ims-volte-vowifi/strongswan-epdg
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Documented new options in strongswan.conf(5) man page

Browse source
This commit is contained in:
Tobias Brunner 2013-01-25 20:17:41 +01:00
parent 58fd1f3eef
commit c186b3940a
1 changed files with 60 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
man/strongswan.conf.5.in
View file

@ -1,4 +1,4 @@
.TH STRONGSWAN.CONF 5 "2012-05-01" "@IPSEC_VERSION@" "strongSwan"
.TH STRONGSWAN.CONF 5 "2013-01-25" "@IPSEC_VERSION@" "strongSwan"
.SH NAME
strongswan.conf \- strongSwan configuration file
.SH DESCRIPTION
@ -182,6 +182,10 @@ openly transmitted hash of the PSK)
.BR charon.ignore_routing_tables
A space-separated list of routing tables to be excluded from route lookups
.TP
.BR charon.ikesa_limit " [0]"
Maximum number of IKE_SAs that can be established at the same time before new
connection attempts are blocked
.TP
.BR charon.ikesa_table_segments " [1]"
Number of exclusively locked segments in the hash table
.TP
@ -744,6 +748,9 @@ ENGINE ID to use in the OpenSSL plugin
.BR libstrongswan.plugins.pkcs11.modules
List of available PKCS#11 modules
.TP
.BR libstrongswan.plugins.pkcs11.load_certs " [yes]"
Whether to load certificates from tokens
.TP
.BR libstrongswan.plugins.pkcs11.reload_certs " [no]"
Reload certificates from all tokens if charon receives a SIGHUP
.TP
@ -827,6 +834,9 @@ URI pointing to attestation remediation instructions
.BR libimcv.plugins.imc-os.push_info " [yes]"
Send operating system info without being prompted
.TP
.BR libimcv.plugins.imv-os.database
Database URI for the database that stores operating system information
.TP
.BR libimcv.plugins.imv-os.remediation_uri
URI pointing to operating system remediation instructions
.TP
@ -939,6 +949,10 @@ Session timeout for mediation service
.TP
.BR openac.load
Plugins to load in ipsec openac tool
.SS pacman section
.TP
.BR pacman.database
Database URI for the database that stores the package information
.SS pki section
.TP
.BR pki.load
@ -1281,6 +1295,17 @@ Never enable the load-testing plugin on productive systems. It provides
preconfigured credentials and allows an attacker to authenticate as any user.
.SS Options
.TP
.BR charon.plugins.load-tester.addrs
Subsection that contains key/value pairs with address pools (in CIDR notation)
to use for a specific network interface e.g. eth0 = 10.10.0.0/16
.TP
.BR charon.plugins.load-tester.addrs_prefix " [16]"
Network prefix length to use when installing dynamic addresses. If set to -1 the
full address is used (i.e. 32 or 128)
.TP
.BR charon.plugins.load-tester.ca_dir
Directory to load (intermediate) CA certificates from
.TP
.BR charon.plugins.load-tester.child_rekey " [600]"
Seconds to start CHILD_SA rekeying after setup
.TP
@ -1290,6 +1315,9 @@ Delay between initiatons for each thread
.BR charon.plugins.load-tester.delete_after_established " [no]"
Delete an IKE_SA as soon as it has been established
.TP
.BR charon.plugins.load-tester.digest " [sha1]"
Digest algorithm used when issuing certificates
.TP
.BR charon.plugins.load-tester.dpd_delay " [0]"
DPD delay to use in load test
.TP
@ -1311,6 +1339,9 @@ Seconds to start IKE_SA rekeying after setup
.BR charon.plugins.load-tester.init_limit " [0]"
Global limit of concurrently established SAs during load test
.TP
.BR charon.plugins.load-tester.initiator " [0.0.0.0]"
Address to initiate from
.TP
.BR charon.plugins.load-tester.initiators " [0]"
Number of concurrent initiator threads to use in load test
.TP
@ -1320,8 +1351,24 @@ Authentication method(s) the intiator uses
.BR charon.plugins.load-tester.initiator_id
Initiator ID used in load test
.TP
.BR charon.plugins.load-tester.initiator_match
Initiator ID to to match against as responder
.TP
.BR charon.plugins.load-tester.initiator_tsi
Traffic selector on initiator side, as proposed by initiator
.TP
.BR charon.plugins.load-tester.initiator_tsr
Traffic selector on responder side, as proposed by initiator
.TP
.BR charon.plugins.load-tester.iterations " [1]"
Number of IKE_SAs to initate by each initiator in load test
Number of IKE_SAs to initiate by each initiator in load test
.TP
.BR charon.plugins.load-tester.issuer_cert
Path to the issuer certificate (if not configured a hard-coded value is used)
.TP
.BR charon.plugins.load-tester.issuer_key
Path to private key that is used to issue certificates (if not configured a
hard-coded value is used)
.TP
.BR charon.plugins.load-tester.pool
Provide INTERNAL_IPV4_ADDRs from a named pool
@ -1332,7 +1379,7 @@ Preshared key to use in load test
.BR charon.plugins.load-tester.proposal " [aes128-sha1-modp768]"
IKE proposal to use in load test
.TP
.BR charon.plugins.load-tester.remote " [127.0.0.1]"
.BR charon.plugins.load-tester.responder " [127.0.0.1]"
Address to initiation connections to
.TP
.BR charon.plugins.load-tester.responder_auth " [pubkey]"
@ -1341,11 +1388,21 @@ Authentication method(s) the responder uses
.BR charon.plugins.load-tester.responder_id
Responder ID used in load test
.TP
.BR charon.plugins.load-tester.responder_tsi " [initiator_tsi]"
Traffic selector on initiator side, as narrowed by responder
.TP
.BR charon.plugins.load-tester.responder_tsr " [initiator_tsr]"
Traffic selector on responder side, as narrowed by responder
.TP
.BR charon.plugins.load-tester.request_virtual_ip " [no]"
Request an INTERNAL_IPV4_ADDR from the server
.TP
.BR charon.plugins.load-tester.shutdown_when_complete " [no]"
Shutdown the daemon after all IKE_SAs have been established
.TP
.BR charon.plugins.load-tester.version " [0]"
IKE version to use (0 means use IKEv2 as initiator and accept any version as
responder)
.SS Configuration details
For public key authentication, the responder uses the
.B \(dqCN=srv, OU=load-test, O=strongSwan\(dq