man: strongswan.conf(5) updated
This commit is contained in:
parent
1dd58b0e21
commit
bb49dfb02e
|
@ -1,4 +1,4 @@
|
|||
.TH STRONGSWAN.CONF 5 "2013-07-22" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.TH STRONGSWAN.CONF 5 "2013-10-29" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.SH NAME
|
||||
strongswan.conf \- strongSwan configuration file
|
||||
.SH DESCRIPTION
|
||||
|
@ -383,6 +383,9 @@ Derive user-defined MAC address from hash of IKEv2 identity
|
|||
.BR charon.plugins.dhcp.server " [255.255.255.255]"
|
||||
DHCP server unicast or broadcast IP address
|
||||
.TP
|
||||
.BR charon.plugins.dnscert.enable " [no]"
|
||||
Enable fetching of CERT RRs via DNS
|
||||
.TP
|
||||
.BR charon.plugins.duplicheck.enable " [yes]"
|
||||
Enable duplicheck plugin (if loaded)
|
||||
.TP
|
||||
|
@ -526,6 +529,27 @@ option.
|
|||
.BR charon.plugins.eap-radius.sockets " [1]"
|
||||
Number of sockets (ports) to use, increase for high load
|
||||
.TP
|
||||
.BR charon.plugins.eap-radius.xauth
|
||||
Section to configure multiple XAuth authentication rounds via RADIUS. The subsections define so called
|
||||
authentication profiles with arbitrary names. In each profile section one or more XAuth types can be
|
||||
configured, with an assigned message. For each type a separate XAuth exchange will be initiated and all
|
||||
replies get concatenated into the User-Password attribute, which then gets verified over RADIUS.
|
||||
|
||||
Available XAuth types are \fBpassword\fR, \fBpasscode\fR, \fBnextpin\fR, and \fBanswer\fR. This type is
|
||||
not relevant to strongSwan or the AAA server, but the client may show a different dialog (along with the
|
||||
configured message).
|
||||
|
||||
To use the configured profiles, they have to be configured in the respective connection in
|
||||
.IR ipsec.conf (5)
|
||||
by appending the profile name, separated by a colon, to the
|
||||
.B xauth-radius
|
||||
XAauth backend configuration in
|
||||
.I rightauth
|
||||
or
|
||||
.IR rightauth2 ,
|
||||
for instance,
|
||||
.IR rightauth2=xauth-radius:profile .
|
||||
.TP
|
||||
.BR charon.plugins.eap-sim.request_identity " [yes]"
|
||||
|
||||
.TP
|
||||
|
@ -609,7 +633,7 @@ Set to 0 to disable.
|
|||
|
||||
.TP
|
||||
.BR charon.plugins.ipseckey.enable " [no]"
|
||||
Enable the fetching of IPSECKEY RRs via DNS
|
||||
Enable fetching of IPSECKEY RRs via DNS
|
||||
.TP
|
||||
.BR charon.plugins.led.activity_led
|
||||
|
||||
|
@ -628,7 +652,6 @@ Allow that the remote traffic selector equals the IKE peer. The route installed
|
|||
for such traffic (via TUN device) usually prevents further IKE traffic. The
|
||||
fwmark options for the \fIkernel-netlink\fR and \fIsocket-default\fR plugins can
|
||||
be used to circumvent that problem.
|
||||
to
|
||||
.TP
|
||||
.BR charon.plugins.kernel-netlink.fwmark
|
||||
Firewall mark to set on the routing rule that directs traffic to our own routing
|
||||
|
@ -639,8 +662,8 @@ the meaning (i.e. the rule only applies to packets that don't match the mark).
|
|||
Whether to trigger roam events when interfaces, addresses or routes change
|
||||
.TP
|
||||
.BR charon.plugins.kernel-netlink.xfrm_acq_expires " [165]"
|
||||
Lifetime of XFRM acquire state in kernel, value gets written to
|
||||
/proc/sys/net/core/xfrm_acq_expires. Indirecly controls the delay of XFRM
|
||||
Lifetime of XFRM acquire state in kernel. The value gets written to
|
||||
/proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM
|
||||
acquire messages sent.
|
||||
.TP
|
||||
.BR charon.plugins.kernel-pfroute.vip_wait " [1000]"
|
||||
|
@ -1098,6 +1121,10 @@ Plugins to load in ipsec pki tool
|
|||
.TP
|
||||
.BR pool.load
|
||||
Plugins to load in ipsec pool tool
|
||||
.SS pt-tls-client section
|
||||
.TP
|
||||
.BR pt-tls-client.load
|
||||
Plugins to load in ipsec pt-tls-client tool
|
||||
.SS scepclient section
|
||||
.TP
|
||||
.BR scepclient.load
|
||||
|
@ -1513,6 +1540,9 @@ Path to the issuer certificate (if not configured a hard-coded value is used)
|
|||
Path to private key that is used to issue certificates (if not configured a
|
||||
hard-coded value is used)
|
||||
.TP
|
||||
.BR charon.plugins.load-tester.mode " [tunnel]"
|
||||
IPsec mode to use, one of \fBtunnel\fR, \fBtransport\fR, or \fBbeet\fR.
|
||||
.TP
|
||||
.BR charon.plugins.load-tester.pool
|
||||
Provide INTERNAL_IPV4_ADDRs from a named pool
|
||||
.TP
|
||||
|
|
Loading…
Reference in New Issue