swanctl.conf
Overview
The swanctl.conf
file provides connections, secrets and IP address pools for
the swanctl --load-*
commands.
The file uses a strongswan.conf
-style
syntax (referencing sections, since version 5.7.0, and including other files is
supported as well) and is located in the swanctl
configuration directory, usually /etc/swanctl
.
Examples are provided in the Quickstart guide. Many more can be found in our testing environment (but make sure to read the notes on these before using them). |
dot-Notation / Placeholders
In this manual, the options are documented in dot-notation and with generic placeholders, for instance:
connections.<conn>.remote<suffix>.auth=... (1) (2) connections.<conn>.children.<child>.local_ts=... (3)
1 | <conn> designates an arbitrary connection name |
2 | <suffix> is an optional extension to the given section name, it can be
omitted in many cases, except when e.g. defining secondary authentication
rounds or multiple secrets of the same type |
3 | <child> is an arbitrary child name |
The two options above as they might appear in an actual config file:
connections { connection_a { remote { auth=... } children { child_1 { local_ts=... } } } }
Number Formats
Options that define an integer value can be specified as decimal (the default)
or hexadecimal (0x
prefix, upper- or lowercase letters are accepted).
Locale-dependent strings (e.g. the thousands separator of the current locale)
may also be accepted in locales other than C
.
Options that define a floating-point value can be specified as decimal (the
default) or hexadecimal (0x
prefix, upper- or lowercase letters are accepted).
The radix character (decimal separator) in either case is locale-dependent,
usually '.'
.
Time Formats
Unless stated otherwise, options that define a time are specified in seconds.
The s
, m
, h
and d
suffixes may be used to automatically convert values
given in seconds, minutes, hours or days (for instance, instead of configuring
a rekey time of 4
hours as 14400
seconds, 4h
may be used).
There are some global options that don’t accept these suffixes as they are configured as integer values in seconds or milliseconds, or even as floating-point numbers (e.g. the retransmission timeout). Options that accept the suffixes have a corresponding default value.
Keys
authorities
Section defining complementary attributes of certification authorities, each in
its own subsection with an arbitrary yet unique name (denoted <name>
below).
Key | Default | Description |
---|---|---|
<name>.cacert |
The certificates may use a relative path from the
|
|
<name>.file |
Absolute path to the certificate to load. Passed as-is to the daemon, so it must
be readable by it.
Configure one of |
|
<name>.handle |
Hex-encoded |
|
<name>.slot |
Optional slot number of the token that stores the CA certificate |
|
<name>.module |
Optional PKCS#11 module name |
|
<name>.cert_uri_base |
Defines the base URI for the Hash and URL feature supported by IKEv2. Instead of exchanging complete certificates, IKEv2 allows one to send an URI that resolves to the DER encoded certificate. The certificate URIs are built by appending the SHA1 hash of the DER encoded certificates to this base URI |
|
<name>.crl_uris |
Comma-separated list of CRL distribution points (ldap, http, or file URI) |
|
<name>.ocsp_uris |
Comma-separated list of OCSP URIs |
connections
Section defining IKE connection configurations, each in its own subsection with
an arbitrary yet unique name (denoted <conn>
below).
Key | Default | Description [default] |
---|---|---|
<conn>.version |
|
IKE major version to use for connection. |
<conn>.local_addrs |
|
Local [comma-separated] address[es] to use for IKE communication. Accepts single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges. As an initiator, the first non-range/non-subnet is used to initiate the connection from. As a responder the local destination address must match at least to one of the specified addresses, subnets or ranges. If FQDNs are assigned, they are resolved every time a configuration lookup is done. If DNS resolution times out, the lookup is delayed for that time |
<conn>.remote_addrs |
|
Remote [comma-separated] address[es] to use for IKE communication. Accepts single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges. As an initiator, the first non-range/non-subnet is used to initiate the connection to. As a responder, the initiator source address must match at least to one of the specified addresses, subnets or ranges. If FQDNs are assigned they are resolved every time a configuration lookup is done. If DNS resolution times out, the lookup is delayed for that time. To initiate a connection, at least one specific address or DNS name must be specified |
<conn>.local_port |
|
Local UDP port for IKE communication. By default the port of the socket backend
is used, which is usually |
<conn>.remote_port |
|
Remote UDP port for IKE communication. If the default of port |
<conn>.proposals |
[→] |
A proposal is a set of algorithms. For
non-AEAD IKE proposals, this includes an encryption algorithm, an integrity
algorithm, a pseudo-random function (PRF) and a key exchange method. For AEAD
proposals, instead of encryption and integrity algorithms a combined mode
algorithm is used.
|
<conn>.vips |
Comma-separated list of virtual IPs to request in IKEv2 configuration payloads
or IKEv1 ModeConfig. The wildcard addresses |
|
<conn>.aggressive |
|
Enables IKEv1 Aggressive Mode instead of IKEv1 Main Mode with Identity Protection. Aggressive Mode is considered less secure because the ID and HASH payloads are exchanged unprotected. This allows a passive attacker to snoop peer identities and even worse, start dictionary attacks on the Preshared Key |
<conn>.pull |
|
If the default of |
<conn>.dscp |
[→] |
Differentiated Services Codepoint (DSCP) to set on outgoing IKE packets for this
connection. The value is a six digit binary encoded string specifying the
Codepoint to set, as defined in RFC 2474. [ |
<conn>.encap |
|
To enforce UDP encapsulation of ESP packets, the IKE daemon can manipulate the NAT detection payloads. This makes the peer believe that a NAT situation exist on the transmission path, forcing it to encapsulate ESP packets in UDP. Usually this is not required but it can help to work around connectivity issues with too restrictive intermediary firewalls that block ESP packets |
<conn>.mobike |
|
Enables MOBIKE on IKEv2 connections. MOBIKE is enabled by
default on IKEv2 connections and allows mobility of clients and multi-homing on
servers by migrating active IPsec tunnels. Usually keeping MOBIKE
enabled is unproblematic, as it is not used if the peer does not indicate support
for it. However, due to the design of MOBIKE, IKEv2 always floats to
UDP port |
<conn>.dpd_delay |
|
Interval to check the liveness of a peer actively using IKEv2 |
<conn>.dpd_timeout |
|
Charon by default uses the normal retransmission mechanism and timeouts to check the liveness of a peer, as all messages are used for liveness checking. For compatibility reasons, with IKEv1 a custom interval may be specified. This option has no effect on IKEv2 connections |
<conn>.fragmentation |
|
Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation). Acceptable values are |
<conn>.childless |
|
Since version 5.8.0. Use childless IKE_SA initiation (RFC 6023) for
IKEv2, with the first CHILD_SA created with a separate CREATE_CHILD_SA
exchange (e.g. to use an independent key exchange for all CHILD_SAs). Acceptable
values are |
<conn>.send_certreq |
|
Send certificate request payloads to offer trusted root CA certificates to the peer. Certificate requests help the peer to choose an appropriate certificate/private key for authentication and are enabled by default. Disabling certificate requests can be useful if too many trusted root CA certificates are installed, as each certificate request increases the size of the initial IKE packets |
<conn>.send_cert |
[→] |
Send certificate payloads when using certificate authentication. With the default
of |
<conn>.ppk_id |
Since version 5.7.0. String identifying the Postquantum Preshared Key (PPK, RFC 8784) to be used |
|
<conn>.ppk_required |
|
Since version 5.7.0. Whether a Postquantum Preshared Key (PPK, RFC 8784) is required for this connection |
<conn>.keyingtries |
|
Number of retransmission sequences to perform during initial connect. Instead of
giving up initiation after the first retransmission sequence with the default
value of |
<conn>.unique |
|
Connection uniqueness policy to enforce. To avoid multiple connections from the
same user, a uniqueness policy can be enforced. The value |
<conn>.reauth_time |
|
Time to schedule IKE reauthentication. IKE reauthentication recreates the
IKE/ISAKMP SA from scratch and re-evaluates the credentials. In asymmetric
configurations (with EAP or configuration payloads) it might not be possible to
actively reauthenticate as responder. The IKEv2 reauthentication lifetime
negotiation can instruct the client to perform reauthentication. Reauthentication
is disabled by default. Enabling it can usually result in short connection
interruptions, even when using make-before-break reauthentication, which is
now the default. However, they are significantly shorter than when using the
legacy break-before-make approach, which could still be used for compatibility
reasons by disabling |
<conn>.rekey_time |
|
IKE rekeying refreshes key material using a Diffie-Hellman key exchange, but does
not re-check associated credentials. It is supported with IKEv2 only. IKEv1
performs a reauthentication procedure instead. With the default value, IKE
rekeying is scheduled every |
<conn>.over_time |
[→] |
Hard IKE_SA lifetime if rekey/reauth does not complete, as time. To avoid having
an IKE or ISAKMP connection kept alive if IKE reauthentication or rekeying fails
perpetually, a maximum hard lifetime may be specified. If the IKE_SA fails to
rekey or reauthenticate within the specified time, the IKE_SA gets closed.
In contrast to CHILD_SA rekeying, |
<conn>.rand_time |
[→] |
Time range from which to choose a random value to subtract from rekey/reauth
times. To avoid having both peers initiating the rekey/reauth procedure
simultaneously, a random time gets subtracted from the rekey/reauth times.
The default is equal to the configured |
<conn>.pools |
Comma-separated list of named IP pools to allocate virtual IP addresses and other
configuration attributes from. Each name references a pool by name from either
the |
|
<conn>.if_id_in |
|
Since version 5.8.0. XFRM interface ID (32-bit unsigned integer) set on inbound
policies/SA. Can be overridden by child config, see there for details.
|
<conn>.if_id_out |
|
Since version 5.8.0. XFRM interface ID (32-bit unsigned integer) set on outbound
policies/SA. Can be overridden by child config, see there for details.
|
<conn>.ocsp |
|
Since version 5.9.14. Send OCSP status requests in certificate request payloads
and/or send OCSP status response in certificate payloads when using certificate-
based authentication. With the default of |
<conn>.mediation |
|
Since version 5.5.2. Whether this connection is a mediation connection, i.e. whether this connection is used to mediate other connections using the IKEv2 Mediation Extension. Mediation connections create no CHILD_SA |
<conn>.mediated_by |
Since version 5.5.2. The name of the connection to mediate this connection
through. If given, the connection will be mediated through the named mediation
connection. The mediation connection must have |
|
<conn>.mediation_peer |
Since version 5.5.2. Identity under which the peer is registered at the mediation
server, i.e. the IKE identity the other end of this connection uses as its local
identity on its connection to the mediation server. This is the identity we
request the mediation server to mediate us with. Only relevant on connections that
set |
connections.<conn>.local
Section for a local authentication round. A local authentication round defines
the rules how authentication is performed for the local peer. Multiple rounds may
be defined to use IKEv2 Multiple Authentication (RFC 4739) or IKEv1
XAuth. Each round is defined in a section having local
as prefix and an
optional unique <suffix>
as e.g. in local-xauth
or local2
. To define
a single authentication round, only, the`<suffix>` may be omitted.
Key | Default | Description [default] |
---|---|---|
round |
|
Since version 5.4.0. Optional numeric identifier by which authentication rounds
are sorted. If not specified, rounds are ordered by their position in the config
file or |
auth |
[→] |
Authentication to perform locally. |
id |
IKE identity to use for authentication round. When using certificate authentication. The IKE identity must be contained in the certificate, either as the subject DN or as a subjectAltName (the identity will default to the certificate’s subject DN if not specified). Refer to identity parsing for details on how identities are parsed and may be configured |
|
eap_id |
|
Client EAP-Identity to use in EAP-Identity exchange and the EAP method |
aaa_id |
[→] |
Server side EAP-Identity to expect in the EAP method. Some EAP methods, such as
EAP-TLS, use an identity for the server to perform mutual authentication. This
identity may differ from the IKE identity, especially when EAP authentication is
delegated from the IKE responder to an AAA backend. For EAP-(T)TLS this defines
the identity for which the server must provide a certificate in the TLS exchange.
[ |
xauth_id |
|
Client XAuth username used in the XAuth exchange |
certs |
Comma-separated list of certificate candidates to use for authentication. The
certificates may use a relative path from the
|
|
cert<suffix> |
Since version 5.5.2. Subsection for a certificate candidate to use for
authentication. Certificates in |
|
cert<suffix>.file |
Absolute path to the certificate to load. Passed as-is to the daemon, so it must
be readable by it. Configure either |
|
cert<suffix>.handle |
Hex-encoded |
|
cert<suffix>.slot |
Optional slot number of the token that stores the certificate |
|
cert<suffix>.module |
Optional PKCS#11 module name |
|
pubkeys |
Since version 5.4.0. Comma-separated list of raw public key candidates to use for
authentication. The public keys may use a relative path from the
|
connections.<conn>.remote
Section for a remote authentication round. A remote authentication round defines
the constraints how the peers must authenticate to use this connection. Multiple
rounds may be defined to use IKEv2 Multiple Authentication (RFC 4739
or IKEv1 XAuth. Each round is defined in a section having remote
as prefix
and an optional unique <suffix>
as e.g. in remote-xauth
or remote2
.
To define a single authentication round, only, the <suffix>
may be omitted.
Key | Default | Description [default] |
---|---|---|
round |
|
Since version 5.4.0. Optional numeric identifier by which authentication rounds
are sorted. If not specified, rounds are ordered by their position in the config
file or |
auth |
[→] |
Authentication to expect from remote. See the description of the |
id |
|
IKE identity to expect for authentication round. Refer to the |
eap_id |
|
Identity to use as peer identity during EAP authentication. If set to |
groups |
Comma-separated authorization group memberships to require. The peer must prove membership to at least one of the specified groups. Group membership can be certified by different means, e.g. by appropriate Attribute Certificates or by an AAA backend involved in the authentication |
|
cert_policy |
Since version 5.5.2. Comma-separated list of certificate policy OIDs the peer’s certificate must have. OIDs are specified using the numerical dotted representation |
|
certs |
Comma separated list of certificates to accept for authentication. The certificates
may use a relative path from the |
|
cert<suffix> |
Since version 5.5.2. Subsection for a certificate candidate to use for
authentication. Certificates in |
|
cert<suffix>.file |
Absolute path to the certificate to load. Passed as-is to the daemon, so it must
be readable by it. Configure either |
|
cert<suffix>.handle |
Hex-encoded |
|
cert<suffix>.slot |
Optional slot number of the token that stores the certificate |
|
cert<suffix>.module |
Optional PKCS#11 module name |
|
cacerts |
Comma-separated list of CA certificates to accept for authentication. The
certificates may use a relative path from the
|
|
cacert<suffix> |
Since version 5.5.2. Subsection for a CA certificate to accept for authentication.
Certificates in |
|
cacert<suffix>.file |
Absolute path to the certificate to load. Passed as-is to the daemon, so it must
be readable by it. Configure either |
|
cacert<suffix>.handle |
Hex-encoded |
|
cacert<suffix>.slot |
Optional slot number of the token that stores the certificate |
|
cacert<suffix>.module |
Optional PKCS#11 module name |
|
ca_id |
Since version 5.8.2. Identity in CA certificate to accept for authentication.
The specified identity must be contained in one (intermediate) CA of the remote
peer trustchain, either as the subject DN or as a subjectAltName. This has the
same effect as specifying |
|
pubkeys |
Comma-separated list of raw public keys to accept for authentication. The public
keys may use a relative path from the
|
|
revocation |
[→] |
Certificate revocation policy for CRL or OCSP revocation. A |
connections.<conn>.children
CHILD_SA configuration subsection. Each connection definition may have one or
more sections in its children
subsection. The section name defines the name
of the CHILD_SA configuration, which must be unique within the connection
(denoted <child>
below).
Key | Default | Description [default] |
---|---|---|
<child>.ah_proposals |
AH proposals to offer for the CHILD_SA. A proposal is a set of
algorithms. For AH, this includes an
integrity algorithm and an optional key exchange method. If a KE method is
specified, CHILD_SA/Quick Mode rekeying and initial negotiation uses a separate
key exchange using the negotiated method (refer to |
|
<child>.esp_proposals |
[→] |
ESP proposals to offer for the CHILD_SA. A proposal is a set of
algorithms. For non-AEAD ESP proposals,
this includes an integrity algorithm, an encryption algorithm, an optional
key exchange method and an optional Extended Sequence Number Mode (ESN)
indicator. For AEAD proposals, a combined mode algorithm is used instead of the
separate encryption/integrity algorithms.
|
<child>.sha256_96 |
|
Since version 5.5.3. HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility with implementations that incorrectly use 96-bit truncation this option may be enabled to configure the shorter truncation length in the kernel. This is not negotiated, so this only works with peers that use the incorrect truncation length (or have this option enabled) |
<child>.local_ts |
[→] |
Comma-separated list of local traffic selectors to include in CHILD_SA. Each
selector is a CIDR subnet definition, followed by an optional proto/port selector.
The special value |
<child>.remote_ts |
[→] |
Comma separated list of remote selectors to include in CHILD_SA. See |
<child>.rekey_time |
[→] |
Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key material,
optionally using a Diffie-Hellman exchange if a group is specified in the proposal.
To avoid rekey collisions initiated by both ends simultaneously, a value in the
range of |
<child>.life_time |
[→] |
Maximum lifetime before CHILD_SA gets closed. Usually this hard lifetime is never
reached, because the CHILD_SA gets rekeyed before. If that fails for whatever
reason, this limit closes the CHILD_SA. The default is 10% more than the
|
<child>.rand_time |
[→] |
Time range from which to choose a random value to subtract from |
<child>.rekey_bytes |
[→] |
Number of bytes processed before initiating CHILD_SA rekeying. CHILD_SA rekeying
refreshes key material, optionally using a Diffie-Hellman exchange if a group is
specified in the proposal. To avoid rekey collisions initiated by both ends
simultaneously, a value in the range of |
<child>.life_bytes |
Maximum bytes processed before CHILD_SA gets closed. Usually this hard volume
limit is never reached, because the CHILD_SA gets rekeyed before. If that fails
for whatever reason, this limit closes the CHILD_SA. The default is 10% more than
|
|
<child>.rand_bytes |
[→] |
Byte range from which to choose a random value to subtract from |
<child>.rekey_packets |
[→] |
Number of packets processed before initiating CHILD_SA rekeying. CHILD_SA rekeying
refreshes key material, optionally using a Diffie-Hellman exchange if a group is
specified in the proposal. To avoid rekey collisions initiated by both ends
simultaneously, a value in the range of |
<child>.life_packets |
[→] |
Maximum number of packets processed before CHILD_SA gets closed. Usually this
hard packets limit is never reached, because the CHILD_SA gets rekeyed before.
If that fails for whatever reason, this limit closes the CHILD_SA. The default
is 10% more than |
<child>.rand_packets |
[→] |
Packet range from which to choose a random value to subtract from |
<child>.updown |
Updown script to invoke on CHILD_SA up and down events |
|
<child>.hostaccess |
|
Host access variable to pass to |
<child>.mode |
[→] |
IPsec Mode to establish CHILD_SA with. |
<child>.policies |
|
Since version 5.3.3. Whether to install IPsec policies or not. Disabling this can be useful in some scenarios e.g. MIPv6 where policies are not managed by the IKE daemon |
<child>.policies_fwd_out |
|
Since version 5.5.1. Whether to install outbound FWD IPsec policies or not. Enabling this is required in case there is a drop policy that would match and block forwarded traffic for this CHILD_SA. |
<child>.dpd_action |
|
Action to perform for this CHILD_SA on DPD timeout. The default |
<child>.ipcomp |
|
Enable IPComp compression before encryption. If enabled, IKE tries to negotiate IPComp compression to compress ESP payload data prior to encryption |
<child>.inactivity |
|
Timeout before closing CHILD_SA after inactivity. If no traffic has been processed
in either direction for the configured timeout, the CHILD_SA gets closed due to
inactivity. The default value of |
<child>.reqid |
|
Fixed reqid to use for this CHILD_SA. This might be helpful in some scenarios
but works only if each CHILD_SA configuration is instantiated not more than once.
The default of |
<child>.priority |
|
Since version 5.5.0. Optional fixed priority for IPsec policies. This could be
useful to install high-priority drop policies. The default of |
<child>.interface |
Since version 5.5.0. Optional interface name to restrict outbound IPsec policies |
|
<child>.mark_in |
[→] |
Netfilter mark and mask for input traffic. On Linux, Netfilter may require marks
on each packet to match an SA/policy having that option set. This allows installing
duplicate policies and enables Netfilter rules to select specific SAs/policies for
incoming traffic. Note that inbound marks are only set on policies since version
5.5.2, unless |
<child>.mark_in_sa |
|
Since 5.6.1. Whether to set |
<child>.mark_out |
[→] |
Netfilter mark and mask for output traffic. On Linux, Netfilter may require marks
on each packet to match a policy/SA having that option set. This allows installing
duplicate policies and enables Netfilter rules to select specific policies/SAs for
outgoing traffic. The special value |
<child>.set_mark_in |
[→] |
Since version 5.7.0. Netfilter mark applied to packets after the inbound IPsec
SA processed them. This way it’s not necessary to mark packets via Netfilter
before decryption or right afterwards to match policies or process them
differently (e.g. via policy routing). An additional mask may be appended to the
mark separated by |
<child>.set_mark_out |
[→] |
Since version 5.7.0. Netfilter mark applied to packets after the outbound IPsec
SA processed them. This allows processing ESP packets differently than the
original traffic (e.g. via policy routing). An additional mask may be appended to
the mark, separated by |
<child>.if_id_in |
|
Since version 5.8.0. XFRM interface ID (32-bit unsigned integer) set on inbound
policies/SA. This allows installing duplicate policies/SAs and associates them
with an interface with the same ID. The special value |
<child>.if_id_out |
|
Since version 5.8.0. XFRM interface ID (32-bit unsigned integer) set on outbound
policies/SA. This allows installing duplicate policies/SAs and associates them
with an interface with the same ID. The special value |
<child>.label |
Since version 5.9.6. Optional security label (e.g. SELinux context), IKEv2 only.
Refer to |
|
<child>.label_mode |
[→] |
Since version 5.9.6. Defines the mode in which the configured security label
is used. The default value of If set to If set to |
<child>.tfc_padding |
|
Pads ESP packets with additional data to have a consistent ESP packet size for
improved Traffic Flow Confidentiality. The padding defines the minimum size of
all ESP packets sent. The default value of |
<child>.replay_window |
|
IPsec replay window to configure for this CHILD_SA. Larger values than the default
of |
<child>.hw_offload |
|
Enable hardware offload for this CHILD_SA, if supported by the IPsec implementation.
The values |
<child>.copy_df |
|
Since version 5.7.0. Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This effectively disables Path MTU discovery (PMTUD). Controlling this behavior is not supported by all kernel interfaces |
<child>.copy_ecn |
|
Since version 5.7.0. Whether to copy the ECN (Explicit Congestion Notification) header field to/from the outer IP header in tunnel mode. Controlling this behavior is not supported by all kernel interfaces |
<child>.copy_dscp |
|
Since version 5.7.0. Whether to copy the DSCP (Differentiated Services Codepoint)
header field to/from the outer IP header in tunnel mode. The value |
<child>.start_action |
|
Action to perform after loading the configuration. The default of When unloading or replacing a CHILD_SA configuration having a |
<child>.close_action |
|
Action to perform after a CHILD_SA gets closed by the peer. The default of |
secrets
Section defining secrets for IKE/EAP/XAuth authentication and private key
decryption. The secrets
section takes subsections having a specific prefix
which defines the secret type. It is not recommended to define any private key
decryption passphrases, as there is no real security benefit in having encrypted
keys. Either store the key unencrypted or enter the keys manually when loading
credentials.
secrets.eap<suffix>
EAP secret subsection for a specific secret. Each EAP secret is defined in a
unique section having the eap
prefix. EAP secrets are used for XAuth
authentication as well.
Key | Default | Description |
---|---|---|
secret |
Value of the EAP/XAuth secret. It may either be an ASCII string, a hex encoded
string if it has a |
|
id<suffix> |
Identity the EAP/XAuth secret belongs to. Multiple unique identities may be
specified, each having an |
secrets.xauth<suffix>
XAuth secret subection for a specific secret. xauth
is just an alias for eap
.
Secrets under both section prefixes are used for both EAP and XAuth authentication.
secrets.ntlm<suffix>
Since version 5.5.2. NTLM secret subsection for a specific secret. Each NTLM secret
is defined in a unique section having the ntlm
prefix. NTLM secrets may only
be used for EAP-MSCHAPv2 authentication.
Key | Default | Description |
---|---|---|
secret |
Value of the NTLM secret which is the NT Hash of the actual secret, i.e.
|
|
id<suffix> |
Identity the NTLM secret belongs to. Multiple unique identities may be specified,
each having an |
secrets.ike<suffix>
IKE preshared secret section for a specific secret. Each IKE PSK is defined in a
unique section having the ike
prefix.
Key | Default | Description |
---|---|---|
secret |
Value of the IKE preshared secret. It may either be an ASCII string, a hex encoded
string if it has a |
|
id<suffix> |
IKE identity the IKE preshared secret belongs to. Multiple unique identities may
be specified, each having an |
secrets.ppk<suffix>
Since version 5.7.0. Postquantum Preshared Key (PPK, RFC 8784) subsection
for a specific secret. Each PPK is defined in a unique subsection having the ppk
prefix.
Key | Default | Description |
---|---|---|
secret |
Value of the PPK. It may either be an ASCII string, a hex encoded string if it
has a |
|
id<suffix> |
PPK identity the PPK belongs to. Multiple unique identities may be specified,
each having an |
secrets.private<suffix>
Private key decryption passphrase for a key in the
private
folder.
Key | Default | Description |
---|---|---|
file |
File name in the |
|
secret |
Value of decryption passphrase for private key |
secrets.rsa<suffix>
Private key decryption passphrase for a key in the
rsa
folder.
Key | Default | Description |
---|---|---|
file |
File name in the |
|
secret |
Value of decryption passphrase for RSA key |
secrets.ecdsa<suffix>
Private key decryption passphrase for a key in the
ecdsa
folder.
Key | Default | Description |
---|---|---|
file |
File name in the |
|
secret |
Value of decryption passphrase for ECDSA key |
secrets.pkcs8<suffix>
Private key decryption passphrase for a key in the
pkcs8
folder.
Key | Default | Description |
---|---|---|
file |
File name in the |
|
secret |
Value of decryption passphrase for PKCS#8 key |
secrets.pkcs12<suffix>
PKCS#12 decryption passphrase for a container in the
pkcs12
folder.
Key | Default | Description |
---|---|---|
file |
File name in the |
|
secret |
Value of decryption passphrase for PKCS#12 container |
secrets.token<suffix>
Since version 5.5.2. Definition for a private key that’s stored on a token, a smartcard or a TPM 2.0.
Key | Default | Description |
---|---|---|
handle |
Hex-encoded |
|
slot |
Optional slot number to access the token |
|
module |
Optional PKCS#11 module name to access the token |
|
pin |
Optional PIN required to access the key on the token. If none is provided the
user is prompted during an interactive
|
pools
Section defining named pools. Named pools may be referenced by connections with
the pools
option to assign virtual IPs and other configuration attributes.
Each pool must have a unique name (denoted <name>
below).
Key | Default | Description |
---|---|---|
<name>.addrs |
Subnet or range defining addresses allocated in pool. Accepts a single CIDR subnet
defining the pool to allocate addresses from or an address range ( |
|
<name>.<attr> |
Comma-separated list of additional attributes of type |