charon {} Options for the charon IKE daemon. Options for the charon IKE daemon. **Note**: Many of the options in this section also apply to **charon-cmd** and other **charon** derivatives. Just use their respective name (e.g. **charon-cmd** instead of **charon**). For many options defaults can be defined in the **libstrongswan** section. charon.accept_private_algs = no Deliberately violate the IKE standard's requirement and allow the use of private algorithm identifiers, even if the peer implementation is unknown. charon.accept_unencrypted_mainmode_messages = no Accept unencrypted ID and HASH payloads in IKEv1 Main Mode. Accept unencrypted ID and HASH payloads in IKEv1 Main Mode. Some implementations send the third Main Mode message unencrypted, probably to find the PSKs for the specified ID for authentication. This is very similar to Aggressive Mode, and has the same security implications: A passive attacker can sniff the negotiated Identity, and start brute forcing the PSK using the HASH payload. It is recommended to keep this option to no, unless you know exactly what the implications are and require compatibility to such devices (for example, some SonicWall boxes). charon.block_threshold = 5 Maximum number of half-open IKE_SAs for a single peer IP. charon.cert_cache = yes Whether relations in validated certificate chains should be cached in memory. charon.cache_crls = no Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP should be saved under a unique file name derived from the public key of the Certification Authority (CA) to **/etc/ipsec.d/crls** (stroke) or **/etc/swanctl/x509crl** (vici), respectively. charon.check_current_path = no Whether to use DPD to check if the current path still works after any changes to interfaces/addresses. By default, after detecting any changes to interfaces and/or addresses no action is taken if the current path to the remote peer still looks usable. Enabling this option will use DPD to check if the path actually still works, or, for instance, the peer removed the state after a longer phase without connectivity. It will also trigger a MOBIKE update if NAT mappings were removed during the downtime. charon.cisco_flexvpn = no Send the Cisco FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload, which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a "tunnel mode ipsec ipv4" Cisco template but should also work for GRE encapsulation. charon.cisco_unity = no Send Cisco Unity vendor ID payload (IKEv1 only). charon.close_ike_on_child_failure = no Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed. charon.cookie_threshold = 10 Number of half-open IKE_SAs that activate the cookie mechanism. charon.crypto_test.bench = no Benchmark crypto algorithms and order them by efficiency. charon.crypto_test.bench_size = 1024 Buffer size used for crypto benchmark. charon.crypto_test.bench_time = 50 Time in ms during which crypto algorithm performance is measured. charon.crypto_test.on_add = no Test crypto algorithms during registration (requires test vectors provided by the _test-vectors_ plugin). charon.crypto_test.on_create = no Test crypto algorithms on each crypto primitive instantiation. charon.crypto_test.required = no Strictly require at least one test vector to enable an algorithm. charon.crypto_test.rng_true = no Whether to test RNG with TRUE quality; requires a lot of entropy. charon.delete_rekeyed = no Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only). Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only). Reduces the number of stale CHILD_SAs in scenarios with a lot of rekeyings. However, this might cause problems with implementations that continue to use rekeyed SAs until they expire. charon.delete_rekeyed_delay = 5 Delay in seconds until inbound IPsec SAs are deleted after rekeyings (IKEv2 only). Delay in seconds until inbound IPsec SAs are deleted after rekeyings (IKEv2 only). To process delayed packets the inbound part of a CHILD_SA is kept installed up to the configured number of seconds after it got replaced during a rekeying. If set to 0 the CHILD_SA will be kept installed until it expires (if no lifetime is set it will be destroyed immediately). charon.dh_exponent_ansi_x9_42 = yes Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic strength. charon.dlopen_use_rtld_now = no Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal missing symbols immediately. charon.dns1 DNS server assigned to peer via configuration payload (CP). charon.dns2 DNS server assigned to peer via configuration payload (CP). charon.dos_protection = yes Enable Denial of Service protection using cookies and aggressiveness checks. charon.ecp_x_coordinate_only = yes Compliance with the errata for RFC 4753. charon.flush_auth_cfg = no Free objects during authentication (might conflict with plugins). If enabled objects used during authentication (certificates, identities etc.) are released to free memory once an IKE_SA is established. Enabling this might conflict with plugins that later need access to e.g. the used certificates. charon.follow_redirects = yes Whether to follow IKEv2 redirects (RFC 5685). charon.force_eap_only_authentication = no Violate RFC 5998 and use EAP-only authentication even if the peer did not send an EAP_ONLY_AUTHENTICATION notify during IKE_AUTH. charon.fragment_size = 1280 Maximum size (complete IP datagram size in bytes) of a sent IKE fragment when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults to 1280 (use 0 for address family specific default values, which uses a lower value for IPv4). If specified this limit is used for both IPv4 and IPv6. charon.group Name of the group the daemon changes to after startup. charon.half_open_timeout = 30 Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING). charon.hash_and_url = no Enable hash and URL support. charon.host_resolver.max_threads = 3 Maximum number of concurrent resolver threads (they are terminated if unused). charon.host_resolver.min_threads = 0 Minimum number of resolver threads to keep around. charon.i_dont_care_about_security_and_use_aggressive_mode_psk = no Allow IKEv1 Aggressive Mode with pre-shared keys as responder. If enabled responders are allowed to use IKEv1 Aggressive Mode with pre-shared keys, which is discouraged due to security concerns (offline attacks on the openly transmitted hash of the PSK). charon.ignore_routing_tables A space-separated list of routing tables to be excluded from route lookups. charon.ignore_acquire_ts = no Whether to ignore the traffic selectors from the kernel's acquire events for IKEv2 connections (they are not used for IKEv1). If this is disabled the traffic selectors from the kernel's acquire events, which are derived from the triggering packet, are prepended to the traffic selectors from the configuration for IKEv2 connection. By enabling this, such specific traffic selectors will be ignored and only the ones in the config will be sent. This always happens for IKEv1 connections as the protocol only supports one set of traffic selectors per CHILD_SA. charon.ikesa_limit = 0 Maximum number of IKE_SAs that can be established at the same time before new connection attempts are blocked. charon.ikesa_table_segments = 1 Number of exclusively locked segments in the hash table. charon.ikesa_table_size = 1 Size of the IKE_SA hash table. charon.inactivity_close_ike = no Whether to close IKE_SA if the only CHILD_SA closed due to inactivity. charon.init_limit_half_open = 0 Limit new connections based on the current number of half open IKE_SAs, see IKE_SA_INIT DROPPING in **strongswan.conf**(5). charon.init_limit_job_load = 0 Limit new connections based on the number of queued jobs. Limit new connections based on the number of jobs currently queued for processing (see IKE_SA_INIT DROPPING). charon.initiator_only = no Causes charon daemon to ignore IKE initiation requests. charon.install_routes = yes Install routes into a separate routing table for established IPsec tunnels. charon.install_virtual_ip = yes Install virtual IP addresses. charon.install_virtual_ip_on The name of the interface on which virtual IP addresses should be installed. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface. charon.integrity_test = no Check daemon, libstrongswan and plugin integrity at startup. charon.interfaces_ignore A comma-separated list of network interfaces that should be ignored, if **interfaces_use** is specified this option has no effect. charon.interfaces_use A comma-separated list of network interfaces that should be used by charon. All other interfaces are ignored. charon.keep_alive = 20s NAT keep alive interval. charon.keep_alive_dpd_margin = 0s Number of seconds the keep alive interval may be exceeded before a DPD is sent instead of a NAT keep alive (0 to disable). This is only useful if a clock is used that includes time spent suspended (e.g. CLOCK_BOOTTIME). charon.leak_detective.detailed = yes Includes source file names and line numbers in leak detective output. charon.leak_detective.usage_threshold = 10240 Threshold in bytes for leaks to be reported (0 to report all). charon.leak_detective.usage_threshold_count = 0 Threshold in number of allocations for leaks to be reported (0 to report all). charon.load Plugins to load in the IKE daemon charon. charon.load_modular = no Determine plugins to load via each plugin's load option. If enabled, the list of plugins to load is determined via the value of the _charon.plugins..load_ options. In addition to a simple boolean flag that option may take an integer value indicating the priority of a plugin, which would influence the order of a plugin in the plugin list (the default is 1). If two plugins have the same priority their order in the default plugin list is preserved. Enabled plugins not found in that list are ordered alphabetically before other plugins with the same priority. charon.max_ikev1_exchanges = 3 Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about and track concurrently. charon.max_packet = 10000 Maximum packet size accepted by charon. charon.make_before_break = no Initiate IKEv2 reauthentication with a make-before-break scheme. Initiate IKEv2 reauthentication with a make-before-break instead of a break-before-make scheme. Make-before-break uses overlapping IKE and CHILD_SA during reauthentication by first recreating all new SAs before deleting the old ones. This behavior can be beneficial to avoid connectivity gaps during reauthentication, but requires support for overlapping SAs by the peer. strongSwan can handle such overlapping SAs since version 5.3.0. charon.multiple_authentication = yes Enable multiple authentication exchanges (RFC 4739). charon.nbns1 WINS servers assigned to peer via configuration payload (CP). charon.nbns2 WINS servers assigned to peer via configuration payload (CP). charon.port = 500 UDP port used locally. If set to 0 a random port will be allocated. charon.port_nat_t = 4500 UDP port used locally in case of NAT-T. If set to 0 a random port will be allocated. Has to be different from **charon.port**, otherwise a random port will be allocated. charon.prefer_best_path = no Whether to prefer updating SAs to the path with the best route. By default, charon keeps SAs on the routing path with addresses it previously used if that path is still usable. By setting this option to yes, it tries more aggressively to update SAs with MOBIKE on routing priority changes using the cheapest path. This adds more noise, but allows to dynamically adapt SAs to routing priority changes. This option has no effect if MOBIKE is not supported or disabled. charon.prefer_configured_proposals = yes Prefer locally configured proposals for IKE/IPsec over supplied ones as responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD notifies). charon.prefer_temporary_addrs = no Controls whether permanent or temporary IPv6 addresses are used as source, or announced as additional addresses if MOBIKE is used. By default, permanent IPv6 source addresses are preferred over temporary ones (RFC 4941), to make connections more stable. Enable this option to reverse this. It also affects which IPv6 addresses are announced as additional addresses if MOBIKE is used. If the option is disabled, only permanent addresses are sent, and only temporary ones if it is enabled. charon.process_route = yes Process RTM_NEWROUTE and RTM_DELROUTE events. charon.processor.priority_threads {} Section to configure the number of reserved threads per priority class see JOB PRIORITY MANAGEMENT in **strongswan.conf**(5). charon.rdn_matching = strict How RDNs in subject DNs of certificates are matched against configured identities (_strict_, _reordered_, or _relaxed_). How RDNs in subject DNs of certificates are matched against configured identities. Possible values are _strict_ (the default), _reordered_, and _relaxed_. With _strict_ the number, type and order of all RDNs has to match, wildcards (*) for the values of RDNs are allowed (that's the case for all three variants). Using _reordered_ also matches DNs if the RDNs appear in a different order, the number and type still has to match. Finally, _relaxed_ also allows matches of DNs that contain more RDNs than the configured identity (missing RDNs are treated like a wildcard match). Note that _reordered_ and _relaxed_ impose a considerable overhead on memory usage and runtime, in particular, for mismatches, compared to _strict_. charon.receive_delay = 0 Delay in ms for receiving packets, to simulate larger RTT. charon.receive_delay_response = yes Delay response messages. charon.receive_delay_request = yes Delay request messages. charon.receive_delay_type = 0 Specific IKEv2 message type to delay, 0 for any. charon.replay_window = 32 Size of the AH/ESP replay window, in packets. charon.retransmit_base = 1.8 Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION in **strongswan.conf**(5). charon.retransmit_timeout = 4.0 Timeout in seconds before sending first retransmit. charon.retransmit_tries = 5 Number of times to retransmit a packet before giving up. charon.retransmit_jitter = 0 Maximum jitter in percent to apply randomly to calculated retransmission timeout (0 to disable). charon.retransmit_limit = 0 Upper limit in seconds for calculated retransmission timeout (0 to disable). charon.retry_initiate_interval = 0 Interval in seconds to use when retrying to initiate an IKE_SA (e.g. if DNS resolution failed), 0 to disable retries. charon.reuse_ikesa = yes Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1). charon.routing_table Numerical routing table to install routes to. charon.routing_table_prio Priority of the routing table. charon.rsa_pss = no Whether to use RSA with PSS padding instead of PKCS#1 padding by default. charon.send_delay = 0 Delay in ms for sending packets, to simulate larger RTT. charon.send_delay_response = yes Delay response messages. charon.send_delay_request = yes Delay request messages. charon.send_delay_type = 0 Specific IKEv2 message type to delay, 0 for any. charon.send_vendor_id = no Send strongSwan vendor ID payload charon.signature_authentication = yes Whether to enable Signature Authentication as per RFC 7427. charon.signature_authentication_constraints = yes Whether to enable constraints against IKEv2 signature schemes. If enabled, signature schemes configured in _rightauth_, in addition to getting used as constraints against signature schemes employed in the certificate chain, are also used as constraints against the signature scheme used by peers during IKEv2. charon.spi_label = 0x0000000000000000 Value mixed into the local IKE SPIs after applying _spi_mask_. charon.spi_mask = 0x0000000000000000 Mask applied to local IKE SPIs before mixing in _spi_label_ (bits set will be replaced with _spi_label_). charon.spi_min = 0xc0000000 The lower limit for SPIs requested from the kernel for IPsec SAs. The lower limit for SPIs requested from the kernel for IPsec SAs. Should not be set lower than 0x00000100 (256), as SPIs between 1 and 255 are reserved by IANA. charon.spi_max = 0xcfffffff The upper limit for SPIs requested from the kernel for IPsec SAs. charon.start-scripts {} Section containing a list of scripts (name = path) that are executed when the daemon is started. charon.stop-scripts {} Section containing a list of scripts (name = path) that are executed when the daemon is terminated. charon.threads = 16 Number of worker threads in charon. Number of worker threads in charon. Several of these are reserved for long running tasks in internal modules and plugins. Therefore, make sure you don't set this value too low. The number of idle worker threads listed in _ipsec statusall_ might be used as indicator on the number of reserved threads. charon.tls.cipher List of TLS encryption ciphers. charon.tls.key_exchange List of TLS key exchange methods. charon.tls.mac List of TLS MAC algorithms. charon.tls.suites List of TLS cipher suites. charon.user Name of the user the daemon changes to after startup. charon.x509.enforce_critical = yes Discard certificates with unsupported or unknown critical extensions.