobias Brunner | To limit the acceptable set of hashing algorithms for trustchain validation, append hash algorithms |
385 | 75 | Tobias Brunner | to *pubkey* or a key strength definition (for example *pubkey-sha1-sha256* or *rsa-2048-ecdsa-256-sha256-sha384-sha512*). |
386 | 82 | Tobias Brunner | Since version:5.3.0 and unless disabled in [[strongswan.conf]], or explicit IKEv2 signature constraints are |
387 | 82 | Tobias Brunner | configured (see below), such key types and hash algorithms are also applied as constraints against IKEv2 signature |
388 | 82 | Tobias Brunner | authentication schemes used by the remote side. |
389 | 1 | Martin Willi | |
390 | 1 | Martin Willi | p((. Since version:5.3.0 and if both peers support "RFC 7427":http://tools.ietf.org/html/rfc7427 ("Signature Authentication in IKEv2") specific hash |
391 | 82 | Tobias Brunner | algorithms to be used during IKEv2 authentication may be configured. The syntax is the same as above, |
392 | 82 | Tobias Brunner | but with _ike:_ prefix (before version:5.4.0 without that prefix). |
393 | 82 | Tobias Brunner | For example, with _ike:pubkey-sha384-sha256_ a public key signature scheme with either SHA-384 or SHA-256 |
394 | 75 | Tobias Brunner | would get used for authentication, in that order and depending on the hash algorithms supported by the peer. |
395 | 75 | Tobias Brunner | If no specific hash algorithms are configured, the default is to prefer an algorithm that matches or exceeds |
396 | 75 | Tobias Brunner | the strength of the signature key. |
397 | 82 | Tobias Brunner | If no constraints with _ike:_ prefix are configured any signature scheme constraint (without _ike:_ prefix) will |
398 | 82 | Tobias Brunner | also apply to IKEv2 authentication, unless this is disabled in [[strongswan.conf]] (this is also the behavior before |
399 | 82 | Tobias Brunner | version:5.4.0, which introduced the _ike:_ prefix). |
400 | 93 | Tobias Brunner | Since version:5.6.1 RSASSA-PSS signatures are supported. To use or require them configure _rsa/pss_ instead of _rsa_ |
401 | 93 | Tobias Brunner | as in e.g. _ike:rsa/pss-sha256_. If _pubkey_ or _rsa_ constraints are configured RSASSA-PSS signatures will only be |
402 | 93 | Tobias Brunner | used/accepted if enabled in [[strongswan.conf]]. |
403 | 75 | Tobias Brunner | |
404 | 75 | Tobias Brunner | p((. In the case of *eap*, an optional EAP method can be appended. Currently defined methods are *eap-aka*, |
405 | 1 | Martin Willi | *eap-gtc*, *eap-md5*, *eap-mschapv2*, *eap-peap*, *eap-sim*, *eap-tls*, *eap-ttls*, *eap-dynamic*, and *eap-radius*. |
406 | 75 | Tobias Brunner | Alternatively, IANA assigned EAP method numbers are accepted. Vendor specific EAP methods are defined |
407 | 75 | Tobias Brunner | in the form *eap-type-vendor* (e.g. *eap-7-12345*). |
408 | 75 | Tobias Brunner | Since version:5.3.0 signature and trust chain constraints for EAP-(T)TLS may be defined. To do so, append a |
409 | 75 | Tobias Brunner | colon to the EAP method, followed by the key type/size and hash algorithm as discussed above. |
410 | 75 | Tobias Brunner | For *xauth*, an XAuth authentication backend can be specified, such as *xauth-generic* or *xauth-eap*. |
411 | 75 | Tobias Brunner | If XAuth is used in _leftauth_, Hybrid authentication is used. For traditional XAuth authentication, define XAuth in _leftauth2_. |
412 | 1 | Martin Willi | |
413 | 57 | Tobias Brunner | p((. Not supported for IKEv1 connections prior to [[5.0.0]]. |
414 | 27 | Daniel Mentz | |
415 | 33 | Tobias Brunner | |
416 | 58 | Tobias Brunner | _left|rightauth2 = <auth method>_ |
417 | 58 | Tobias Brunner | |
418 | 58 | Tobias Brunner | p((. Same as _left|rightauth_, but defines an additional authentication exchange. In IKEv1, only XAuth can be used |
419 | 57 | Tobias Brunner | in the second authentication round. IKEv2 supports multiple complete authentication rounds using |
420 | 66 | Andreas Steffen | _Multiple Authentication Exchanges_ defined in "RFC 4739":http://tools.ietf.org/html/rfc4739. This allows e.g. a separate authentication of host and user. |
421 | 7 | Martin Willi | |
422 | 31 | Martin Willi | p((. Not supported for IKEv1 connections prior to [[5.0.0]]. |
423 | 57 | Tobias Brunner | |
424 | 23 | Tobias Brunner | |
425 | 57 | Tobias Brunner | _left|rightca = <issuer dn> | %same_ |
426 | 57 | Tobias Brunner | |
427 | 58 | Tobias Brunner | p((. the distinguished name of a certificate authority which is required to lie in the trust path going from the |
428 | 56 | Andreas Steffen | _left|right_ participant's certificate up to the root certification authority. |
429 | 1 | Martin Willi | *%same* means that the value configured for the other participant should be reused. |
430 | 56 | Andreas Steffen | |
431 | 23 | Tobias Brunner | _left|rightca2 = <issuer dn> | %same_ |
432 | 21 | Andreas Steffen | |
433 | 1 | Martin Willi | p((. Same as _left|rightca_ but for the second authentication (IKev2 only). |
434 | 1 | Martin Willi | |
435 | 1 | Martin Willi | _left|rightcert = <path>_ |
436 | 1 | Martin Willi | |
437 | 23 | Tobias Brunner | p((. the path to the left|right participant's X.509 certificate. The file can be coded either in PEM or DER format. |
438 | 58 | Tobias Brunner | OpenPGP certificates are supported as well. Both absolute paths or paths relative to |
439 | 58 | Tobias Brunner | [[IpsecDirectoryCerts|/etc/ipsec.d/certs]] are accepted. By default _left|rightcert_ sets _left|rightid_ |
440 | 31 | Martin Willi | to the distinguished name of the certificate's subject. The _left|right_ participant's ID can be overridden |
441 | 61 | Tobias Brunner | by specifying a _left|rightid_ value which must be certified by the certificate, though. |
442 | 61 | Tobias Brunner | |
443 | 61 | Tobias Brunner | p((. Since [[5.0.2]] certificates can be configured in the form _%smartcard[<slot nr>[@<module>]]:<keyid>_, which |
444 | 61 | Tobias Brunner | defines a specific certificate to load from a PKCS#11 backend for this connection (e.g. via the [[PKCS11Plugin|pkcs11 plugin]]). |
445 | 61 | Tobias Brunner | See [[PinSecret|ipsec.secrets]] for details about smartcard definitions. |
446 | 61 | Tobias Brunner | Defining a certificate on a smartcard with _left|rightcert_ is only required if the automatic selection via _left|rightid_ |
447 | 64 | Tobias Brunner | is not sufficient, for example, if multiple certificates use the same subject. |
448 | 64 | Tobias Brunner | |
449 | 64 | Tobias Brunner | p((. Since [[5.0.3]] multiple certificate paths or PKCS#11 backends can be specified in a comma separated list. |
450 | 64 | Tobias Brunner | The daemon chooses the certificate based on the received certificate requests, if possible, before enforcing |
451 | 23 | Tobias Brunner | the first. |
452 | 23 | Tobias Brunner | |
453 | 57 | Tobias Brunner | _left|rightcert2 = <path>_ |
454 | 21 | Andreas Steffen | |
455 | 1 | Martin Willi | p((. Same as _left|rightcert_ but for the second authentication round (IKEv2 only). |
456 | 33 | Tobias Brunner | |
457 | 7 | Martin Willi | _left|rightcertpolicy = <OIDs>_ |
458 | 66 | Andreas Steffen | |
459 | 1 | Martin Willi | p((. Comma separated list of certificate policy OIDs the peer's certificate must have. |
460 | 58 | Tobias Brunner | OIDs are specified using the numerical dotted representation. Not supported for IKEv1 connections prior to [[5.0.0]]. |
461 | 58 | Tobias Brunner | |
462 | 58 | Tobias Brunner | _left|rightdns = <servers>_ |
463 | 58 | Tobias Brunner | |
464 | 58 | Tobias Brunner | p((. Comma separated list of DNS server addresses to exchange as configuration attributes. On the initiator, |
465 | 58 | Tobias Brunner | a server is a fixed IPv4/IPv6 address, or _%config4/%config6_ to request attributes without an address. |
466 | 58 | Tobias Brunner | On the responder, only fixed IPv4/IPv6 addresses are allowed and define DNS servers assigned to the client. |
467 | 1 | Martin Willi | Available since [[5.0.1]]. |
468 | 23 | Tobias Brunner | |
469 | 1 | Martin Willi | _left|rightfirewall = yes | *no*_ |
470 | 1 | Martin Willi | |
471 | 1 | Martin Willi | p((. whether the _left|right_ participant is doing forwarding-firewalling (including masquerading) |
472 | 1 | Martin Willi | using iptables for traffic from _left|rightsubnet_, which should be turned off for traffic to the |
473 | 1 | Martin Willi | other subnet) once the connection is established. May not be used in the same connection description with |
474 | 1 | Martin Willi | _left|rightupdown_. Implemented as a parameter to the default _ipsec _updown_ script. Relevant only |
475 | 1 | Martin Willi | locally, other end need not agree on it. |
476 | 23 | Tobias Brunner | |
477 | 20 | Andreas Steffen | p((. If one or both security gateways are doing forwarding firewalling (possibly including masquerading), |
478 | 23 | Tobias Brunner | and this is specified using the firewall parameters, tunnels established with IPsec are exempted from |
479 | 57 | Tobias Brunner | it so that packets can flow unchanged through the tunnels. (This means that all subnets connected in this |
480 | 1 | Martin Willi | manner must have distinct, non-overlapping subnet address blocks.) This is done by the default |
481 | 1 | Martin Willi | _ipsec _updown_ script. |
482 | 1 | Martin Willi | |
483 | 1 | Martin Willi | p((. In situations calling for more control, it may be preferable for the user to supply his own _updown_ script, |
484 | 1 | Martin Willi | which makes the appropriate adjustments for his system. |
485 | 1 | Martin Willi | |
486 | 31 | Martin Willi | _left|rightgroups = <group list>_ |
487 | 58 | Tobias Brunner | |
488 | 58 | Tobias Brunner | p((. a comma-separated list of group names. If the _left|rightgroups_ parameter is present then the peer must |
489 | 57 | Tobias Brunner | be a member of at least one of the groups defined by the parameter. Groups may be used together with the |
490 | 58 | Tobias Brunner | [[EapRadius#Group-selection|eap-radius]] plugin. |
491 | 1 | Martin Willi | |
492 | 58 | Tobias Brunner | _left|rightgroups2 = <group list>_ |
493 | 58 | Tobias Brunner | |
494 | 58 | Tobias Brunner | p((. Same as _left|rightgroups_ but for the second authentication round defined with _left|rightauth2_. |
495 | 1 | Martin Willi | Available since [[5.0.1]]. |
496 | 1 | Martin Willi | |
497 | 1 | Martin Willi | _left|righthostaccess = yes | *no*_ |
498 | 1 | Martin Willi | |
499 | 1 | Martin Willi | p((. inserts a pair of INPUT and OUTPUT iptables rules using the default _ipsec _updown_ script, |
500 | 33 | Tobias Brunner | thus allowing access to the host itself in the case where the host's internal interface is part |
501 | 23 | Tobias Brunner | of the negotiated client subnet. |
502 | 57 | Tobias Brunner | |
503 | 73 | Tobias Brunner | _left|rightid = <id>_ |
504 | 73 | Tobias Brunner | |
505 | 79 | Tobias Brunner | p((. how the _left|right_ participant should be identified for authentication; defaults to _left|right_ or the subject of the |
506 | 79 | Tobias Brunner | certificate configured with _left|rightcert_. If _left|rightcert_ is configured the identity has to be confirmed by the |
507 | 79 | Tobias Brunner | certificate, that is, it has to match the full subject DN or one of the subjectAltName extensions contained in the |
508 | 79 | Tobias Brunner | certificate. |
509 | 1 | Martin Willi | |
510 | 79 | Tobias Brunner | p((. Can be an IP address, a fully-qualified domain name, an email address or a Distinguished Name for which the |
511 | 79 | Tobias Brunner | ID type is determined automatically and the string is converted to the appropriate encoding. The rules for this |
512 | 79 | Tobias Brunner | conversion are described on [[IdentityParsing]]. In versions before [[5.0.0]] fully-qualified domain names can be |
513 | 79 | Tobias Brunner | preceded by an @ to avoid them being resolved to an IP address. |
514 | 73 | Tobias Brunner | |
515 | 79 | Tobias Brunner | p((. In certain special situations the identity parsing above might be inadequate or produce the wrong result. |
516 | 79 | Tobias Brunner | Examples are the need to encode a FQDN as KEY_ID or the string parser being unable to produce the correct |
517 | 79 | Tobias Brunner | binary ASN.1 encoding of a certificate's DN. For these situations it is possible since version:5.2.2 to enforce a specific |
518 | 79 | Tobias Brunner | identity type and to provide the binary encoding of the identity. To do this a prefix may be used, followed by a |
519 | 79 | Tobias Brunner | colon (:). If the number sign (#) follows the colon, the remaining data is interpreted as hex encoding, otherwise |
520 | 79 | Tobias Brunner | the string is used as is as the identification data. *Note:* The latter implies that no conversion is performed for |
521 | 79 | Tobias Brunner | non-string identities. For example, _ipv4:10.0.0.1_ does not create a valid ID_IPV4_ADDR IKE identity, as it does not |
522 | 79 | Tobias Brunner | get converted to binary 0x0a000001. Instead, one could use _ipv4:#0a000001_ to get a valid identity, but just using |
523 | 79 | Tobias Brunner | the implicit type with [[IdentityParsing|automatic conversion]] is usually simpler. The same applies to the ASN.1 encoded types. |
524 | 58 | Tobias Brunner | The following prefixes are known: _ipv4, ipv6, rfc822, email, userfqdn, fqdn, dns, asn1dn, asn1gn_ and _keyid_. |
525 | 58 | Tobias Brunner | Custom type prefixes may be specified by surrounding the numerical type value with curly brackets. |
526 | 58 | Tobias Brunner | |
527 | 58 | Tobias Brunner | p((. Since [[5.0.1]] _rightid_ for IKEv2 connections optionally takes a % as prefix in front of the identity. |
528 | 58 | Tobias Brunner | If given it prevents the daemon from sending IDr in its IKE_AUTH request and will allow it to verify the |
529 | 58 | Tobias Brunner | configured identity against the subject and subjectAltNames contained in the responder's certificate (otherwise, |
530 | 33 | Tobias Brunner | it is only compared with the IDr returned by the responder). The IDr sent by the initiator might otherwise |
531 | 7 | Martin Willi | prevent the responder from finding a config if it has configured a different value for _leftid_. |
532 | 23 | Tobias Brunner | |
533 | 23 | Tobias Brunner | _left|rightid2 = <id>_ |
534 | 21 | Andreas Steffen | |
535 | 1 | Martin Willi | p((. Identity to use for the second authentication of the left participant (IKEv2 only). |
536 | 1 | Martin Willi | Defaults to _left|rightid_. |
537 | 1 | Martin Willi | |
538 | 89 | Tobias Brunner | _left|rightikeport = <port>_ |
539 | 58 | Tobias Brunner | |
540 | 58 | Tobias Brunner | p((. UDP port the left participant uses for IKE communication. If unspecified, port 500 is used with the port |
541 | 63 | Tobias Brunner | floating to 4500 if a NAT is detected or MOBIKE is enabled. |
542 | 63 | Tobias Brunner | Specifying a local IKE port different from the default additionally requires a socket implementation that |
543 | 63 | Tobias Brunner | listens to this port. Not supported for IKEv1 connections prior to [[5.0.0]]. |
544 | 70 | Tobias Brunner | |
545 | 70 | Tobias Brunner | _left|rightprotoport = <protocol>/<port>_ |
546 | 67 | Tobias Brunner | |
547 | 1 | Martin Willi | p((. restrict the traffic selector to a single protocol and/or port. Since [[5.1.0]] this option is deprecated |
548 | 1 | Martin Willi | as protocol/port information can be defined for each subnet directly in _left|rightsubnet_. |
549 | 67 | Tobias Brunner | |
550 | 67 | Tobias Brunner | _left|rightrsasigkey = <raw rsa public key> | <path to public key>_ |
551 | 72 | Tobias Brunner | |
552 | 1 | Martin Willi | p((. Since [[5.1.0]] a synonym for _left|rightsigkey_. Before that it denoted the left|right participant's public key |
553 | 67 | Tobias Brunner | for RSA signature authentication, in RFC 2537 format using hex (0x prefix) or base64 (0s prefix) encoding. |
554 | 67 | Tobias Brunner | Also accepted was the path to a file containing the public key in PEM or DER encoding. |
555 | 72 | Tobias Brunner | |
556 | 1 | Martin Willi | _left|rightsigkey = <raw public key> | <path to public key>_ |
557 | 72 | Tobias Brunner | |
558 | 67 | Tobias Brunner | p((. Added with [[5.1.0]]. The left|right participant's public key for public key signature authentication, in PKCS#1 |
559 | 72 | Tobias Brunner | format using using hex (0x prefix) or base64 (0s prefix) encoding. With the optional _dns:_ or _ssh:_ prefix in front |
560 | 72 | Tobias Brunner | of 0x or 0s, the public key is expected in either the RFC 3110 (not the full RR, only the RSA key part) or |
561 | 1 | Martin Willi | RFC 4253 public key format, respectively. |
562 | 1 | Martin Willi | Also accepted is the path to a file containing the public key in PEM, DER or SSH encoding. Both absolute paths or |
563 | 1 | Martin Willi | paths relative to [[ipsecdirectorycerts|/etc/ipsec.d/certs]] are accepted. |
564 | 58 | Tobias Brunner | |
565 | 1 | Martin Willi | _left|rightsendcert = never | no | *ifasked* | always | yes_ |
566 | 58 | Tobias Brunner | |
567 | 58 | Tobias Brunner | p((. Accepted values are *never* or *no*, *always* or *yes*, and *ifasked*, the latter meaning that |
568 | 58 | Tobias Brunner | the peer must send a certificate request (CR) payload in order to get a certificate in return. |
569 | 58 | Tobias Brunner | |
570 | 58 | Tobias Brunner | _leftsourceip = %config4 | %config6 | <ip address>_ |
571 | 31 | Martin Willi | |
572 | 23 | Tobias Brunner | p((. The internal source IP to use in a tunnel, also known as [[VirtualIp|virtual IP]]. |
573 | 1 | Martin Willi | If the value is one of the synonyms _%config_, _%cfg_, _%modeconfig_ or _%modecfg_, an address (from |
574 | 57 | Tobias Brunner | the tunnel address family) is requested from the peer. |
575 | 1 | Martin Willi | Since [[5.0.1]] a comma-separated list is accepted to request multiple addresses, and with _%config4_ and |
576 | 1 | Martin Willi | _%config6_ an address of the given address family will be requested explicitly. |
577 | 73 | Tobias Brunner | If an IP address is configured, it will be requested from the responder, which is free to respond with a |
578 | 7 | Martin Willi | different address. |
579 | 23 | Tobias Brunner | |
580 | 31 | Martin Willi | _rightsourceip = %config | <network>/<netmask> | <from>-<to> | %poolname_ |
581 | 73 | Tobias Brunner | |
582 | 73 | Tobias Brunner | p((. The internal source IP to use in a tunnel for the remote peer. If the value is %config on the responder |
583 | 1 | Martin Willi | side, the initiator must propose an address which is then echoed back. Also supported are address pools |
584 | 73 | Tobias Brunner | expressed as _<network>/<netmask>_ and _<from>-<to>_ (since version:5.2.2) or the use of an external IP address pool |
585 | 57 | Tobias Brunner | using _%%poolname_ where _poolname_ is the name of the IP address pool used for the lookup (see [[VirtualIp|virtual IP]] for details). |
586 | 67 | Tobias Brunner | Since [[5.0.1]] a comma-separated list of IP addresses / pools is accepted, for instance, to define pools of |
587 | 1 | Martin Willi | different address families. |
588 | 1 | Martin Willi | |
589 | 1 | Martin Willi | _left|rightsubnet = <ip subnet>![[<proto/port>]][,...]_ |
590 | 1 | Martin Willi | |
591 | 57 | Tobias Brunner | p((. private subnet behind the left participant, expressed as network/netmask; if omitted, essentially assumed |
592 | 58 | Tobias Brunner | to be _left_/32|128, signifying that the _left|right_ end of the connection goes to the _left|right_ participant only. |
593 | 58 | Tobias Brunner | The configured subnets of the peers may differ, the protocol narrows it to the greatest common subnet. |
594 | 58 | Tobias Brunner | Since [[5.0.0]] this is also done for IKEv1, but as this may lead to problems with other implementations, |
595 | 58 | Tobias Brunner | make sure to configure identical subnets in such configurations. |
596 | 1 | Martin Willi | IKEv2 supports multiple subnets separated by commas, IKEv1 only interprets the first subnet of such a definition, |
597 | 87 | Tobias Brunner | unless the Cisco Unity extension plugin is enabled (available since version:5.0.1). This is due to a limitation of the IKEv1 |
598 | 87 | Tobias Brunner | protocol, which only allows a single pair of subnets per CHILD_SA. So to tunnel several subnets a conn entry has |
599 | 87 | Tobias Brunner | to be defined and brought up for each pair of subnets. |
600 | 70 | Tobias Brunner | |
601 | 70 | Tobias Brunner | p((. Since [[5.1.0]] the optional part after each subnet enclosed in square brackets specifies a protocol/port to restrict |
602 | 70 | Tobias Brunner | the selector for that subnet. *Examples:* leftsubnet=10.0.0.1[tcp/http],10.0.0.2[6/80] or leftsubnet=fec1::1[udp],10.0.0.0/16[/53]. |
603 | 70 | Tobias Brunner | Instead of omitting either value _%any_ can be used to the same effect, e.g. leftsubnet=fec1::1[udp/%any],10.0.0.0/16[%any/53]. |
604 | 70 | Tobias Brunner | |
605 | 67 | Tobias Brunner | p((. Since [[5.1.1]], if the protocol is _icmp_ or _ipv6-icmp_ the port is interpreted as ICMP message type if it is less than 256, |
606 | 67 | Tobias Brunner | or as type and code if it greater or equal to 256, with the type in the most significant 8 bits and the code in the |
607 | 67 | Tobias Brunner | least significant 8 bits. |
608 | 67 | Tobias Brunner | |
609 | 67 | Tobias Brunner | p((. The port value can alternatively take the value _%opaque_ for RFC 4301 OPAQUE selectors, or a numerical range |
610 | 67 | Tobias Brunner | in the form 1024-65535. None of the kernel backends currently supports opaque or port ranges and uses _%any_ |
611 | 67 | Tobias Brunner | for policy installation instead. |
612 | 67 | Tobias Brunner | |
613 | 23 | Tobias Brunner | p((. Instead of specifying a subnet, _%dynamic_ can be used to replace it with the IKE address, having the same effect |
614 | 21 | Andreas Steffen | as omitting _left|rightsubnet_ completely. Using _%dynamic_ can be used to define multiple dynamic selectors, |
615 | 1 | Martin Willi | each having a potentially different protocol/port definition. |
616 | 31 | Martin Willi | |
617 | 1 | Martin Willi | _left|rightupdown = <path>_ |
618 | 33 | Tobias Brunner | |
619 | 33 | Tobias Brunner | p((. what _updown_ script to run to adjust routing and/or firewalling when the status of the connection |
620 | 33 | Tobias Brunner | changes (default _ipsec _updown_). Relevant only locally, other end need not agree on it. |
621 | 33 | Tobias Brunner | Charon uses the _updown_ script to insert firewall rules only, since routing has been implemented directly |
622 | 33 | Tobias Brunner | into the daemon. |
623 | 33 | Tobias Brunner | |
624 | 33 | Tobias Brunner | h2. IKEv2 Mediation Extension Parameters |
625 | 23 | Tobias Brunner | |
626 | 23 | Tobias Brunner | The following parameters are relevant to IKEv2 Mediation Extension operation only. |
627 | 31 | Martin Willi | |
628 | 57 | Tobias Brunner | _mediation = yes | *no*_ |
629 | 57 | Tobias Brunner | |
630 | 57 | Tobias Brunner | p((. whether this connection is a mediation connection, ie. whether this connection is used to mediate other |
631 | 57 | Tobias Brunner | connections. Mediation connections create no child SA. Acceptable values are no (the default) and yes. |
632 | 57 | Tobias Brunner | |
633 | 21 | Andreas Steffen | _mediated_by = <name>_ |
634 | 1 | Martin Willi | |
635 | 31 | Martin Willi | p((. the name of the connection to mediate this connection through. If given, the connection will be mediated |
636 | 1 | Martin Willi | through the named mediation connection. The mediation connection must set *mediation=yes*. |
637 | 57 | Tobias Brunner | |
638 | 1 | Martin Willi | _me_peerid = <id>_ |
639 | 1 | Martin Willi | |
640 | 58 | Tobias Brunner | p((. ID as which the peer is known to the mediation server, ie. which the other end of this connection uses as |
641 | 58 | Tobias Brunner | its leftid on its connection to the mediation server. This is the ID we request the mediation server to |
642 | 58 | Tobias Brunner | mediate us with. If me_peerid is not given, the rightid of this connection will be used as peer ID. |
643 | 58 | Tobias Brunner | |
644 | 58 | Tobias Brunner | h2. Removed parameters (since 5.0.0) |
645 | 58 | Tobias Brunner | |
646 | 58 | Tobias Brunner | _auth = *esp* | ah_ |
647 | 58 | Tobias Brunner | |
648 | 69 | Tobias Brunner | p((. whether authentication should be done as part of ESP encryption, or separately using the AH protocol. |
649 | 69 | Tobias Brunner | Only supported by the IKEv1 daemon pluto. |
650 | 58 | Tobias Brunner | |
651 | 58 | Tobias Brunner | p((. Since [[5.1.1]] the *ah* keyword can be used to configure AH with the charon IKE daemon. |
652 | 58 | Tobias Brunner | |
653 | 58 | Tobias Brunner | _pfs = *yes* | no_ |
654 | 58 | Tobias Brunner | |
655 | 58 | Tobias Brunner | p((. whether _Perfect Forward Secrecy_ of keys is desired on the connection's keying channel (with PFS, |
656 | 58 | Tobias Brunner | penetration of the key-exchange protocol does not compromise keys negotiated earlier). IKEv2 always uses |
657 | 58 | Tobias Brunner | PFS for IKE_SA rekeying whereas for CHILD_SA rekeying PFS is enforced by defining a Diffie-Hellman dhgroup |
658 | 58 | Tobias Brunner | in the _esp_ parameter. Since [[5.0.0]] the latter also applies to IKEv1 and this parameter has no effect anymore. |
659 | 58 | Tobias Brunner | |
660 | 58 | Tobias Brunner | _pfsgroup = <modp group>_ |
661 | 58 | Tobias Brunner | |
662 | 58 | Tobias Brunner | p((. defines a Diffie-Hellman group for _perfect forward secrecy_ in IKEv1 Quick Mode differing from the DH group |
663 | 58 | Tobias Brunner | used for IKEv1 Main Mode (IKEv1 pluto daemon only). |
664 | 58 | Tobias Brunner | |
665 | 58 | Tobias Brunner | _left|rightnexthop = %direct | %defaultroute | <ip address> | <fqdn>_ |
666 | 58 | Tobias Brunner | |
667 | 58 | Tobias Brunner | p((. This parameter is usually not needed any more because the NETKEY IPsec stack does not require |
668 | 58 | Tobias Brunner | explicit routing entries for the traffic to be tunneled. If _left|sourceip_ is used with IKEv1 |
669 | 58 | Tobias Brunner | then _left|rightnexthop_ must still be set in order for the source routes to work properly. |
670 | 58 | Tobias Brunner | |
671 | 58 | Tobias Brunner | _left|rightsubnetwithin = <ip subnet>_ |
672 | 1 | Martin Willi | |
673 | 1 | Martin Willi | p((. the peer can propose any subnet or single IP address that fits within the range defined by |
674 | 1 | Martin Willi | _left|rightsubnetwithin_. Is a synonym for _left|rightsubnet_ since [[5.0.0]], as subnets are narrowed. |