The unity plugin provides support for parts of the IKEv1 Cisco Unity Extensions.
To enable the plugin, add
--enable-unityto the ./configure options.
It is available since 5.0.1.
As client, the IKEv1 daemon charon will narrow traffic selectors to the received Split-Include attributes and will automatically install
IPsec bypass policies for received Local-LAN attributes.
As server, charon will send Split-Include attributes for leftsubnet definitions containing multiple subnets to Unity-aware clients.
|charon.cisco_unity||no||Send Cisco Unity vendor ID payload in main or aggressive mode (this option is also available in versions before 5.0.1)|
On a server the subnets listed in leftsubnet will be transmitted as Split-Include attributes to clients during Mode Config.
Mode Config is only triggered if the client request a virtual IP address e.g. with leftsourceip=%config.