strongswan.conf

This page documents the configuration options of the most current release. Therefore, you should always consult the strongswan.conf(5) man page that comes with the release you are using to confirm which options are actually available.

Overview

While the swanctl.conf and the legacy ipsec.conf configuration files are well suited to define IPsec-related configuration parameters, it is not useful for other strongSwan applications to read options from these files. As the number of components of the strongSwan project is continually growing, we needed a more flexible configuration file that is easy to extend and can be used by all components.

The default strongswan.conf file is installed under ${sysconfdir}, i.e. the path usually is /etc/strongswan.conf.

Since version 5.1.2 the default config file may be split up and separate files are placed in the ${sysconfdir}/strongswan.d directory.

The location in which strongswan.conf is looked for can be overwritten at start time of the process using libstrongswan by setting the STRONGSWAN_CONF environmental variable to the desired location.

Reloading

The IKE charon daemon and some of its derivatives reloads strongswan.conf if it receives a SIGHUP signal (that has to be sent manually to the charon daemon) or can be triggered via either the vici reload-settings or the swanctl --reload-settings commands.

This reloads the logger settings and some plugins also support reloading their configuration (e.g. the attr, the pkcs11 or the eap-radius plugins) and many settings are always read directly from the latest config (some at least for new connections).

Syntax

The format consists of hierarchical sections and a list of key/value pairs in each section.

Each section has a name, followed by C-style curly brackets defining the section body. Each section body contains a set of subsections and key/value pairs:

settings := (section|keyvalue)*
section  := name { settings }
keyvalue := key = value\n

Values must be terminated by a newline. Comments are possible using the # character. Section names and keys may contain any printable character except:

. , : { } = " # \n \t space

An example might look like this:

a = b
section-one {
  somevalue = asdf
  subsection {
    othervalue = xxx
  }
  # yei, a comment
  yetanother = zz
}
section-two {
  x = 12
}

Indentation is optional. You may use tabs or spaces.

Referencing other Sections

Since version 5.7.0 it is possible to inherit settings and sections from another section. This feature is mainly useful in swanctl.conf which uses the same configuration file format.

The syntax for references is as follows:

section    := name : references { settings }
references := absname[, absname]*
absname    := name[.name]*

All key/value pairs and all subsections of the referenced sections will be inherited by the section that references them via their absolute name. Values may be overridden in the section or any of its sub-sections (use an empty assignment to clear a value so its default value, if any, will apply). It is currently not possible to limit the inclusion level or clear/remove inherited subsections.

If the order is important (e.g. for auth rounds in a connection, if round is not used), it should be noted that inherited settings/sections will follow those defined in the current section (if multiple sections are referenced, their settings are enumerated left to right).

References are evaluated dynamically at runtime, so referring to sections later in the config file or included via other files is no problem.

Here is an example of how this might look like in swanctl.conf:

conn-defaults {
  # default settings for all conns (e.g. a cert, or IP pools)
}
eap-defaults {
  # defaults if eap is used (e.g. a remote auth round)
}
child-defaults {
  # defaults for child configs (e.g. traffic selectors)
}
connections {
  conn-a : conn-defaults, eap-defaults {
    # set/override stuff specific to this connection
    children {
      child-a : child-defaults {
        # set/override stuff specific to this child
      }
    }
  }
  conn-b : conn-defaults {
    # set/override stuff specific to this connection
    children {
      child-b : child-defaults {
        # set/override stuff specific to this child
      }
    }
  }
  conn-c : connections.conn-a {
    # everything is inherited, including everything conn-a
    # already inherits from the sections it and its
    # sub-section reference
  }
}

Including Files

The include statement allows to include other files into strongswan.conf, e.g.

include /some/path/*.conf

If the file name is not an absolute path, it is considered to be relative to the directory of the file containing the include statement. The file name may include shell wildcards. Also, such inclusions can be nested.

Sections loaded from the included files extend previously loaded sections; already existing values are replaced. It is important to note that settings are added relative to the section the include statement is in.

As an example, the following three files result in the same final config as the one given above:

a = b
section-one {
  somevalue = before include
  include include.conf
}
include other.conf

File include.conf:

# settings loaded from this file are added to section-one
# the following replaces the previous value
somevalue = asdf
subsection {
  othervalue = yyy
}
yetanother = zz

File other.conf:

# this extends section-one and subsection
section-one {
  subsection {
    # this replaces the previous value
    othervalue = xxx
  }
}
section-two {
  x = 12
}

Reading values

The config file is read by libstrongswan during library initialization (or when a reload is triggered). Values are accessed using a dot-separated section list and a key: Accessing section-one.subsection.othervalue in the examples above will return xxx.

Have a look at the settings interface src/libstrongswan/settings/settings.h to learn about the details.

Number Formats

Options that define an integer value can be specified as decimal (the default) or hexadecimal (0x prefix, upper- or lowercase letters are accepted). Locale-dependent strings (e.g. the thousands separator of the current locale) may also be accepted in locales other than C.

Options that define a floating-point value can be specified as decimal (the default) or hexadecimal (0x prefix, upper- or lowercase letters are accepted). The radix character (decimal separator) in either case is locale-dependent, usually '.'.

Time Formats

Unless stated otherwise, options that define a time are specified in seconds. The s, m, h and d suffixes may be used to automatically convert values given in seconds, minutes, hours or days (for instance, instead of configuring a rekey time of 4 hours as 14400 seconds, 4h may be used).

There are some global options that don’t accept these suffixes as they are configured as integer values in seconds or milliseconds, or even as floating-point numbers (e.g. the retransmission timeout). Options that accept the suffixes have a corresponding default value.

Keys

The following list shows all strongswan.conf keys that are currently defined (using dot notation).

  • ${prefix} refers to the directory that can be configured with the --prefix ./configure option (defaults to /usr/local).

  • ${sysconfdir} refers to the directory that can be configured with the --sysconfdir ./configure option (defaults to ${prefix}/etc).

  • ${piddir} refers to the directory that can be configured with the --with-piddir ./configure option (defaults to /var/run).

  • ${nm_ca_dir} refers to the directory that can be configured with the --with-nm-ca-dir ./configure option (defaults to /usr/share/ca-certificates).

aikgen

Key Default Description [Default]

load

Plugins to load in aikgen tool

attest

database

File measurement information database URI. If it contains a password, make sure to adjust the access permissions of the config file accordingly

load

Plugins to load in attest tool

charon

Many of the options in this section also apply to charon-cmd, charon-systemd and other derivatives of the charon daemon. Just use their respective name (e.g. charon-systemd instead of charon).

Key Default Description [Default]

accept_private_algs

no

Deliberately violate the IKE standard’s requirement and allow the use of private algorithm identifiers, even if the peer implementation is unknown (i.e. if the peer doesn’t send a vendor ID via send_vendor_id)

block_threshold

5

Maximum number of half-open IKE_SAs (including unprocessed IKE_SA_INITs) for a single peer IP

cache_crls

no

Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should be saved under a unique file name derived from the public key of the Certification Authority (CA) to ${sysconfdir}/x509crl

check_current_path

no

By default, after detecting any changes to interfaces and/or addresses no action is taken if the current path to the remote peer still looks usable. Enabling this option will use DPD to check if the path actually still works, or, for instance, the peer removed the state after a longer phase without connectivity. It will also trigger a MOBIKE update if NAT mappings were removed during the downtime

cert_cache

yes

Whether relations in validated certificate chains should be cached in memory

cisco_flexvpn

no

Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan’s point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator’s local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a "tunnel mode ipsec ipv4" Cisco template but should also work for GRE encapsulation

cisco_unity

no

Send Cisco Unity vendor ID payload (IKEv1 only), see unity plugin

close_ike_on_child_failure

no

Close the IKE SA if setup of the CHILD SA along with IKE_AUTH failed

cookie_threshold

30

Number of half-open IKE_SAs (including unprocessed IKE_SA_INITs) that activate the cookie mechanism

cookie_threshold_ip

3

Number of half-open IKE_SAs (including unprocessed IKE_SA_INITs) for a single peer IP that activate the cookie mechanism (since version 5.9.6)

crypto_test

Section to configure crypto tests, see charon.crypto_test

delete_rekeyed

no

Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only). Reduces the number of stale CHILD_SAs in scenarios with a lot of rekeyings. However this might cause problems with implementations that continue to use rekeyed SAs until they expire

delete_rekeyed_delay

5

Delay in seconds until inbound IPsec SAs are deleted after rekeyings (IKEv2 only). To process delayed packets the inbound part of a CHILD_SA is kept installed up to the configured number of seconds after it got replaced during a rekeying. If set to 0 the CHILD_SA will be kept installed until it expires. If no lifetime is set it will be destroyed immediately

dh_exponent_ansi_x9_42

yes

Use ANSI X9.42 DH exponent size or optimum size matched to cryptographical strength

dlopen_use_rtld_now

no

Use RTLD_NOW with dlopen() when loading plugins and IMV/IMCs to reveal missing symbols immediately. Useful during development of custom plugins

dns1

DNS server assigned to peer via configuration payload (CP), see attr plugin

dns2

DNS server assigned to peer via configuration payload (CP)

dos_protection

yes

Enable Denial of Service protection using cookies and aggressiveness checks

filelog

Section to define file loggers, see logger configuration

flush_auth_cfg

no

If enabled objects used during authentication (certificates, identities etc.) are released to free memory once an IKE_SA is established. Enabling this might conflict with plugins that later need access to e.g. the used certificates

follow_redirects

yes

Whether to follow IKEv2 redirects, see RFC 5685

force_eap_only_authentication

no

Violate the EAP-only authentication requirements according to RFC 5998, even if the peer did not send an EAP_ONLY_AUTHENTICATION notify during IKE_AUTH

fragment_size

1280

Maximum size (complete IP datagram size in bytes) of a sent IKE fragment when using proprietary IKEv1 or standardized IKEv2 fragmentation. If specified, this limit is used for both IPv4 and IPv6 with a default of 1280 bytes. Use 0 for the address-family-specific default values defined by RFC 7383 which specifies a very conservative limit of 576 bytes for IPv4 but sets the limit to 1280 bytes for IPv6.

group

Name of the group the daemon changes to after startup

half_open_timeout

30

Timeout in seconds for connecting IKE_SAs, also see IKE_SA_INIT dropping

hash_and_url

no

Enable hash and URL support

host_resolver.max_threads

3

Maximum number of concurrent resolver threads (they are terminated if unused)

host_resolver.min_threads

0

Minimum number of resolver threads to keep around

ignore_acquire_ts

no

If this is disabled the traffic selectors from the kernel’s acquire events, which are derived from the triggering packet, are prepended to the traffic selectors from the configuration for IKEv2 connection. By enabling this, such specific traffic selectors will be ignored and only the ones in the config will be sent. This always happens for IKEv1 connections as the protocol only supports one set of traffic selectors per CHILD SA

ignore_routing_tables

A space-separated list of routing tables to be excluded from route lookup

ikesa_limit

0

Maximum number of IKE_SAs that can be established at the same time before new connection attempts are blocked

ikesa_table_segments

1

Number of exclusively locked segments in the hash table, see IKE_SA lookup tuning

ikesa_table_size

1

Size of the IKE SA hash table, see IKE_SA lookup tuning

inactivity_close_ike

no

Whether to close IKE_SA if the only CHILD SA closed due to inactivity

init_limit_half_open

0

Limit new connections based on the current number of half open IKE_SAs, see IKE_SA_INIT dropping

init_limit_job_load

0

Limit new connections based on the number of jobs currently queued for processing, see IKE_SA_INIT dropping

initiator_only

no

Causes charon daemon to ignore IKE initiation requests

install_routes

yes

Install routes into a separate routing table for established IPsec tunnels. If disabled a more efficient lookup for source and next-hop addresses is used. Since version 5.5.2

install_virtual_ip

yes

Install virtual IP addresses

install_virtual_ip_on

The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface

integrity_test

no

Check charon daemon, libcharon, libstrongswan and other strongSwan libraries as well as and plugin integrity at startup

interfaces_ignore

A comma-separated list of network interfaces that should be ignored by the charon daemon. If interfaces_use is specified, this option has no effect

interfaces_use

A comma-separated list of network interfaces that should be used by the charon daemon. All other interfaces are ignored

keep_alive

20s

NAT keep alive interval in seconds

keep_alive_dpd_margin

0s

Number of seconds the keep alive interval may be exceeded before a DPD is sent instead of a NAT keep alive (0 to disable). This is only useful if a clock is used that includes time spent suspended (e.g. CLOCK_BOOTTIME)

leak_detective

Section to configure the internal memory leak detective, see charon.leak_detective

load

Plugins to load in IKEv2 charon daemon, see Plugin Load

load_modular

no

If enabled the list of plugins to load is determined by individual load settings for each plugin, see Modular Configuration

make_before_break

no

Initiate IKEv2 reauthentication with a make-before-break instead of a break-before-make scheme. Make-before-break uses overlapping IKE and CHILD SA during reauthentication by first recreating all new SAs before deleting the old ones. This behavior can be beneficial to avoid connectivity gaps during reauthentication, but requires support for overlapping SAs by the peer. strongSwan can handle such overlapping SAs since version 5.3.0

max_ikev1_exchanges

3

Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about and track concurrently

max_packet

[→]

Maximum packet size in bytes accepted by charon [10000]

multiple_authentication

yes

Enable multiple authentication exchanges, see RFC 4739

nbns1

WINS server assigned to peer via configuration payload (CP), see attr plugin

nbns2

WINS server assigned to peer via configuration payload (CP)

ocsp_nonce_len

32

Length of nonces in OCSP requests. According to RFC 8954, valid values are between 1 and 32, with new clients required to use 32. Some servers might not support that so lowering the value to e.g. 16 might be necessary. Since version 5.9.13

port

500

UDP port used locally. If set to 0 a random port will be allocated

port_nat_t

4500

UDP port used locally in case of NAT-T. If set to 0 a random port will be allocated. Has to be different from port, otherwise a random port will be allocated

prefer_best_path

no

By default, charon keeps SAs on the routing path with addresses it previously used if that path is still usable. By enabling this option, it tries more aggressively to update SAs with MOBIKE on routing priority changes using the cheapest path. This adds more noise, but allows to dynamically adapt SAs to routing priority changes. This option has no effect if MOBIKE is not supported or disabled

prefer_configured_proposals

yes

Prefer locally configured proposals for IKE/IPsec over supplied ones as responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD notifies)

prefer_temporary_addrs

no

By default public IPv6 addresses are preferred over temporary ones according to RFC 4941 to make connections more stable. Enable this option to reverse this.

process_route

yes

Process RTM_NEWROUTE and RTM_DELROUTE events

processor.priority_threads

Subsection to configure the number of reserved threads per priority class, see Job Priority

reject_trusted_end_entity

no

Reject peers that use trusted end-entity certificates (i.e. local certificates). Since version 5.9.12

rdn_matching

[→]

How the Relative Distinguished Names (RDNs) a certificate’s Subject Distinguished Name (DN) is composed of, are matched against configured identities. Possible values are strict (the default), reordered, and relaxed. With strict the number, type and order of all RDNs have to match. Wildcards (*) for RDN values are allowed (that’s the case for all three variants). Using reordered also matches a DN if the RDNs appear in a different order, The number and type still have to match. Finally relaxed also allows matches of DNs that contain more RDNs than the configured identity (missing RDNs are treated like a wildcard match). Note that reordered and relaxed impose a considerable overhead on memory usage and runtime, in particular for mismatches as compared to strict. [strict]

receive_delay

0

Delay in ms for receiving packets, to simulate a larger Round Trip Time (RTT)

receive_delay_response

yes

Delay response messages

receive_delay_request

yes

Delay request messages

receive_delay_type

0

Specific IKEv2 message type to delay, 0 for any

replay_window

32

Size of the AH/ESP replay window, in packets

reqid_base

1

Value of the first reqid to be automatically assigned to a CHILD_SA (since version 5.9.9)

retransmit_base

1.8

Base to use for calculating exponential back off, see Retransmission

retransmit_jitter

0

Maximum jitter in percent to apply randomly to calculated retransmission timeout (0 to disable), see Retransmission

retransmit_limit

0

Upper limit in seconds for calculated retransmission timeout (0 to disable), see Retransmission

retransmit_timeout

4.0

Timeout in seconds before sending first retransmit, see Retransmission

retransmit_tries

5

Number of times to retransmit a packet before giving up, see Retransmission

retry_initiate_interval

0s

Interval in seconds to use when retrying to initiate an IKE SA e.g. if DNS resolution failed (0 to disable retries)

reuse_ikesa

yes

Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1)

routing_table

220

Numerical routing table to install routes to

routing_table_prio

220

Priority of the routing table

rsa_pss

no

Whether to use RSA with PSS padding instead of PKCS#1 padding by default

rsa_pss_trailerfield

no

Whether to encode an explicit trailerField value of 0x01 in the RSA-PSS algorithmIdentifier (as documented in RFC 7427) or using the DEFAULT value by omitting the trailerField (since version 5.9.8)

send_delay

0

Delay in ms for sending packets, to simulate a larger Round Trip Time (RTT)

send_delay_request

yes

Delay request messages

send_delay_response

yes

Delay response messages

send_delay_type

0

Specific IKEv2 message type to delay (0 for any)

send_vendor_id

no

Send strongSwan vendor ID payload

signature_authentication

yes

Whether to enable Signature Authentication as per RFC 7427

signature_authentication_ constraints

yes

If enabled, signature schemes configured in remote.auth, in addition to getting used as constraints against signature schemes employed in the certificate chain, are also used as constraints against the signature scheme used by peers during IKEv2

spi_label

[→]

Value mixed into the local IKE SPIs after applying spi_mask. [0x0000000000000000]

spi_mask

[→]

Mask applied to local IKE SPIs before mixing in spi_label (bits set will be replaced with spi_label). [0x0000000000000000]

spi_min

[→]

The lower limit for SPIs requested from the kernel for IPsec SAs. Should not be set lower than 0x00000100 (256) as SPIs between 1 and 255 are reserved by IANA. [0xc0000000]

spi_max

[→]

The upper limit for SPIs requested from the kernel for IPsec SAs. [0xcfffffff]

start-scripts

Section containing a list of scripts (name = path) that are executed when the daemon is started

stop-scripts

Section containing a list of scripts (name = path) that are executed when the daemon is terminated

syslog

Section to define syslog loggers, see logger configuration

threads

16

Number of worker threads in Several of these are reserved for long running tasks in internal modules and plugins. Therefore, make sure you don’t set this value too low. The number of idle worker threads listed in swanctl --stats might be used as indicator on the number of reserved threads. (see Job Priority)

user

Name of the user the daemon changes to after startup

x509.enforce_critical

yes

Discard certificates with unsupported or unknown critical extensions

charon.crypto_test

bench

no

Benchmark crypto algorithms and order them by efficiency

bench_size

1024

Buffer size used for crypto benchmark

bench_time

50

Time in ms during which crypto algorithm performance is measured

on_add

no

Test crypto algorithms during registration (requires test vectors provided by the test-vectors plugin)

on_create

no

Test crypto algorithms on each crypto primitive instantiation

required

no

Strictly require at least one test vector to enable an algorithm

rng_true

no

Whether to test RNG with TRUE quality. Requires a lot of entropy

charon.leak_detective

detailed

yes

Includes source file names and line numbers in leak detective output

usage_threshold

[→]

Threshold in bytes for allocations to be included in usage reports (0 to include all). [10240]

usage_threshold_count

0

Threshold in number of allocations for allocations to be included in usage reports (0 to include all)

Dangerous Options

Key Default

accept_unencrypted_mainmode_messages

no

Accept unencrypted ID and HASH payloads in IKEv1 Main Mode. Some implementations send the third Main Mode message unencrypted, probably to find the PSKs for the specified ID for authentication. This is very similar to Aggressive Mode and has the same security implications: A passive attacker can sniff the negotiated identity and can start brute forcing the PSK using the HASH payload. Don’t enable this option unless you know exactly what the implications are and compatibility to such devices is required (e.g. some SonicWall boxes).

i_dont_care_about_security_and_use_aggressive_mode_psk

no

If enabled, IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys (PSKs). This is strongly discouraged due to security concerns (offline attacks on the openly transmitted hash of the PSK).

charon.plugins

Key

Default

Description [Default]

charon.plugins.addrblock

depth

-1

How deep towards the root CA to validate issuer cert IPAddrblock extensions (since version 5.9.6).

RFC 3779 requires that all addrblocks claimed by a certificate must be contained in the IPAddrblock extension of the issuer certificate, up to the root CA. The default depth setting of -1 enforces this.

In practice, third party (root) CAs may not contain the extension, making the IPAddrblock extension unusable under such CAs. By limiting the validation depth, only a certain level of issuer certificates are validated for proper IPAddrblock extensions: A depth of 0 does not check any issuer certificate extensions, a depth of 1 only the direct issuer of the end entity certificate is checkend, and so on.

strict

yes

If set to yes, a subject certificate without an IPAddrblock extension is rejected if the issuer certificate posesses an IPAddrblock extension extension. If set to no, subject certificates issued without the IPAddrblock extension are accepted without any traffic selector checks and no policy is enforced by the plugin.

charon.plugins.android-log

loglevel

1

Log level for logging to Android specific logger

charon.plugins.attr

<attribute>

Attribute assigned to a peer via CP configuration payload or ModeConfig

charon.plugins.attr-sql

crash_recovery

yes

Release all online leases during startup. Disable this to share the database between multiple VPN gateways

database

Database URI used to access the database

lease_history

yes

Enable logging of IP pool leases

charon.plugins.bliss

use_bliss_b

yes

Use the enhanced BLISS-B key generation and signature algorithm

charon.plugins.botan

internal_rng_only

no

If enabled, only Botan’s internal RNG will be used throughout the plugin. Otherwise and if supported by Botan, rng_t implementations provided by other loaded plugins will be used as RNG

charon.plugins.bypass-lan

interfaces_ignore

A comma-separated list of network interfaces for which connected subnets should be ignored. If interfaces_use is specified this option has no effect

interfaces_use

A comma-separated list of network interfaces for which connected subnets should be considered. All other interfaces are ignored

charon.plugins.certexpire

csv.cron

Cron style string specifying CSV export times

csv.empty_string

String to use in empty intermediate CA fields

csv.fixed_fields

yes

Use a fixed intermediate CA field count

csv.format

[→]

strftime() format string to export expiration dates as. [%d:%m:%Y]

csv.local

strftime() format string for the CSV file to export local certificates to

csv.remote

strftime() format string for the CSV file to export remote certificates to

csv.separator

,

CSV field separator

charon.plugins.coupling

file

File to store coupling list to

hash

sha1

Hashing algorithm to fingerprint coupled certificates (md5/sha1/sha256/sha384/sha512)

max

1

Maximum number of coupling entries to create

charon.plugins.curl

redir

-1

Maximum number of redirects followed by the plugin, set to 0 to disable following redirects, set to -1 for no limit

tls_backend

The SSL/TLS backend to configure in curl if multiple are available (requires libcurl 7.56 or newer). A list of available options is logged on level 2 if nothing is configured. Similar but on level 1 if the selected backend isn’t available

charon.plugins.dhcp

force_server_address

no

Always use the configured server address[1]

identity_lease

no

Derive user-defined MAC address from hash of IKE identity. The client identity DHCP option containing the IKE identity is only sent if this option is enabled

interface

Interface name the plugin uses for address allocation. The default is to bind to any (0.0.0.0) and let the system decide which way to route the packets to the DHCP server

server

[→]

DHCP server unicast or broadcast IP address. [255.255.255.255]

use_server_port

no

Use the DHCP server port 67 as source port instead of the DHCP client port 68 when a unicast server address is configured and the plugin acts as relay agent[2]

charon.plugins.duplicheck

enable

yes

Enable duplicheck functionality

socket

[→]

Socket provided by the duplicheck plugin. [`unix://${piddir}/charon.dck]`

charon.plugins.eap-aka

request_identity

yes

charon.plugins.eap-aka-3gpp

seq_check

Enable to activate sequence check of the AKA SQN values in order to trigger resync cycles

charon.plugins.eap-aka-3gpp2

seq_check

Enable to activate sequence check of the AKA SQN values in order to trigger resync cycles

charon.plugins.eap-dynamic

prefer_user

no

If enabled the order of the EAP methods in an EAP-NAK message sent by a client is preferred over the one configured locally

preferred

The preferred EAP method(s) to be used. If not set, the first registered method will be used initially. If a comma separated list is specified, the methods are tried in the given order before trying the rest of the registered methods

charon.plugins.eap-gtc

backend

pam

XAuth backend to use

charon.plugins.eap-peap

fragment_size

1024

Maximum size of an EAP-PEAP packet

max_message_count

32

Maximum number of processed EAP-PEAP packets. (0 = no limit)

include_length

no

Include length in non-fragmented EAP-PEAP packets

phase2_method

[→]

Phase2 EAP client authentication method. [mschapv2]

phase2_piggyback

no

Phase2 EAP Identity request piggybacked by server onto TLS Finished message

phase2_tnc

no

Start phase2 EAP-TNC protocol after successful client authentication

request_peer_auth

no

Request peer authentication based on a client certificate

charon.plugins.eap-radius

accounting

no

Enable EAP-RADIUS accounting

accounting_close_on_timeout

yes

Close the IKE_SA if there is a timeout during interim RADIUS accounting updates

accounting_interval

0s

Interval in seconds for interim RADIUS accounting updates, if not specified by the RADIUS server in the Access-Accept message

accounting_requires_vip

no

If enabled, accounting is disabled unless an IKE_SA has at least one virtual IP

accounting_send_class

no

If enabled, adds the Class attributes received in Access-Accept message to the RADIUS accounting messages

class_group

no

Use the class attribute sent in the Access-Accept message as group membership information.

close_all_on_timeout

no

Closes all IKE_SAs if communication with the RADIUS server times out. If it is not set only the current IKE_SA is closed

dae.enable

no

Enables support for the Dynamic Authorization Extension

dae.listen

[→]

Address to listen for DAE messages from the RADIUS server. [0.0.0.0]

dae.port

3799

Port to listen for DAE requests

dae.secret

Shared secret used to verify/sign DAE messages.If set, make sure to adjust the permissions of the config file accordingly

eap_start

no

Send EAP-Start instead of EAP-Identity to start RADIUS conversation

filter_id

no

Use the filter_id attribute sent in the RADIUS-Accept message as group membership if the RADIUS tunnel_type attribute is set to ESP

forward.ike_to_radius

RADIUS attributes to be forwarded from IKEv2 to RADIUS (can be defined by name or attribute number, a colon can be used to specify vendor-specific attributes, e.g. Reply-Message, or 11, or 36906:12)

forward.radius_to_ike

Same as above but from RADIUS to IKEv2, a strongSwan specific private notify (40969) is used to transmit the attributes

id_prefix

Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the EAP method

nas_identifier

[→]

NAS-Identifier to include in RADIUS messages. [strongSwan]

port

1812

Port of RADIUS server (authentication)

retransmit_base

1.4

Base to use for calculating exponential back off

retransmit_timeout

2.0

Timeout in seconds before sending first retransmit

retransmit_tries

4

Number of times to retransmit a packet before giving up

secret

Shared secret between RADIUS and NAS. If set, make sure to adjust the permissions of the config file accordingly

server

IP/Hostname of RADIUS server

servers

Section to specify multiple RADIUS servers. The nas_identifier, secret, sockets and port (or auth_port) options can be specified for each server. The retransmit settings can also be changed for each server. A server’s IP/Hostname can be configured using the address option. The acct_port [1813] option can be used to specify the port used for RADIUS accounting. For each server a priority can be specified using the preference [0] option

sockets

1

Number of sockets (ports) to use. Increase for high load

station_id_with_port

yes

Whether to include the UDP port in the Called-Station_ID and Calling-Station-Id attributes

xauth

Section to configure multiple XAuth authentication rounds via RADIUS

charon.plugins.eap-sim

request_identity

yes

charon.plugins.eap-simaka-sql

database

Database URI

remove_used

no

Remove triplets/quintuplets after use

charon.plugins.eap-tls

fragment_size

1024

Maximum size of an EAP-TLS packet

include_length

yes

Include length in non-fragmented EAP-TLS packets

max_message_count

32

Maximum number of processed EAP-TLS packets (0 = no limit)

charon.plugins.eap-tnc

max_message_count

10

Maximum number of processed EAP-TNC packets (0 = no limit)

protocol

[→]

IF-TNCCS protocol version to be used (tnccs-1.1, tnccs-2.0, tnccs-dynamic). [tnccs-2.0]

charon.plugins.eap-ttls

fragment_size

1024

Maximum size of an EAP-TTLS packet

include_length

yes

Include length in non-fragmented EAP-TTLS packets

max_message_count

32

Maximum number of processed EAP-TTLS packets (0 = no limit)

phase2_method

md5

Phase2 EAP client authentication method

phase2_piggyback

no

Phase2 EAP Identity request piggybacked by server onto TLS Finished message

phase2_tnc

no

Start phase2 EAP TNC protocol after successful client authentication

phase2_tnc_method

pt

Phase2 EAP TNC transport protocol (pt as IETF standard or legacy tnc)

request_peer_auth

no

Request peer authentication based on a client certificate

charon.plugins.error-notify

socket

[→]

Socket provided by the error-notify plugin. [unix://${piddir}/charon.enfy]

charon.plugins.ext-auth

charon.plugins.ext-auth.script

Script or command to execute

charon.plugins.forecast

groups

[→]

Comma-separated list of multicast groups to join locally. The local host receives and forwards packets in the local LAN for joined multicast groups only. Packets matching the list of multicast groups get forwarded to connected clients. The default group includes host multicasts, IGMP, mDNS, LLMNR and SSDP/WS-Discovery and is usually a good choice for Windows clients. [224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250]

interface

Name of the local interface to listen for broadcasts messages to forward. If no interface is configured, the first usable interface is used, which is usually just fine for single-homed hosts. If your host has multiple interfaces, set this option to the local LAN interface you want to forward broadcasts from/to.

reinject

Comma-separated list of CHILD SA configuration names for which to perform multi/broadcast reinjection. For clients connecting over such a configuration, any multi/broadcast received over the tunnel gets reinjected to all active tunnels. This makes the broadcasts visible to other peers, and for examples allows clients to see others shares. If disabled, multi/broadcast messages received over a tunnel are injected to the local network only, but not to other IPsec clients.

charon.plugins.gcrypt

quick_random

no

Use faster random numbers in gcrypt. For testing only, produces weak keys!

charon.plugins.ha

autobalance

0

Interval in seconds to automatically balance handled segments between nodes. Set to 0 to disable

buflen

2048

Buffer size for received HA messages. For IKEv1 the public DH factors are also transmitted so depending on the DH group the HA messages can get quite big (the default should be fine up to modp4096)

fifo_interface

yes

Enable the segment responsibility administration interface

heartbeat_delay

1000

Time between heartbeats

heartbeat_timeout

2100

Time after the last received heartbeet after which a failure is declared.

local

IP address on which to receive sync messages

monitor

yes

Enable the heartbeat based remote node monitoring

pools

Optional HA-enabled virtual IP address pool subsection

remote

IP address to send sync messages to

resync

yes

Enable automatic state resynchronization if a node joins the cluster

secret

If specified, the nodes automatically establish a pre-shared key authenticated IPsec tunnel for HA sync and control messages

segment_count

1

Number of ClusterIP segments to use

charon.plugins.ipseckey

enable

no

Enable fetching of IPSECKEY Resource Records via DNS

charon.plugins.kernel-libipsec

allow_peer_ts

no

Allow that the remote traffic selector equals the IKE peer

fwmark

[→]

Firewall mark to set on outbound raw ESP packets. Since version 5.9.11 [charon.plugins.socket-default.fwmark]

raw_esp

no

Whether to send and receive ESP packets without UDP encapsulation if supported on this platform and no NAT is detected. Since version 5.9.11

buflen

[→]

Buffer size for received Netlink messages. [min(PAGE_SIZE, 8192)]

fwmark

Firewall mark to set on the routing rule that directs traffic to our own routing table. The format is [!]mark[/mask], where the optional exclamation mark inverts the meaning (i.e. the rule only applies to packets that don’t match the mark). A possible use case is host-to-host tunnels with kernel-libipsec. When set to !<mark> a more efficient lookup for source and next-hop addresses may also be used since version 5.3.3

hw_offload_feature_interface

lo

If the kernel supports hardware offloading, the plugin needs to find the feature flag which represents hardware offloading support for network devices. Using the loopback device for this purpose is usually fine, since it should always be present. For rare cases in which the loopback device cannot be used to obtain the appropriate feature flag, this option can be used to specify an alternative interface for offload feature detection

install_routes_xfrmi

no

Whether routes via XFRM interfaces are automatically installed for SAs that reference such an interface via if_id_out. If the traffic selectors include the IKE traffic to the peer, this requires special care (e.g. installing bypass policies and/or routes, or setting a mark on the IKE socket and excluding such packets from the configured routing table via fwmark option). Since version 5.9.10

mss

0

MSS to set on installed routes, 0 to disable

mtu

0

MTU to set on installed routes, 0 to disable

port_bypass

no

Whether to use port or socket based IKE XFRM bypass policies. IKE bypass policies are used to exempt IKE traffic from XFRM processing. The default socket based policies are directly tied to the IKE UDP sockets, port based policies use global XFRM bypass policies for the used IKE UDP ports.

process_rules

no

Whether to process changes in routing rules to trigger roam events. This is currently only useful if the kernel based route lookup is used (i.e. if route installation is disabled or an inverted fwmark match is configured)

receive_buffer_size

8388608

Maximum Netlink socket receive buffer in bytes. This value controls how many bytes of Netlink messages can be queued to a Netlink socket. If set to 0, the default from /proc/sys/net/core/rmem_default will apply. Note that the kernel doubles the configured value to account for overhead. To exceed the system-wide maximum from /proc/sys/net/core/rmem_max, special privileges (CAP_NET_ADMIN) are necessary, otherwise, the kernel silently caps the value.

roam_events

yes

Whether to trigger roam events when interfaces, addresses or routes change

set_proto_port_transport_sa

no

Whether to set protocol and ports in the selector installed on transport mode IPsec SAs in the kernel. While doing so enforces policies for inbound traffic, it also prevents the use of a single IPsec SA by more than one traffic selector

spdh_thresh

Subsection to configure XFRM policy hashing thresholds for IPv4 and IPv6. The section defines hashing thresholds to configure in the kernel during daemon startup. Each address family takes a threshold for the local subnet of an IPsec policy (src in out-policies, dst in in- and forward-policies) and the remote subnet (dst in out-policies, src in in- and forward-policies). If the subnet has more or equal net bits than the threshold, the first threshold bits are used to calculate a hash to lookup the policy. Note: These settings are mostly obsolete since Linux 5.0, which started using a multi-level tree-based policy lookup.

spdh_thresh.ipv4.lbits

32

Local subnet XFRM policy hashing threshold for IPv4

spdh_thresh.ipv4.rbits

32

Remote subnet XFRM policy hashing threshold for IPv4

spdh_thresh.ipv6.lbits

128

Local subnet XFRM policy hashing threshold for IPv6

spdh_thresh.ipv6.rbits

128

Remote subnet XFRM policy hashing threshold for IPv6

xfrm_acq_expires

165

Lifetime of XFRM acquire state created by the kernel when traffic matches a trap policy. The value gets written to /proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay between XFRM acquire messages triggered by the kernel for a trap policy. The same value is used as timeout for SPIs allocated by the kernel. The default value equals the default total retransmission timeout for IKE messages (since version 5.5.3 this value is determined dynamically based on the configuration)

charon.plugins.kernel-pfkey

events_buffer_size

0

Size of the receive buffer for the event socket (0 for default size). Because events are received asynchronously installing e.g. lots of policies may require a larger buffer than the default on certain platforms in order to receive all messages

route_via_internal

no

Whether to use the internal or external interface in installed routes.The internal interface is the one where the IP address contained in the local traffic selector is located, the external interface is the one over which the destination address of the IPsec tunnel can be reached. This is not relevant if virtual IPs are used, for which a TUN device is created that’s used in the routes

charon.plugins.kernel-pfroute

mtu

1400

MTU to set on TUN devices created for virtual IPs

vip_wait

1000

Time in ms to wait until virtual IP addresses appear/disappear before failing

charon.plugins.led

activity_led

blink_time

50

charon.plugins.load-tester

addrs

Subsection that contains key/value pairs with address pools (in CIDR notation) to use for a specific network interface e.g. eth0 = 10.10.0.0/16

addrs_keep

no

Whether to keep dynamic addresses installed even after the associated SA got terminated

addrs_prefix

16

Network prefix length to use when installing dynamic addresses. If set to -1 the full address is used (i.e. 32 or 128)

ca_dir

Directory to load (intermediate) CA certificates from

child_rekey

600

Seconds to start CHILD_SA rekeying after setup

crl

URI to a CRL to include as certificate distribution point in generated certificates

delay

0

Delay between initiatons for each thread

delete_after_established

no

Delete an IKE_SA as soon as it has been established

digest

sha1

Digest algorithm used when issuing certificates

dpd_delay

0

DPD delay to use in load test

dynamic_port

0

Base port to be used for requests (each client uses a different port)

eap_password

[→]

EAP secret to use in load test. [default-pwd]

enable

no

Enable the load testing plugin

esp

[→]

CHILD_SA proposal to use for load tests. [aes128-sha1]

fake_kernel

no

Fake the kernel interface to allow load-testing against self

ike_rekey

0

Seconds to start IKE_SA rekeying after setup

init_limit

0

Global limit of concurrently established SAs during load test

initiator

[→]

Address to initiate from. [0.0.0.0]

initiator_auth

[→]

Authentication method(s) the intiator uses. [pubkey]

initiator_id

Initiator ID used in load test

initiator_match

Initiator ID to match against as responder

initiator_tsi

Traffic selector on initiator side, as proposed by initiator

initiator_tsr

Traffic selector on responder side, as proposed by initiator

initiators

0

Number of concurrent initiator threads to use in load test

issuer_cert

Path to the issuer certificate (if not configured a hard-coded default value is used)

issuer_key

Path to private key that is used to issue certificates (if not configured a hard-coded default value is used)

iterations

1

Number of IKE_SAs to initiate by each initiator in load test

mode

[→]

IPsec mode to use, one of tunnel, transport, or beet. [tunnel]

pool

Provide virtual IPs from a named pool

preshared_key

[→]

Preshared key to use in load test. [<default-psk>]

proposal

[→]

IKE proposal to use in load test. [aes128-sha1-modp768]

request_virtual_ip

no

Request an INTERNAL_IPV4_ADDR and INTERNAL_IPV6_ADDR (since version 5.9.1) from the server

responder

[→]

Address to initiation connections to. [127.0.0.1]

responder_auth

pubkey

Authentication method(s) the responder uses

responder_id

Responder ID used in load test

responder_tsi

[→]

Traffic selector on initiator side, as narrowed by responder. [initiator_tsi]

responder_tsr

[→]

Traffic selector on responder side, as narrowed by responder. [initiator_tsr]

shutdown_when_complete

no

Shutdown the daemon after all IKE_SAs have been established

socket

[→]

Socket provided by the load-tester plugin. [unix://${piddir}/charon.ldt]

version

0

IKE version to use (0 means use IKEv2 as initiator and accept any version as responder)

charon.plugins.lookip

socket

[→]

Socket provided by the lookip plugin. [unix://${piddir}/charon.lkp]

charon.plugins.ntru

parameter_set

[→]

The following parameter sets are available: x9_98_speed, x9_98_bandwidth, x9_98_balance and optimum, the last set not being part of the X9.98 standard but having the best performance. [optimum]

charon.plugins.openssl

engine_id

[→]

ENGINE ID to use in the OpenSSL plugin. [pkcs11]

fips_mode

0

Set OpenSSL FIPS mode. With OpenSSL before 3.0, the supported values are disabled(0), enabled(1) and Suite B enabled(2). With OpenSSL 3+, any value other than 0 will explicitly load the fips and base providers (load_legacy will be ignored). The latter still requires the config in fipsmodule.cnf (e.g. for the module’s MAC), but allows explicitly loading the provider if it’s not activated in that config

load_legacy

yes

Load the legacy provider in OpenSSL 3+ for algorithms like MD4, DES, or Blowfish (the first two are required for EAP-MSCHAPv2). If disabled, the default provider is loaded, or those configured in the OpenSSL config (e.g. the fips provider)

charon.plugins.openxpki

database

OpenXPKI MySQL/MariaDB URI. If it contains a password, make sure to adjust the permissions of the config file accordingly

charon.plugins.osx-attr

append

yes

Whether DNS servers are appended to existing entries, instead of replacing them

charon.plugins.pkcs11

modules

This section lists available PKCS#11 modules

modules.<name>.path

Full path to the shared object file of this PKCS#11 module

modules.<name>.os_locking

no

Whether OS locking should be enabled for this module

modules.<name>.load_certs

yes

Whether the PKCS#11 modules should load certificates from tokens

reload_certs

no

Whether the PKCS#11 modules should reload all certificates if charon receives a SIGHUP signal

use_dh

no

Whether the PKCS#11 modules should be used for DH and ECDH

use_ecc

no

Whether the PKCS#11 modules should be used for ECDH and ECDSA public key operations. ECDSA private keys can be used regardless of this option

use_hasher

no

Whether the PKCS#11 modules should be used to hash data

use_pubkey

no

Whether the PKCS#11 modules should be used for public key operations, even for keys not stored on tokens

use_rng

no

Whether the PKCS#11 modules should be used as RNG

use_rsa_pss_hashers

no

Whether the PKCS#11 modules should try to use internal hashing for RSA-PSS signatures (some PKCS#11 libraries don’t implement internal hashing in conjunction with RSA-PSS correctly). RSA-PSS support since version 5.9.14

charon.plugins.radattr

dir

Directory where RADIUS attributes are stored in client-ID specific files

message_id

-1

RADIUS attributes are added to all IKE_AUTH messages by default [-1] or only to the IKE_AUTH message with the given IKEv2 message ID

charon.plugins.random

random

[→]

File to read random bytes from. [/dev/random]

urandom

[→]

File to read pseudo random bytes from. [/dev/urandom]

strong_equals_true

no

If enabled the RNG_STRONG class reads random bytes from the same source as the RNG_TRUE class

charon.plugins.resolve

file

[→]

File where name servers are written to if not using resolvconf(8) [/etc/resolv.conf]

resolvconf.iface

[→]

The interface name and protocol sent to resolvconf(8). This has to be a valid interface name according to the rules defined by resolvconf. Also, it should have a high priority according to the order defined in interface-order(8) if relevant on the system [lo.inet]

resolvconf.path

[→]

Path/command for resolvconf(8) (since version 5.9.9). The command is executed by a shell, so "resolvconf" will work if it’s in $PATH of the daemon. If not configured, resolvconf(8) will be used if found at the default location. Otherwise, the file in charon.plugins.resolve.file will be modified directly [/sbin/resolvconf]

charon.plugins.revocation

enable_crl

yes

Whether CRL validation should be enabled

enable_ocsp

yes

Whether OCSP validation should be enabled

timeout

10s

charon.plugins.save-keys

esp

no

Whether to save ESP keys

ike

no

Whether to save IKE keys

wireshark_keys

Directory where the keys are stored in the format supported by Wireshark. IKEv1 keys are stored in the ikev1_decryption_table file. IKEv2 keys are stored in the ikev2_decryption_table file. Keys for ESP CHILD_SAs are stored in the esp_sa file

charon.plugins.socket-default

set_source

yes

Set source address on outbound packets, if possible

set_sourceif

no

Force sending interface on outbound packets, if possible. This allows using IPv6 link-local addresses as tunnel endpoints

use_ipv4

yes

Listen on IPv4, if possible

use_ipv6

yes

Listen on IPv6, if possible

charon.plugins.sql

database

Database URI. If it contains a password, make sure to adjust the permissions of the config file accordingly

loglevel

-1

Loglevel for logging to SQL database

charon.plugins.stroke

allow_swap

yes

Analyze addresses/hostnames in left/right to detect which side is local and swap configuration options if necessary. If disabled left is always local

ignore_missing_ca_basic_constraint

no

Treat certificates in ipsec.d/cacerts and ipsec.conf as CA certificates even if they don’t contain a CA basic constraint

max_concurrent

4

Maximum number of stroke messages handled concurrently

secrets_file

[→]

Location of the ipsec.secrets file. [${sysconfdir}/ipsec.secrets]

socket

[→]

Socket provided by the stroke plugin. [unix://${piddir}/charon.ctl]

timeout

0

Timeout in ms for any stroke command. Use 0 to disable the timeout

charon.plugins.systime-fix

interval

0

Interval in seconds to check system time for validity. 0 disables the check

reauth

no

Whether to use reauth or delete if an invalid cert lifetime is detected

threshold

Threshold date where system time is considered valid. Disabled if not specified

threshold_format

%Y

strftime(3) format used to parse threshold option

timeout

0s

How long to wait for a valid system time if an interval is configured. 0 to recheck indefinitely

charon.plugins.tnc-ifmap

client_cert

Path to X.509 certificate file of IF-MAP client

client_key

Path to private key file of IF-MAP client

device_name

Unique name of strongSwan server as a PEP and/or PDP device

renew_session_interval

150

Interval in seconds between periodic IF-MAP RenewSession requests

server_cert

Path to X.509 certificate file of IF-MAP server

server_uri

[→]

URI of the form [https://]servername[:port][/path]. [https://localhost:8444/imap]

username_password

Credentials of IF-MAP client of the form username:password. If set, make sure to adjust the permissions of the config file accordingly

charon.plugins.tnc-imc

dlcose

yes

Unload IMC after use

preferred_language

en

Preferred language for TNC recommendations

charon.plugins.tnc-imv

dlcose

yes

Unload IMV after use

recommendation_policy

[→]

TNC recommendation policy, one of default, any, or all. [default]

charon.plugins.tnc-pdp

pt_tls.enable

yes

Enable PT-TLS protocol on the strongSwan PDP

pt_tls.port

271

PT-TLS server port the strongSwan PDP is listening on

radius.enable

yes

Enable RADIUS protocol on the strongSwan PDP

radius.method

ttls

EAP tunnel method to be used

radius.port

1812

RADIUS server port the strongSwan PDP is listening on

radius.secret

Shared RADIUS secret between strongSwan PDP and NAS. If set, make sure to adjust the permissions of the config file accordingly

server

Name of the strongSwan PDP as contained in the AAA certificate

timeout

Timeout in seconds before closing incomplete connections

charon.plugins.tnccs-11

max_message_size

[→]

Maximum size of a PA-TNC message (XML & Base64 encoding). [45000]

charon.plugins.tnccs-20

max_batch_size

Maximum size of a PB-TNC batch (upper limit via PT-EAP = 65529). [65522]

max_message_size

Maximum size of a PA-TNC message (upper limit via PT-EAP = 65497). [65490]

mutual

no

Enable PB-TNC mutual protocol

charon.plugins.tpm

ek_handle

Handle of the RSA or ECC Endorsement Key (EK) to be used to set up an authenticated session with a TPM 2.0 (e.g. 0x81010001)

fips_186_4

no

Is the TPM 2.0 FIPS-186-4 compliant, which forces e.g. the use of the default salt length instead of maximum salt length with RSA-PSS padding

tcti.name

[→]

Name of TPM 2.0 TCTI library. Valid values: device, tabrmd or mssim. Defaults are device if the /dev/tpmrm0 in-kernel TPM 2.0 resource manager device exists and tabrmd otherwise, requiring the D-Bus based TPM 2.0 access broker and resource manager to be available. [device|tabrmd]

tcti.opts

[→]

Options for the TPM 2.0 TCTI library. Defaults are /dev/tpmrm0 if the TCTI library name is device and no options otherwise. [/dev/tpmrm0| ]

use_rng

no

Whether the TPM 2.0 should be used as RNG. For security reasons enable only if an authenticated session can be set up (see ek_handle option)

charon.plugins.unbound

dlv_anchors

File to read trusted keys for DLV (DNSSEC Lookaside Validation) from. It uses the same format as trust_anchors. Only one DLV can be configured, which is then used as a root trusted DLV, this means that it is a lookaside for the root

resolv_conf

[→]

File to read DNS resolver configuration from. [/etc/resolv.conf]

trust_anchors

[→]

File to read DNSSEC trust anchors from (usually root zone KSK). The format of the file is the standard DNS Zone file format, anchors can be stored as DS or DNSKEY entries in the file. [${sysconfdir}/ipsec.d/dnssec.keys]

charon.plugins.updown

dns_handler

no

Whether the updown script should handle DNS servers assigned via IKEv1 ModeConfig or IKEv2 CP Config Payloads. If enabled they can’t be handled by other plugins, like resolve

charon.plugins.vici

socket

[→]

URI the plugin listens for client connections. [unix://${piddir}/charon.vici]

charon.plugins.whitelist

enabled

no

Enable whitelist checking

socket

Socket provided by the whitelist plugin. [unix://${piddir}/charon.wlst]

charon.plugins.wolfssl

fips_mode

no

Enable to prevent loading the plugin if wolfSSL is not in FIPS mode

charon.plugins.xauth-eap

backend

[→]

EAP plugin to use. [radius]

charon.plugins.xauth-pam

pam_service

[→]

PAM service to use for authentication. [login]

session

no

Open/close a PAM session for each active IKE_SA

trim_email

yes

If an email address is received as an XAuth username, trim it to just the username part

charon-nm

Key Default Description [Default]

ca_dir

[→]

Directory from which to load CA certificates if no certificate is configured. [${nm_ca_dir}]

mtu

1400

MTU for XFRM interfaces created by the NM plugin

charon-systemd

journal

Section to configure native systemd journal logger, very similar to the syslog logger as described in Logging

imv_policy_manager

command_allow

Shell command to be executed with recommendation allow

command_block

Shell command to be executed with all other recommendations

database

Database URI for the database that stores the package information. If it contains a password, make sure to adjust access permissions of the config file accordingly

load

[→]

Plugins to load in IMV policy manager. [sqlite]

libimcv

Alternatively the libimcv options could be defined in a charon.imcv subsection.

Key Default Description [Default]

assessment_result

yes

Whether IMVs send a standard IETF Assessment Result attribute

database

Global IMV policy database URI. If it contains a password, make sure to adjust the access permissions of the config file accordingly

debug_level

1

Debug level for a stand-alone libimcv library

load

[→]

Plugins to load in IMC/IMVs with stand-alone libimcv library. [random nonce gmp pubkey x509]

policy_script

[→]

Script called for each TNC connection to generate IMV policies. [ipsec _imv_policy]

stderr_quiet

no

Disable output to stderr with a stand-alone libimcv library.

libimcv.os_info

default_password_enabled

no

Manually set whether a default password is enabled

name

Manually set the name of the client OS (e.g. Ubuntu)

version

Manually set the version of the client OS (e.g. 20.04 x86_64)

libimcv.swid_gen

command

[→]

SWID generator command to be executed. [/usr/local/bin/swid_generator]

tag_creator.name

[→]

Name of the tagCreator entity. [strongSwan Project]

tag_creator.regid

[→]

regid of the tagCreator entity. [strongswan.org]

libimcv.plugins.imc-attestation

aik_blob

AIK encrypted private key blob file (TPM 1.2 only)

aik_cert

AIK certificate file

aik_handle

AIK object handle, e.g. 0x81010003

aik_pubkey

AIK public key file

hash_algorithm

[→]

Preferred measurement hash algorithm. [sha384]

mandatory_dh_groups

yes

Enforce mandatory Diffie-Hellman groups

nonce_len

20

DH nonce length

pcr_info

no

Whether to send pcr_before and pcr_after info

pcr_padding

no

Whether to pad IMA SHA1 measurements values when extending into SHA256 PCR banks

use_quote2

yes

Use Quote2 AIK signature instead of Quote signature

use_version_info

no

Version Info is included in Quote2 signature

libimcv.plugins.imc-hcd

push_info

yes

Send quadruple info without being prompted

subtypes

Section to define PWG HCD PA subtypes (see [HCD-IMC])

subtypes.<section>

Defines a PWG HCD PA subtype section. Recognized subtype <section> names are system, control, marker, finisher, interface and scanner

subtypes.<section>.<sw_type>

Defines a software type section. Recognized <sw_type> section names are firmware, resident_application and user_application

subtypes.<section>.<sw_type>. <software>

Defines a software section having an arbitrary name

subtypes.<section>.<sw_type>. <software>.name

Name of the software installed on the hardcopy device

subtypes.<section>.<sw_type>. <software>.patches

String describing all patches applied to the given software on this hardcopy device. The individual patches are separated by a newline character \n

subtypes.<section>.<sw_type>. <software>.string_version

String describing the version of the given software on this hardcopy device

subtypes.<section>.<sw_type>. <software>.version

Hex-encoded version string with a length of 16 octets consisting of the fields major version number (4 octets), minor version number (4 octets), build number (4 octets), service pack major number (2 octets) and service pack minor number (2 octets)

subtypes.<section>. attributes_natural_language

en

Variable length natural language tag conforming to RFC 5646 specifies the language to be used in the health assessment message of a given subtype

subtypes.system.certification_state

Hex-encoded certification state

subtypes.system.configuration_state

Hex-encoded configuration state

subtypes.system.machine_type_model

String specifying the machine type and model of the hardcopy device

subtypes.system.pstn_fax_enabled

no

Specifies if a PSTN facsimile interface is installed and enabled on the hardcopy device

subtypes.system.time_source

String specifying the hostname of the network time server used by the hardcopy device

subtypes.system. user_application_enabled

no

Specifies if users can dynamically download and execute applications on the hardcopy device

subtypes.system. user_application_persistence_enabled

no

Specifies if user dynamically downloaded applications can persist outside the boundaries of a single job on the hardcopy device

subtypes.system.vendor_name

String specifying the manufacturer of the hardcopy device

subtypes.system.vendor_smi_code

Integer specifying the globally unique 24-bit SMI code assigned to the manufacturer of the hardcopy device

libimcv.plugins.imc-os

device_cert

Manually set the path to the client device certificate (e.g. /etc/pts/aikCert.der)

device_handle

Manually set handle to a private key bound to a smartcard or TPM (e.g. 0x81010004)

device_id

Manually set the client device ID in hexadecimal format (e.g. 1083f03988c9762703b1c1080c2e46f72b99cc31)

device_pubkey

Manually set the path to the client device public key (e.g. /etc/pts/aikPub.der)

push_info

yes

Send operating system info without being prompted

libimcv.plugins.imc-scanner

push_info

yes

Send open listening ports without being prompted

libimcv.plugins.imc-swima

eid_epoch

[→]

Set 32 bit epoch value for event IDs manually if software collector database is not available. [0x11223344]

subscriptions

no

Accept SW Inventory or SW Events subscriptions

swid_database

URI to software collector database containing event timestamps, software creation and deletion events and collected software identifiers. If it contains a password, make sure to adjust the access permissions of the config file accordingly

swid_directory

[→]

Directory where SWID tags are located. [${prefix}/share]

swid_full

no

Include file information in the XML-encoded SWID tags

swid_pretty

no

Generate XML-encoded SWID tags with pretty indentation

libimcv.plugins.imc-test

additional_ids

0

Number of additional IMC IDs

command

none

Command to be sent to the Test IMV. Valid commands are allowed, isolate, block, none or retry

dummy_size

0

Size of dummy attribute to be sent to the Test IMV (0 = disabled)

retry

no

Do a handshake retry

retry_command

Command to be sent to the IMV Test in the handshake retry. Valid commands are allowed, isolate, block or none

libimcv.plugins.imv-attestation

cadir

Path to directory with AIK cacerts

dh_group

[→]

Preferred Diffie-Hellman group. [ecp256]

hash_algorithm

[→]

Preferred measurement hash algorithm. [sha384]

min_nonce_len

0

DH minimum nonce length

remediation_uri

URI pointing to attestation remediation instructions

libimcv.plugins.imv-os

remediation_uri

URI pointing to operating system remediation instructions

libimcv.plugins.imv-scanner

remediation_uri

URI pointing to scanner remediation instructions

libimcv.plugins.imv-swima

rest_api.timeout

120

Timeout of SWID REST API HTTP POST transaction

rest_api.uri

HTTP URI of the SWID REST API

libimcv.plugins.imv-test

rounds

0

Number of IMC-IMV retry rounds

libtls

Alternatively the libtls options could be defined in a charon.tls subsection.

Key Default Description [Default]

cipher

List of TLS encryption ciphers

key_exchange

List of TLS key exchange methods

ke_group

List of TLS key exchange groups

mac

List of TLS MAC algorithms

signature

List of TLS signature schemes

suites

List of TLS cipher suites

send_certreq_authorities

yes

Whether to include CAs in a server’s CertificateRequest message. May be disabled if clients can’t handle a long list of CAs

version_min

1.2

Minimum TLS version to negotiate

version_max

1.2

Maximum TLS version to negotiate

libtnccs

Alternatively the libtnccs options could be defined in a charon.tnc subsection.

Key Default Description [Default]

tnc_config

[→]

TNC IMC/IMV configuration file. [/etc/tnc_config]

manager

Key Default Description [Default]

database

Credential database URI for If it contains a password, make sure to adjust the access permissions of the config file accordingly

debug

no

Enable debugging in manager

load

Plugins to load in manager

socket

FastCGI socket of manager, to run it statically

threads

10

Threads to use for request handling

timeout

15m

Session timeout for manager

medcli

database

Mediation client database URI. If it contains a password, make sure to adjust the access permissions of the config file accordingly

dpd

5m

DPD timeout to use in mediation client plugin

rekey

20m

Rekeying time on mediation connections in mediation client plugin

medsrv

database

Mediation server database URI. If it contains a password, make sure to adjust the access permissions of the config file accordingly

debug

no

Debugging in mediation server web application

dpd

5m

DPD timeout to use in mediation server plugin

load

Plugins to load in mediation server plugin

password_length

6

Minimum password length required for mediation server user accounts

rekey

20m

Rekeying time on mediation connections in mediation server plugin

socket

Run Mediation server web application statically on socket

threads

5

Number of threads for mediation service web application

timeout

15m

Session timeout for mediation service

pki

load

Plugins to load in pki tool

scep.http_bind

Source IP address to bind for HTTP operations

scep.http_timeout

30s

Timeout for HTTP operations

scep.renewal_via_pkcs_req

no

Some SCEP servers (e.g. openxpki) are incorrectly doing certificate renewal via msgType PKCSReq (19) instead of RenewalReq (17)

pool

database

Database URI for the database that stores IP pools and configuration attributes. If it contains a password, make sure to adjust the access permissions of the config file accordingly

load

Plugins to load in ipsec pool tool

pt-tls-client

load

Plugins to load in pt-tls-client tool

sec-updater

database

Global IMV policy database URI. If it contains a password, make sure to adjust the access permissions of the config file accordingly

load

Plugins to load in sec-updater tool

tmp.deb_file

[→]

Temporary storage for downloaded deb package file. [/tmp/deb]

tmp.tag_file

[→]

Temporary storage for generated SWID tags. [/tmp/tag]

tnc_manage_command

[→]

strongTNC manage.py command used to import SWID tags. [/var/www/tnc/manage.py]

sw-collector

database

URI to software collector database containing event timestamps, software creation and deletion events and collected software identifiers. If it contains a password, make sure to adjust the access permissions of the config file accordingly

first_file

[→]

Path pointing to file created when the Linux OS was installed. [/var/log/bootstrap.log]

first_time

[→]

Time in UTC when the Linux OS was installed. [0000-00-00T00:00:00Z]

history

Path pointing to apt history.log file

load

Plugins to load in sw-collector tool

rest_api.timeout

120

Timeout in seconds of REST API HTTP POST transaction

rest_api.uri

HTTP[S] URI of the central collector’s REST API

starter

config_file

[→]

Location of the file. [${sysconfdir}/ipsec.conf]

load_warning

yes

Show charon.load setting warning, see Plugin Load

swanctl

load

Plugins to load in swanctl

socket

[→]

VICI socket to connect to by default. [unix://${piddir}/charon.vici]


1. If the DHCP server runs on the same host as the daemon with DHCP plugin, you may need to enable dhcp.force_server_address and then set dhcp.server to the local broadcast address, e.g. 192.168.0.255. That’s because some DHCP daemons do not listen on the loopback interface and thus can’t be reached via unicast (or even broadcast 255.255.255.255) from the same host.
2. When replying in this mode the DHCP server will always send packets to the DHCP server port and if no process binds that port an ICMP port unreachable message will be sent back that might be problematic for some DHCP servers. To avoid that, enabling this option will cause the plugin to bind the DHCP server port to send its requests when acting as relay agent. This is not necessary if a DHCP server is already running on the same host and might even cause conflicts and since the server port is already bound, ICMP messages should not be an issue.