35 lines
877 B
Plaintext
35 lines
877 B
Plaintext
# /etc/strongswan.conf - strongSwan configuration file
|
|
|
|
charon {
|
|
load = pem pkcs1 nonce x509 openssl curl revocation constraints socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
|
|
|
|
plugins {
|
|
tnc-pdp {
|
|
server = aaa.strongswan.org
|
|
radius {
|
|
secret = gv6URkSs
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
libtls {
|
|
suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
}
|
|
|
|
libimcv {
|
|
database = sqlite:///etc/pts/config.db
|
|
policy_script = ipsec imv_policy_manager
|
|
|
|
plugins {
|
|
imv-swid {
|
|
rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
|
|
}
|
|
}
|
|
}
|
|
|
|
imv_policy_manager {
|
|
command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
|
|
command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
|
|
}
|