47 lines
1.0 KiB
Plaintext
47 lines
1.0 KiB
Plaintext
# /etc/strongswan.conf - strongSwan configuration file
|
|
|
|
charon-systemd {
|
|
load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
|
|
|
|
syslog {
|
|
daemon {
|
|
tls = 2
|
|
tnc = 2
|
|
imv = 3
|
|
}
|
|
}
|
|
plugins {
|
|
tnc-pdp {
|
|
server = aaa.strongswan.org
|
|
radius {
|
|
secret = gv6URkSs
|
|
}
|
|
}
|
|
tnc-imv {
|
|
dlclose = no
|
|
}
|
|
}
|
|
}
|
|
|
|
libtls {
|
|
suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
}
|
|
|
|
libimcv {
|
|
database = sqlite:///etc/db.d/config.db
|
|
policy_script = /usr/local/libexec/ipsec/imv_policy_manager
|
|
|
|
plugins {
|
|
imv-swima {
|
|
rest_api {
|
|
uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
imv_policy_manager {
|
|
command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""'
|
|
command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""'
|
|
}
|