unity plugin¶
The unity plugin provides support for parts of the IKEv1 Cisco Unity Extensions.
To enable the plugin, add
--enable-unityto the ./configure options.
It is available since 5.0.1.
Client Behavior¶
As client, the IKEv1 daemon charon will narrow traffic selectors to the received Split-Include attributes and will automatically install
IPsec bypass policies for received Local-LAN attributes.
Server Behavior¶
As server, charon will send Split-Include attributes for leftsubnet definitions containing multiple subnets to Unity-aware clients.
Unity-attributes may otherwise be assigned via the attr or attr-sql plugins.
Configuration¶
| Key | Default | Description |
| charon.cisco_unity | no | Send Cisco Unity vendor ID payload in main or aggressive mode (this option is also available in versions before 5.0.1) |
On a server the subnets listed in leftsubnet will be transmitted as Split-Include attributes to clients during Mode Config.
Mode Config is only triggered if the client request a virtual IP address e.g. with leftsourceip=%config.