ipsec.conf Reference » History » Version 3
Version 2 (Martin Willi, 31.08.2007 13:32) → Version 3/21 (Martin Willi, 31.08.2007 13:57)
= ipsec.conf =
strongSwan's ''ipsec.conf'' configuration file consists of three different section types: == config setup ==
* [wiki:ConfigSetupSection config setup] defines general configuration parameters ''cachecrls''
* [wiki:ConnSection ''charonstart''
* ''crlcheckinterval''
* ''plutostart''
* ''strictcrlpolicy''
'''IKEv1 pluto daemon only:'''
* ''keep_alive''
* ''nat_traversal''
* ''pkcs11initargs''
* ''pkcs11module''
* ''pkcs11keepstate''
* ''pkcs11proxy''
* ''plutodebug''
* ''postpluto''
* ''prepluto''
* ''virtual_private''
* ''uniqueids''
'''IKEv2 charon daemon only:'''
* ''charondebug''
== conn <name>] defines a connection <name> ==
* [wiki:CaSection ''ah''
* ''auth''
* ''authby''
* ''auto''
* ''compress''
* ''dpdaction''
* ''dpddelay''
* ''dpdtimeout''
* ''eap''
* ''esp''
* ''ike''
* ''ikelifetime''
* ''keyexchange''
* ''keyingtries''
* ''keylife''
* ''mobike''
* ''modeconfig''
* ''pfs''
* ''reauth''
* ''rekey''
* ''rekeyfuzz''
* ''rekeymargin''
* ''type''
* ''xauth''
'''left|right end parameters'''
* ''left|right''
* ''left|rightallowany''
* ''left|rightca''
* ''left|rightcert''
* ''left|rightfirewall''
* ''left|rightgroups''
* ''left|righthostaccess''
* ''left|rightid''
* ''left|rightnexthop''
* ''left|rightprotoport''
* ''left|rightrsasigkey''
* ''left|rightsendcert''
* ''left|rightsourceip''
* ''left|rightsubnet''
* ''left|rightsubnetwithin''
* ''left|rightupdown''
== ca <name>] defines a certification authority <name> ==
There can be only one [wiki:ConfigSetupSection config setup] section but * ''auto''
* ''cacert''
* ''crluri''
* ''crluri1''
synonym for ''crluri''.
* ''crluri2''
* ''ldaphost''
* ''ocspuri''
* ''ocspuri1''
synonym for ''ocspuri''.
* ''ocspuri2'''
an unlimited number of [wiki:ConnSection conn] and [wiki:CaSection ca] sections.
strongSwan's ''ipsec.conf'' configuration file consists of three different section types: == config setup ==
* [wiki:ConfigSetupSection config setup] defines general configuration parameters ''cachecrls''
* [wiki:ConnSection ''charonstart''
* ''crlcheckinterval''
* ''plutostart''
* ''strictcrlpolicy''
'''IKEv1 pluto daemon only:'''
* ''keep_alive''
* ''nat_traversal''
* ''pkcs11initargs''
* ''pkcs11module''
* ''pkcs11keepstate''
* ''pkcs11proxy''
* ''plutodebug''
* ''postpluto''
* ''prepluto''
* ''virtual_private''
* ''uniqueids''
'''IKEv2 charon daemon only:'''
* ''charondebug''
== conn <name>] defines a connection <name> ==
* [wiki:CaSection ''ah''
* ''auth''
* ''authby''
* ''auto''
* ''compress''
* ''dpdaction''
* ''dpddelay''
* ''dpdtimeout''
* ''eap''
* ''esp''
* ''ike''
* ''ikelifetime''
* ''keyexchange''
* ''keyingtries''
* ''keylife''
* ''mobike''
* ''modeconfig''
* ''pfs''
* ''reauth''
* ''rekey''
* ''rekeyfuzz''
* ''rekeymargin''
* ''type''
* ''xauth''
'''left|right end parameters'''
* ''left|right''
* ''left|rightallowany''
* ''left|rightca''
* ''left|rightcert''
* ''left|rightfirewall''
* ''left|rightgroups''
* ''left|righthostaccess''
* ''left|rightid''
* ''left|rightnexthop''
* ''left|rightprotoport''
* ''left|rightrsasigkey''
* ''left|rightsendcert''
* ''left|rightsourceip''
* ''left|rightsubnet''
* ''left|rightsubnetwithin''
* ''left|rightupdown''
== ca <name>] defines a certification authority <name> ==
There can be only one [wiki:ConfigSetupSection config setup] section but * ''auto''
* ''cacert''
* ''crluri''
* ''crluri1''
synonym for ''crluri''.
* ''crluri2''
* ''ldaphost''
* ''ocspuri''
* ''ocspuri1''
synonym for ''ocspuri''.
* ''ocspuri2'''
an unlimited number of [wiki:ConnSection conn] and [wiki:CaSection ca] sections.