1IPSEC.CONF(5) [FIXME: manual] IPSEC.CONF(5)
2
3
4
6 ipsec.conf - IPsec configuration and connections
7
9 The optional ipsec.conf file specifies most configuration and control
10 information for the Openswan IPsec subsystem. (The major exception is
11 secrets for authentication; see ipsec.secrets(5).) Its contents are not
12 security-sensitive unless manual keying is being done for more than
13 just testing, in which case the encryption/authentication keys in the
14 descriptions for the manually-keyed connections are very sensitive (and
15 those connection descriptions are probably best kept in a separate
16 file, via the include facility described below).
17
18 The file is a text file, consisting of one or more sections. White
19 space followed by # followed by anything to the end of the line is a
20 comment and is ignored, as are empty lines which are not within a
21 section.
22
23 A line which contains include and a file name, separated by white
24 space, is replaced by the contents of that file, preceded and followed
25 by empty lines. If the file name is not a full pathname, it is
26 considered to be relative to the directory containing the including
27 file. Such inclusions can be nested. Only a single filename may be
28 supplied, and it may not contain white space, but it may include shell
29 wildcards (see sh(1)); for example:
30
31 include ipsec.*.conf
32
33 The intention of the include facility is mostly to permit keeping
34 information on connections, or sets of connections, separate from the
35 main configuration file. This permits such connection descriptions to
36 be changed, copied to the other security gateways involved, etc.,
37 without having to constantly extract them from the configuration file
38 and then insert them back into it. Note also the also and alsoflip
39 parameters (described below) which permit splitting a single logical
40 section (e.g. a connection description) into several actual sections.
41
42 The first significant line of the file must specify the version of this
43 specification that it conforms to:
44
45 version 2
46
47 A section begins with a line of the form:
48
49 type name
50
51 where type indicates what type of section follows, and name is an
52 arbitrary name which distinguishes the section from others of the same
53 type. (Names must start with a letter and may contain only letters,
54 digits, periods, underscores, and hyphens.) All subsequent non-empty
55 lines which begin with white space are part of the section; comments
56 within a section must begin with white space too. There may be only one
57 section of a given type with a given name.
58
59 Lines within the section are generally of the form
60
61 parameter=value
62
63 (note the mandatory preceding white space). There can be white space on
64 either side of the =. Parameter names follow the same syntax as section
65 names, and are specific to a section type. Unless otherwise explicitly
66 specified, no parameter name may appear more than once in a section.
67
68 An empty value stands for the system default value (if any) of the
69 parameter, i.e. it is roughly equivalent to omitting the parameter line
70 entirely. A value may contain white space only if the entire value is
71 enclosed in double quotes ("); a value cannot itself contain a double
72 quote, nor may it be continued across more than one line.
73
74 Numeric values are specified to be either an “integer” (a sequence of
75 digits) or a “decimal number” (sequence of digits optionally followed
76 by `.´ and another sequence of digits).
77
78 There is currently one parameter which is available in any type of
79 section:
80
81 also
82 the value is a section name; the parameters of that section are
83 appended to this section, as if they had been written as part of
84 it. The specified section must exist, must follow the current one,
85 and must have the same section type. (Nesting is permitted, and
86 there may be more than one also in a single section, although it is
87 forbidden to append the same section more than once.) This allows,
88 for example, keeping the encryption keys for a connection in a
89 separate file from the rest of the description, by using both an
90 also parameter and an include line. (Caution, see BUGS below for
91 some restrictions.)
92
93 alsoflip
94 can be used in a conn section. It acts like an also that flips the
95 referenced section´s entries left-for-right.
96
97 Parameter names beginning with x- (or X-, or x_, or X_) are reserved
98 for user extensions and will never be assigned meanings by IPsec.
99 Parameters with such names must still observe the syntax rules (limits
100 on characters used in the name; no white space in a non-quoted value;
101 no newlines or double quotes within the value). All other as-yet-unused
102 parameter names are reserved for future IPsec improvements.
103
104 A section with name %default specifies defaults for sections of the
105 same type. For each parameter in it, any section of that type which
106 does not have a parameter of the same name gets a copy of the one from
107 the %default section. There may be multiple %default sections of a
108 given type, but only one default may be supplied for any specific
109 parameter name, and all %default sections of a given type must precede
110 all non-%default sections of that type. %default sections may not
111 contain also or alsoflip parameters.
112
113 Currently there are two types of section: a config section specifies
114 general configuration information for IPsec, while a conn section
115 specifies an IPsec connection.
116
118 A conn section contains a connection specification, defining a network
119 connection to be made using IPsec. The name given is arbitrary, and is
120 used to identify the connection to ipsec_auto(8) and ipsec_manual(8).
121 Here´s a simple example:
122
123
124 conn snt
125 left=10.11.11.1
126 leftsubnet=10.0.1.0/24
127 leftnexthop=172.16.55.66
128 leftsourceip=10.0.1.1
129 right=192.168.22.1
130 rightsubnet=10.0.2.0/24
131 rightnexthop=172.16.88.99
132 rightsourceip=10.0.2.1
133 keyingtries=%forever
134
135 A note on terminology... In automatic keying, there are two kinds of
136 communications going on: transmission of user IP packets, and
137 gateway-to-gateway negotiations for keying, rekeying, and general
138 control. The data path (a set of “IPsec SAs”) used for user packets is
139 herein referred to as the “connection”; the path used for negotiations
140 (built with “ISAKMP SAs”) is referred to as the “keying channel”.
141
142 To avoid trivial editing of the configuration file to suit it to each
143 system involved in a connection, connection specifications are written
144 in terms of left and right participants, rather than in terms of local
145 and remote. Which participant is considered left or right is arbitrary;
146 IPsec figures out which one it is being run on based on internal
147 information. This permits using identical connection specifications on
148 both ends. There are cases where there is no symmetry; a good
149 convention is to use left for the local side and right for the remote
150 side (the first letters are a good mnemonic).
151
152 Many of the parameters relate to one participant or the other; only the
153 ones for left are listed here, but every parameter whose name begins
154 with left has a right counterpart, whose description is the same but
155 with left and right reversed.
156
157 Parameters are optional unless marked “(required)”; a parameter
158 required for manual keying need not be included for a connection which
159 will use only automatic keying, and vice versa.
160
161 CONN PARAMETERS: GENERAL
162 The following parameters are relevant to both automatic and manual
163 keying. Unless otherwise noted, for a connection to work, in general it
164 is necessary for the two ends to agree exactly on the values of these
165 parameters.
166
167 connaddrfamily
168 the connection addrress family of the connection; currently the
169 accepted values are ipv4 (the default); or ipv6,
170
171 The ipv6 family is currently only supported using the NETKEY stack.
172
173 type
174 the type of the connection; currently the accepted values are
175 tunnel (the default) signifying a host-to-host, host-to-subnet, or
176 subnet-to-subnet tunnel; transport, signifying host-to-host
177 transport mode; passthrough, signifying that no IPsec processing
178 should be done at all; drop, signifying that packets should be
179 discarded; and reject, signifying that packets should be discarded
180 and a diagnostic ICMP returned.
181
182 left
183 (required) the IP address of the left participant´s public-network
184 interface, in any form accepted by ipsec_ttoaddr(3). Currently,
185 IPv4 and IPv6 IP addresses are supported. There are several magic
186 values. If it is %defaultroute, and the config setup section´s,
187 interfaces specification contains %defaultroute, left will be
188 filled in automatically with the local address of the default-route
189 interface (as determined at IPsec startup time); this also
190 overrides any value supplied for leftnexthop. (Either left or right
191 may be %defaultroute, but not both.) The value %any signifies an
192 address to be filled in (by automatic keying) during negotiation.
193 The value %opportunistic signifies that both left and leftnexthop
194 are to be filled in (by automatic keying) from DNS data for left´s
195 client. The value can also contain the interface name, which will
196 then later be used to obtain the IP address from to fill in. For
197 example %ppp0 The values %group and %opportunisticgroup makes this
198 a policy group conn: one that will be instantiated into a regular
199 or opportunistic conn for each CIDR block listed in the policy
200 group file with the same name as the conn.
201
202 If using IP addresses in combination with NAT, always use the
203 actual local machine´s (NAT´ed) IP address, and if the remote (eg
204 right=) is NAT´ed as well, the remote´s public (not NAT´ed) IP
205 address. Note that this makes the configuration no longer
206 symmetrical on both sides, so you cannot use an identical
207 configuration file on both hosts.
208
209 leftsubnet
210 private subnet behind the left participant, expressed as
211 network/netmask (actually, any form acceptable to
212 ipsec_ttosubnet(3)); Currentlly, IPv4 and IPv6 ranges are
213 supported. if omitted, essentially assumed to be left/32,
214 signifying that the left end of the connection goes to the left
215 participant only
216
217 leftsubnets
218 specify multiple private subnets behind the left participant,
219 expressed as { networkA/netmaskA networkB/netmaskB [...] } If both
220 a leftsubnets= and rightsubnets= is defined, all combinations of
221 subnet tunnels will be instantiated. You cannot use leftsubnet and
222 leftsubnets together. For examples see testing/pluto/multinet-*.
223
224 leftprotoport
225 allowed protocols and ports over connection, also called Port
226 Selectors. The argument is in the form protocol, which can be a
227 number or a name that will be looked up in /etc/protocols, such as
228 leftprotoport=icmp, or in the form of protocol/port, such as
229 tcp/smtp. Ports can be defined as a number (eg. 25) or as a name
230 (eg smtp) which will be looked up in /etc/services. A special
231 keyword %any can be used to allow all ports of a certain protocol.
232 The most common use of this option is for L2TP connections to only
233 allow l2tp packets (UDP port 1701), eg: leftprotoport=17/1701. Some
234 clients, notably older Windows XP and some Mac OSX clients, use a
235 random high port as source port. In those cases
236 rightprotoport=17/%any can be used to allow all UDP traffic on the
237 connection. Note that this option is part of the proposal, so it
238 cannot be arbitrarily left out if one end does not care about the
239 traffic selection over this connection - both peers have to agree.
240 The Port Selectors show up in the output of ipsec eroute and ipsec
241 auto --status eg:"l2tp":
242 193.110.157.131[@aivd.xelernace.com]:7/1701...%any:17/1701 This
243 option only filters outbound traffic. Inbound traffic selection
244 must still be based on firewall rules activated by an updown
245 script. The variablees $PLUTO_MY_PROTOCOL, $PLUTO_PEER_PROTOCOL,
246 $PLUTO_MY_PORT, and $PLUTO_PEER_PORT are available for use in
247 updown scripts. Older workarounds for bugs involved a setting of
248 17/0 to denote any single UDP port (not UDP port 0). Some clients,
249 most notably OSX, uses a random high port, instead of port 1705 for
250 L2TP.
251
252 leftnexthop
253 next-hop gateway IP address for the left participant´s connection
254 to the public network; defaults to %direct (meaning right). If the
255 value is to be overridden by the left=%defaultroute method (see
256 above), an explicit value must not be given. If that method is not
257 being used, but leftnexthop is %defaultroute, and
258 interfaces=%defaultroute is used in the config setup section, the
259 next-hop gateway address of the default-route interface will be
260 used. The magic value %direct signifies a value to be filled in (by
261 automatic keying) with the peer´s address. Relevant only locally,
262 other end need not agree on it.
263
264 leftsourceip
265 the IP address for this host to use when transmitting a packet to
266 the other side of this link. Relevant only locally, the other end
267 need not agree. This option is used to make the gateway itself use
268 its internal IP, which is part of the leftsubnet, to communicate to
269 the rightsubnet or right. Otherwise, it will use its nearest IP
270 address, which is its public IP address. This option is mostly used
271 when defining subnet-subnet connections, so that the gateways can
272 talk to each other and the subnet at the other end, without the
273 need to build additional host-subnet, subnet-host and host-host
274 tunnels. Both IPv4 and IPv6 addresses are supported.
275
276 leftupdown
277 what “updown” script to run to adjust routing and/or firewalling
278 when the status of the connection changes (default ipsec _updown).
279 May include positional parameters separated by white space
280 (although this requires enclosing the whole string in quotes);
281 including shell metacharacters is unwise. An example to enable
282 routing when using the NETKEY stack, one can use:
283
284 leftupdown="ipsec _updown --route yes"
285
286 See ipsec_pluto(8) for details. Relevant only locally, other end
287 need not agree on it.
288
289 leftfirewall
290 This option is obsolete and should not used anymore.
291
292 If one or both security gateways are doing forwarding firewalling
293 (possibly including masquerading), and this is specified using the
294 firewall parameters, tunnels established with IPsec are exempted from
295 it so that packets can flow unchanged through the tunnels. (This means
296 that all subnets connected in this manner must have distinct,
297 non-overlapping subnet address blocks.) This is done by the default
298 updown script (see ipsec_pluto(8)).
299
300 The implementation of this makes certain assumptions about firewall
301 setup, and the availability of the Linux Advanced Routing tools. In
302 situations calling for more control, it may be preferable for the user
303 to supply his own updown script, which makes the appropriate
304 adjustments for his system.
305
306 CONN PARAMETERS: AUTOMATIC KEYING
307 The following parameters are relevant only to automatic keying, and are
308 ignored in manual keying. Unless otherwise noted, for a connection to
309 work, in general it is necessary for the two ends to agree exactly on
310 the values of these parameters.
311
312 auto
313 what operation, if any, should be done automatically at IPsec
314 startup; currently-accepted values are add (signifying an ipsec
315 auto --add), route (signifying that plus an ipsec auto --route),
316 start (signifying that plus an ipsec auto --up), manual (signifying
317 an ipsec manual --up), and ignore (also the default) (signifying no
318 automatic startup operation). See the config setup discussion
319 below. Relevant only locally, other end need not agree on it (but
320 in general, for an intended-to-be-permanent connection, both ends
321 should use auto=start to ensure that any reboot causes immediate
322 renegotiation).
323
324 authby
325 how the two security gateways should authenticate each other;
326 acceptable values are secret for shared secrets, rsasig for RSA
327 digital signatures (the default), secret|rsasig for either, and
328 never if negotiation is never to be attempted or accepted (useful
329 for shunt-only conns). Digital signatures are superior in every way
330 to shared secrets.
331
332 ike
333 IKE encryption/authentication algorithm to be used for the
334 connection (phase 1 aka ISAKMP SA). The format is
335 "cipher-hash;modpgroup, cipher-hash;modpgroup, ..." Any left out
336 option will be filled in with all allowed default options. Multiple
337 proposals are separated by a comma. If a modp group is specified,
338 the encryption and authentication algorithms must be specified as
339 well. If an authentication algorithm is specified, an encryption
340 algorithm must be specified as well.
341
342 If an ike= line is specified, no other received proposals will be
343 accepted. Formerly there was a distinction (by using a "!" symbol)
344 between "strict mode" or not. That mode has been obsoleted. If an
345 ike= option is specified, the mode is always strict, meaning no
346 other received proposals will be accepted.
347
348 Some examples are ike=3des-sha1,aes-sha1, ike=aes,
349 ike=aes128,aes256, ike=aes128-md5;modp2048, ike=aes128-sha1;dh22,
350 ike=3des-md5;modp1024,aes-sha1;modp1536. Note that aes without a
351 key size refers to aes128, not aes256.
352
353 The default is to use IKE, and to allow all combinations of:
354
355 cipher: 3des or aes128
356 hash: sha1 or md5
357 pfsgroup (DHgroup): modp1024 or modp1536
358
359 If Openswan was compiled with extra INSECURE and BROKEN options,
360 then the des (1des) and null cipher, as well as modp768 are
361 available. This turns your VPN into a joke. Do not enable these
362 options.
363
364 If openswan was compiled with USE_MODP_RFC5114 support, then
365 Diffie-Hellman groups 22, 23 and 24 are also implemented as per
366 RFC-5114. Instead of the modp key syntax, use the "dh" keyword, for
367 example ike=3des-sha1;dh23
368
369 phase2
370 Sets the type of SA that will be produced. Valid options are: esp
371 for encryption (the default), and ah for authentication only.
372
373 phase2alg
374 Specifies the algorithms that will be offered/accepted for a phase2
375 negotiation. If not specified, a secure set of defaults will be
376 used which includes AES and 3DES for encryption, SHA1 and MD5 for
377 authentication, and MODP1024 and MODP1536 for DiffieHellman/MODP.
378 If specifying multiple sets, the order specifies the preference.
379
380 If a phase2alg= is specified, the specified set becomes the full
381 set and it is not augmented with the builtin default set (this is
382 known as ´strict mode´ in older openswan versions). Sets are
383 separated using comma´s. If entries in a set do not specify an
384 encryption, authentication or modp group, permutations of the
385 default set are used. For example, phase2alg=aes allows
386 aes-sha1;modp1024, aes-md5;modp1024, aes-sha1;modp1536 and
387 aes-md5;modp1536.
388
389 The default values are the same as for ike=. If PFS is enabled
390 (pfs=yes), the default modp group for ESP will be the same as
391 negotiated for IKE. Not all ciphers available to the kernel (eg
392 through CryptoAPI) are necessarilly available for ESP.
393
394 The format for ESP is ENC-AUTH followed by an optional PFSgroup.
395 For example, phase2alg=3des-md5 or phase2alg=aes256-sha1;modp2048
396 or phase2alg=aes-sha1,aes-md5.
397
398 The format for AH is AUTH followed by an optional PFSgroup. For
399 example: phase2alg=md5 or phase2alg=sha1;modp1536.
400
401 Some algorithms allow specifying a key size. For the encryption
402 algorithm, the keysize number in bits is appended to the name. for
403 the authentication algorithm, the key size is appended using an
404 underline prefix. For example:
405 phase2alg=aes256-sha2_256,aes128-sha1. Algorithms with fixed key
406 size (such as 3des) should not specify their key size.
407
408 For RFC-5114 DH groups, use the dh keyword, eg aes256-sha1;dh23. If
409 specifying a modp group, an encryption algorithm and authentication
410 algorithm must also be specified.
411
412 CCM and GCM are combinatory encryption algorithms with builtin
413 authentication. When using a CCM/GCM phase2alg, there is no
414 separate authentication algorithm used, and "null" is configured
415 for the authentication algorithm. Valid key sizes are 128, 192 and
416 256. An Integrity Check Value (ICV) is denoted by a letter, where a
417 = 8, b = 12 and c = 16. CCM requires an additional 24 bits of salt
418 which is added to the key size value. GCM requires and additional
419 32 bits of salt which is added to the key size calue. For example:
420 phase2alg=aes_ccm_a-152-null or phase2alg=aes_gcm_c-160-null
421
422 Note that libreswan, unlike openswan, does not require adding the
423 salt value to the keysize. It also supports aliases without ICV
424 modifier (eg aes_ccm and aes_gcm) which refer to the ICV = 16
425 version.
426
427 sha2_truncbug
428 The default hash truncation for sha2_256 is 128 bits. Linux
429 implemented the draft version which stated 96 bits. This option
430 enables using the bad 96 bits version to interop with older linux
431 kernels (unpatched version 2.6.33 and older) and openswan versions
432 before 2.6.38. Currently the accepted values are no, (the default)
433 signifying default IETF truncation of 128 bits, or yes, signifying
434 96 bits broken Linux kernel style truncation.
435
436 esp
437 This option is obsolete. Please use phase2alg instead.
438
439 ah
440 AH authentication algorithm to be used for the connection, e.g
441 here. hmac-md5 The options must be suitable as a value of
442 ipsec_spi(8)´s --ah option. The default is not to use AH. If for
443 some (invalid) reason you still think you need AH, please use esp
444 with the null encryption cipher instead. Note also that not all
445 ciphers available to the kernel (eg through CryptoAPI) are
446 necessarilly supported here.
447
448 ikev2
449 IKEv2 (RFC4309) settings to be used. Currently the accepted values
450 are permit, (the default) signifying no IKEv2 should be
451 transmitted, but will be accepted if the other ends initiates to us
452 with IKEv2; never or no signifying no IKEv2 negotiation should be
453 transmitted or accepted; propose or yes signifying that we permit
454 IKEv2, and also use it as the default to initiate; insist,
455 signifying we only accept and receive IKEv2 - IKEv1 negotiations
456 will be rejected.
457
458 If the ikev2= setting is set to permit or propose, Openswan will
459 try and detect a "bid down" attack from IKEv2 to IKEv1. Since there
460 is no standard for transmitting the IKEv2 capability with IKEv1,
461 Openswan uses a special Vendor ID "CAN-IKEv2". If a fall back from
462 IKEv2 to IKEv1 was detected, and the IKEv1 negotiation contains
463 Vendor ID "CAN-IKEv2", Openswan will immediately attempt and IKEv2
464 rekey and refuse to use the IKEv1 connection. With an ikev2=
465 setting of insist, no IKEv1 negotiation is allowed, and no bid down
466 attack is possible.
467
468 sareftrack
469 Set the method of tracking reply packets with SArefs when using an
470 SAref compatible stack. Currently only the mast stack supports
471 this. Acceptable values are yes (the default), no. This option is
472 ignored when SArefs are not supported. This option is passed as
473 PLUTO_SAREF_TRACKING to the updown script which makes the actual
474 decisions whether to perform any iptables/ip_conntrack
475 manipulation. A value of yes means that an IPSEC mangle table will
476 be created. This table will be used to match reply packets. A value
477 of no means no IPSEC mangle table is created, and SAref tracking is
478 left to a third-party (kernel) module. In case of a third party
479 module, the SArefs can be relayed using the HAVE_STATSD deamon.
480
481 leftid
482 how the left participant should be identified for authentication;
483 defaults to left. Can be an IP address (in any ipsec_ttoaddr(3)
484 syntax) or a fully-qualified domain name preceded by @ (which is
485 used as a literal string and not resolved). The magic value
486 %fromcert causes the ID to be set to a DN taken from a certificate
487 that is loaded. Prior to 2.5.16, this was the default if a
488 certificate was specified. The magic value %none sets the ID to no
489 ID. This is included for completeness, as the ID may have been set
490 in the default conn, and one wishes for it to default instead of
491 being explicitly set. The magic value %myid stands for the current
492 setting of myid. This is set in config setup or by ipsec_whack(8)),
493 or, if not set, it is the IP address in %defaultroute (if that is
494 supported by a TXT record in its reverse domain), or otherwise it
495 is the system´s hostname (if that is supported by a TXT record in
496 its forward domain), or otherwise it is undefined.
497
498 leftrsasigkey
499 the left participant´s public key for RSA signature authentication,
500 in RFC 2537 format using ipsec_ttodata(3) encoding. The magic value
501 %none means the same as not specifying a value (useful to override
502 a default). The value %dnsondemand (the default) means the key is
503 to be fetched from DNS at the time it is needed. The value
504 %dnsonload means the key is to be fetched from DNS at the time the
505 connection description is read from ipsec.conf; currently this will
506 be treated as %none if right=%any or right=%opportunistic. The
507 value %dns is currently treated as %dnsonload but will change to
508 %dnsondemand in the future. The identity used for the left
509 participant must be a specific host, not %any or another magic
510 value. The value %cert will load the information required from a
511 certificate defined in %leftcert and automatically define leftid
512 for you. Caution: if two connection descriptions specify different
513 public keys for the same leftid, confusion and madness will ensue.
514
515 leftrsasigkey2
516 if present, a second public key. Either key can authenticate the
517 signature, allowing for key rollover.
518
519 leftcert
520 If you are using leftrsasigkey=%cert this defines the certificate
521 you would like to use. It should point to a X.509 encoded
522 certificate file. If you do not specify a full pathname, by default
523 it will look in /etc/ipsec.d/certs. If openswan has been compiled
524 with USE_LIBNSS=true, then openswan will also check the NSS
525 database for RSA keys. These can be software or hardware.
526
527 leftca
528 specifies the authorized Certificate Authority (CA) that signed the
529 certificate of the peer. If undefined, it defaults to the CA that
530 signed the certificate specified in leftcert. The special
531 rightca=%same is implied when not specifying a rightca and means
532 that only peers with certificates signed by the same CA as the
533 leftca will be allowed. This option is only useful in complex multi
534 CA certificate situations. When using a single CA, it can be safely
535 omitted for both left and right.
536
537 leftsendcert
538 This option configures when Openswan will send X.509 certificates
539 to the remote host. Acceptable values are yes|always (signifying
540 that we should always send a certificate), ifasked (signifying that
541 we should send a certificate if the remote end asks for it), and
542 no|never (signifying that we will never send a X.509 certificate).
543 The default for this option is ifasked which may break
544 compatibility with other vendor´s IPSec implementations, such as
545 Cisco and SafeNet. If you find that you are getting errors about no
546 ID/Key found, you likely need to set this to always. This per-conn
547 option replaces the obsolete global nocrsend option.
548
549 leftxauthserver
550 Left is an XAUTH server. This can use PAM for authentication or md5
551 passwords in /etc/ipsec.d/passwd. These are additional credentials
552 to verify the user identity, and should not be confused with the
553 XAUTH group secret, which is just a regular PSK defined in
554 ipsec.secrets. The other side of the connection should be
555 configured as rightxauthclient. XAUTH connections cannot rekey, so
556 rekey=no should be specified in this conn. For further details on
557 how to compile and use XAUTH, see README.XAUTH. Acceptable values
558 are yes or no (the default).
559
560 leftxauthclient
561 Left is an XAUTH client. The xauth connection will have to be
562 started interactively and cannot be configured using auto=start.
563 Instead, it has to be started from the commandline using ipsec auto
564 --up connname. You will then be prompted for the username and
565 password. To setup an XAUTH connection non-interactively, which
566 defeats the whole purpose of XAUTH, but is regularly requested by
567 users, it is possible to use a whack command - ipsec whack --name
568 baduser --ipsecgroup-xauth --xauthname badusername --xauthpass
569 password --initiate The other side of the connection should be
570 configured as rightxauthserver. Acceptable values are yes or no
571 (the default).
572
573 leftxauthusername
574 The XAUTH username associated with this XAUTH connection. The XAUTH
575 password can be configured in the ipsec.secrets file.
576
577 leftmodecfgserver
578 Left is a Mode Config server. It can push network configuration to
579 the client. Acceptable values are yes or no (the default).
580
581 leftmodecfgclient
582 Left is a Mode Config client. It can receive network configuration
583 from the server. Acceptable values are yes or no (the default).
584
585 modecfgpull
586 Pull the Mode Config network information from the server.
587 Acceptable values are yes or no (the default).
588
589 modecfgdns1, modecfgdns2
590 Specify the IP address for DNS servers for the client to use.
591
592 remote_peer_type
593 Set the remote peer type. This can enable additional processing
594 during the IKE negotiation. Acceptable values are cisco or ietf
595 (the default). When set to cisco, support for Cisco IPsec gateway
596 redirection and Cisco obtained DNS and domainname are enabled. This
597 includes automatically updating (and restoring) /etc/resolv.conf.
598 These options require that XAUTH is also enabled on this
599 connection.
600
601 nm_configured
602 Mark this connection as controlled by Network Manager. Acceptable
603 values are yes or no (the default). Currently, setting this to yes
604 will cause openswan to skip reconfiguring resolv.conf when used
605 with XAUTH and ModeConfig.
606
607 forceencaps
608 In some cases, for example when ESP packets are filtered or when a
609 broken IPsec peer does not properly recognise NAT, it can be useful
610 to force RFC-3948 encapsulation. forceencaps=yes forces the NAT
611 detection code to lie and tell the remote peer that RFC-3948
612 encapsulation (ESP in UDP port 4500 packets) is required. For this
613 option to have any effect, the setup section option
614 nat_traversal=yes needs to be set. Acceptable values are yes or no
615 (the default).
616
617 nat_keepalive
618 whether to send any NAT-T keep-alives. These 1 byte packets are
619 send to prevent the NAT router from closing its port when there is
620 not enough traffic on the IPsec connection. Acceptable values are:
621 yes (the deault) and no. This per-conn option takes precedence over
622 the global (config setup) force_keepalive= option.
623
624 overlapip
625 a boolean (yes/no) that determines, when *subnet=vhost: is used, if
626 the virtual IP claimed by this states created from this connection
627 can with states created from other connections.
628
629 Note that connection instances created by the Opportunistic
630 Encryption or PKIX (x.509) instantiation system are distinct
631 internally. They will inherit this policy bit.
632
633 The default is no.
634
635 This feature is only available with kernel drivers that support SAs
636 to overlapping conns. At present only the (klips)mast protocol
637 stack supports this feature.
638
639 dpddelay
640 Set the delay (in seconds) between Dead Peer Dectection (RFC 3706)
641 keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for this
642 connection (default 30 seconds). If dpddelay is set, dpdtimeout
643 also needs to be set.
644
645 dpdtimeout
646 Set the length of time (in seconds) we will idle without hearing
647 either an R_U_THERE poll from our peer, or an R_U_THERE_ACK reply.
648 After this period has elapsed with no response and no traffic, we
649 will declare the peer dead, and remove the SA (default 120
650 seconds). If dpdtimeout is set, dpdaction also needs to be set.
651
652 dpdaction
653 When a DPD enabled peer is declared dead, what action should be
654 taken. hold (default) means the eroute will be put into %hold
655 status, while clear means the eroute and SA with both be cleared.
656 restart means the the SA will immediately be renegotiated, and
657 restart_by_peer means that ALL SA´s to the dead peer will
658 renegotiated.
659
660 dpdaction=clear is really only useful on the server of a Road
661 Warrior config.
662
663 pfs
664 whether Perfect Forward Secrecy of keys is desired on the
665 connection´s keying channel (with PFS, penetration of the
666 key-exchange protocol does not compromise keys negotiated earlier);
667 Since there is no reason to ever refuse PFS, Openswan will allow a
668 connection defined with pfs=no to use PFS anyway. Acceptable values
669 are yes (the default) and no.
670
671 pfsgroup
672 This option is obsoleted, please use phase2alg if you need the pfs
673 to be different from phase1 (the default) using:
674 phase2alg=aes128-md5;modp1024
675
676 aggrmode
677 Use Aggressive Mode instead of Main Mode. Aggressive Mode is less
678 secure, and vulnerable to Denial Of Service attacks. It is also
679 vulnerable to brute force attacks with software such as ikecrack.
680 It should not be used, and it should especially not be used with
681 XAUTH and group secrets (PSK). If the remote system administrator
682 insists on staying irresponsible, enable this option.
683
684 Aggressive Mode is further limited to only proposals with one DH
685 group as there is no room to negotiate the DH group. Therefor it is
686 mandatory for Aggressive Mode connections that both ike= and
687 phase2alg= options are specified with only fully specified proposal
688 using one DH group. Acceptable values are yes or no (the default).
689
690 The ISAKMP SA is created in exchange 1 in aggressive mode. Openswan
691 has to send the exponent during that exchange, so it has to know
692 what DH group to use before starting. This is why you can not have
693 multiple DH groups in aggressive mode. In IKEv2, which uses a
694 similar method to IKEv1 Aggressive Mode, there is a message to
695 convey the DH group is wrong, and so an IKEv2 connection can
696 actually recover from picking the wrong DH group by restarting its
697 negotiation.
698
699 salifetime
700 how long a particular instance of a connection (a set of
701 encryption/authentication keys for user packets) should last, from
702 successful negotiation to expiry; acceptable values are an integer
703 optionally followed by s (a time in seconds) or a decimal number
704 followed by m, h, or d (a time in minutes, hours, or days
705 respectively) (default 8h, maximum 24h). Normally, the connection
706 is renegotiated (via the keying channel) before it expires. The two
707 ends need not exactly agree on salifetime, although if they do not,
708 there will be some clutter of superseded connections on the end
709 which thinks the lifetime is longer.
710
711 The keywords "keylife" and "lifetime" are aliases for "salifetime."
712
713 rekey
714 whether a connection should be renegotiated when it is about to
715 expire; acceptable values are yes (the default) and no. The two
716 ends need not agree, but while a value of no prevents Pluto from
717 requesting renegotiation, it does not prevent responding to
718 renegotiation requested from the other end, so no will be largely
719 ineffective unless both ends agree on it.
720
721 rekeymargin
722 how long before connection expiry or keying-channel expiry should
723 attempts to negotiate a replacement begin; acceptable values as for
724 salifetime (default 9m). Relevant only locally, other end need not
725 agree on it.
726
727 rekeyfuzz
728 maximum percentage by which rekeymargin should be randomly
729 increased to randomize rekeying intervals (important for hosts with
730 many connections); acceptable values are an integer, which may
731 exceed 100, followed by a `%´ (default set by ipsec_pluto(8),
732 currently 100%). The value of rekeymargin, after this random
733 increase, must not exceed salifetime. The value 0% will suppress
734 time randomization. Relevant only locally, other end need not agree
735 on it.
736
737 keyingtries
738 how many attempts (a whole number or %forever) should be made to
739 negotiate a connection, or a replacement for one, before giving up
740 (default %forever). The value %forever means “never give up”
741 (obsolete: this can be written 0). Relevant only locally, other end
742 need not agree on it.
743
744 ikelifetime
745 how long the keying channel of a connection (buzzphrase: “ISAKMP
746 SA”) should last before being renegotiated; acceptable values as
747 for keylife (default set by ipsec_pluto(8), currently 1h, maximum
748 24h). The two-ends-disagree case is similar to that of keylife.
749
750 compress
751 whether IPComp compression of content is proposed on the connection
752 (link-level compression does not work on encrypted data, so to be
753 effective, compression must be done before encryption); acceptable
754 values are yes and no (the default). The two ends need not agree. A
755 value of yes causes IPsec to propose both compressed and
756 uncompressed, and prefer compressed. A value of no prevents IPsec
757 from proposing compression; a proposal to compress will still be
758 accepted.
759
760 metric
761 Set the metric for the routes to the ipsecX or mastX interface.
762 This makes it possible to do host failover from another interface
763 to ipsec using route management. This value is passed to the
764 _updown scripts as PLUTO_METRIC. This option is only available with
765 KLIPS or MAST on Linux. Acceptable values are positive numbers,
766 with the default being 1.
767
768 disablearrivalcheck
769 whether KLIPS´s normal tunnel-exit check (that a packet emerging
770 from a tunnel has plausible addresses in its header) should be
771 disabled; acceptable values are yes and no (the default).
772 Tunnel-exit checks improve security and do not break any normal
773 configuration. Relevant only locally, other end need not agree on
774 it.
775
776 failureshunt
777 what to do with packets when negotiation fails. The default is
778 none: no shunt; passthrough, drop, and reject have the obvious
779 meanings.
780
781 CONN PARAMETERS: MANUAL KEYING
782 This command was obsoleted around the same time that Al Gore invented
783 the internet. ipsec manual was used in the jurassic period to load
784 static keys into the kernel. There are no rational reasons to use this,
785 and it is not supported anymore. If you need to create static SAs, then
786 you can use ipsec spi and ipsec eroute when using KLIPS or ip xfrm or
787 setkey when using NETKEY.
788
789 No rational person uses static keys. They are not easier to use.
790 REPEAT: they are not easier to use.
791
793 At present, the only config section known to the IPsec software is the
794 one named setup, which contains information used when the software is
795 being started (see ipsec_setup(8)). Here´s an example:
796
797
798 config setup
799 interfaces="ipsec0=eth1 ipsec1=ppp0"
800 klipsdebug=none
801 plutodebug=control
802 protostack=auto
803 manualstart=
804
805 Parameters are optional unless marked “(required)”.
806
807 The currently-accepted parameter names in a config setup section are:
808
809 myid
810 the identity to be used for %myid. %myid is used in the implicit
811 policy group conns and can be used as an identity in explicit
812 conns. If unspecified, %myid is set to the IP address in
813 %defaultroute (if that is supported by a TXT record in its reverse
814 domain), or otherwise the system´s hostname (if that is supported
815 by a TXT record in its forward domain), or otherwise it is
816 undefined. An explicit value generally starts with ``@´´.
817
818 protostack
819 decide which protocol stack is going to be used. Valid values are
820 "auto", "klips", "netkey" and "mast". The "mast" stack is a
821 variation for the klips stack.
822
823 interfaces
824 virtual and physical interfaces for IPsec to use: a single
825 virtual=physical pair, a (quoted!) list of pairs separated by white
826 space, or %none. One of the pairs may be written as %defaultroute,
827 which means: find the interface d that the default route points to,
828 and then act as if the value was ``ipsec0=d´´. %defaultroute is
829 the default; %none must be used to denote no interfaces, or when
830 using the NETKEY stack. If %defaultroute is used (implicitly or
831 explicitly) information about the default route and its interface
832 is noted for use by ipsec_manual(8) and ipsec_auto(8).)
833
834 listen
835 IP address to listen on (default depends on interfaces= setting).
836 Currently only accepts one IP address.
837
838 nat_traversal
839 whether to accept/offer to support NAT (NAPT, also known as "IP
840 Masqurade") workaround for IPsec. Acceptable values are: yes and no
841 (the default). This parameter may eventually become per-connection.
842
843 disable_port_floating
844 whether to enable the newer NAT-T standards for port floating.
845 Acceptable values are no (the default) and yes .
846
847 force_keepalive
848 whether to force sending NAT-T keep-alives to support NAT which are
849 send to prevent the NAT router from closing its port when there is
850 not enough traffic on the IPsec connection. Acceptable values are:
851 yes and no (the default). This parameter may eventually become
852 per-connection.
853
854 keep_alive
855 The delay (in seconds) for NAT-T keep-alive packets, if these are
856 enabled using force_keepalive This parameter may eventually become
857 per-connection.
858
859 virtual_private
860 contains the networks that are allowed as subnet= for the remote
861 client. In other words, the address ranges that may live behind a
862 NAT router through which a client connects. This value is usually
863 set to all the RFC-1918 address space, excluding the space used in
864 the local subnet behind the NAT (An IP address cannot live at two
865 places at once). IPv4 address ranges are denoted as %v4:a.b.c.d/mm
866 and IPv6 is denoted as %v6:aaaa::bbbb:cccc:dddd:eeee/mm. One can
867 exclude subnets by using the !. For example, if the VPN server is
868 giving access to 192.168.1.0/24, this option should be set to:
869 virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.1.0/24.
870 This parameter is only needed on the server side and not on the
871 client side that resides behind the NAT router, as the client will
872 just use its IP address for the inner IP setting. This parameter
873 may eventually become per-connection.
874
875 oe
876 a boolean (yes/no) that determines if Opportunistic Encryption will
877 be enabled. Opportunistic Encryption is the term to describe using
878 IPsec tunnels without prearrangement. It uses IPSECKEY or TXT
879 records to announce public RSA keys for certain IP´s or identities.
880
881 For a complete description see
882 /doc/draft-richardson-ipsec-opportunistic.txt,
883 doc/opportunism-spec.txt and doc/opportunism.howto. See also the
884 IETF BTNS working group and RFC4025.
885
886 The default is no.
887
888 This feature is only available with kernel drivers that support the
889 caching of packets (%hold eroutes or equivalent) that allows us to
890 respond to a packet from an unknown IP address. At present only the
891 (klips)mast protocol stack supports this feature.
892
893 nhelpers
894 how many pluto helpers are started to help with cryptographic
895 operations. Pluto will start (n-1) of them, where n is the number
896 of CPU´s you have (including hypherthreaded CPU´s). A value of 0
897 forces pluto to do all operations in the main process. A value of
898 -1 tells pluto to perform the above calculation. Any other value
899 forces the number to that amount.
900
901 crlcheckinterval
902 interval, specified in seconds, after which pluto will verify
903 loaded X.509 CRL´s for expiration. If any of the CRL´s is expired,
904 or if they previously failed to get updated, a new attempt at
905 updating the CRL is made. The first attempt to update a CRL is
906 started at two times the crlcheckinterval. If set to 0, which is
907 also the default value if this option is not specified, CRL
908 updating is disabled.
909
910 strictcrlpolicy
911 if not set, pluto is tolerant about missing or expired X.509
912 Certificate Revocation Lists (CRL´s), and will allow peer
913 certificates as long as they do not appear on an expired CRL. When
914 this option is enabled, all connections with an expired or missing
915 CRL will be denied. Active connections will be terminated at rekey
916 time. This setup is more secure, but also dangerous. If the CRL is
917 fetched through an IPsec tunnel with a CRL that expired, the entire
918 VPN server will be dead in the water until a new CRL is manually
919 transferred to the machine (if it allows non-IPsec connections).
920 Acceptable values are yes or no (the default).
921
922 forwardcontrol
923 This option is obsolete and ignored. Please use
924 net.ipv4.ip_forward = 0 in /etc/sysctl.conf instead to control the
925 ip forwarding behaviour.
926
927 rp_filter
928 This option is obsolete and ignored. Please use the
929 net.ipv4.conf/[iface]/rp_filter = 0 options in /etc/sysctl.conf
930 instead. This option is badly documented; it must be 0 in many
931 cases for ipsec to function.
932
933 syslog
934 the syslog(2) “facility” name and priority to use for
935 startup/shutdown log messages, default daemon.error.
936
937 klipsdebug
938 how much KLIPS debugging output should be logged. An empty value,
939 or the magic value none, means no debugging output (the default).
940 The magic value all means full output. Otherwise only the specified
941 types of output (a quoted list, names separated by white space) are
942 enabled; for details on available debugging types, see
943 ipsec_klipsdebug(8). This KLIPS option has no effect on NETKEY,
944 Windows or BSD stacks.
945
946 plutodebug
947 how much Pluto debugging output should be logged. An empty value,
948 or the magic value none, means no debugging output (the default).
949 The magic value all means full output. Otherwise only the specified
950 types of output (a quoted list, names without the --debug- prefix,
951 separated by white space) are enabled; for details on available
952 debugging types, see ipsec_pluto(8).
953
954 uniqueids
955 whether a particular participant ID should be kept unique, with any
956 new (automatically keyed) connection using an ID from a different
957 IP address deemed to replace all old ones using that ID. Acceptable
958 values are yes (the default) and no. Participant IDs normally are
959 unique, so a new (automatically-keyed) connection using the same ID
960 is almost invariably intended to replace an old one.
961
962 plutorestartoncrash
963 prevent pluto from restarting after it crashed. This option should
964 only be used when debugging a crasher. It will prevent overwriting
965 a core file on a new start, or a cascade of core files. This option
966 is also required if used with plutostderrlog= to avoid clearing the
967 logs of the crasher. Values can be yes (the default) or no.
968
969 plutoopts
970 additional options to pass to pluto upon startup. See
971 ipsec_pluto(8).
972
973 plutostderrlog
974 do not use syslog, but rather log to stderr, and direct stderr to
975 the argument file.
976
977 pluto
978 whether to start Pluto or not; Values are yes (the default) or no
979 (useful only in special circumstances).
980
981 plutowait
982 should Pluto wait for each negotiation attempt that is part of
983 startup to finish before proceeding with the next? Values are yes
984 or no (the default).
985
986 prepluto
987 shell command to run before starting Pluto (e.g., to decrypt an
988 encrypted copy of the ipsec.secrets file). It´s run in a very
989 simple way; complexities like I/O redirection are best hidden
990 within a script. Any output is redirected for logging, so running
991 interactive commands is difficult unless they use /dev/tty or
992 equivalent for their interaction. Default is none.
993
994 postpluto
995 shell command to run after starting Pluto (e.g., to remove a
996 decrypted copy of the ipsec.secrets file). It´s run in a very
997 simple way; complexities like I/O redirection are best hidden
998 within a script. Any output is redirected for logging, so running
999 interactive commands is difficult unless they use /dev/tty or
1000 equivalent for their interaction. Default is none.
1001
1002 dumpdir
1003 in what directory should things started by setup (notably the Pluto
1004 daemon) be allowed to dump core? The empty value (the default)
1005 means they are not allowed to.
1006
1007 fragicmp
1008 whether a tunnel´s need to fragment a packet should be reported
1009 back with an ICMP message, in an attempt to make the sender lower
1010 his PMTU estimate; acceptable values are yes (the default) and no.
1011 This KLIPS option has no effect on NETKEY, Windows or BSD stacks.
1012
1013 hidetos
1014 whether a tunnel packet´s TOS field should be set to 0 rather than
1015 copied from the user packet inside; acceptable values are yes (the
1016 default) and no. This KLIPS option has no effect on NETKEY, Windows
1017 or BSD stacks.
1018
1019 overridemtu
1020 value that the MTU of the ipsecn interface(s) should be set to,
1021 overriding IPsec´s (large) default. This parameter is needed only
1022 in special situations. This KLIPS option has no effect on NETKEY,
1023 Windows or BSD stacks.
1024
1026 The system automatically defines several conns to implement default
1027 policy groups. Each can be overridden by explicitly defining a new conn
1028 with the same name. If the new conn has auto=ignore, the definition is
1029 suppressed.
1030
1031 Here are the automatically supplied definitions.
1032
1033
1034 conn clear
1035 type=passthrough
1036 authby=never
1037 left=%defaultroute
1038 right=%group
1039 auto=route
1040
1041 conn clear-or-private
1042 type=passthrough
1043 left=%defaultroute
1044 leftid=%myid
1045 right=%opportunisticgroup
1046 failureshunt=passthrough
1047 keyingtries=3
1048 ikelifetime=1h
1049 salifetime=1h
1050 rekey=no
1051 auto=route
1052
1053 conn private-or-clear
1054 type=tunnel
1055 left=%defaultroute
1056 leftid=%myid
1057 right=%opportunisticgroup
1058 failureshunt=passthrough
1059 keyingtries=3
1060 ikelifetime=1h
1061 salifetime=1h
1062 rekey=no
1063 auto=route
1064
1065 conn private
1066 type=tunnel
1067 left=%defaultroute
1068 leftid=%myid
1069 right=%opportunisticgroup
1070 failureshunt=drop
1071 keyingtries=3
1072 ikelifetime=1h
1073 salifetime=1h
1074 rekey=no
1075 auto=route
1076
1077 conn block
1078 type=reject
1079 authby=never
1080 left=%defaultroute
1081 right=%group
1082 auto=route
1083
1084 # default policy
1085 conn packetdefault
1086 type=tunnel
1087 left=%defaultroute
1088 leftid=%myid
1089 left=0.0.0.0/0
1090 right=%opportunistic
1091 failureshunt=passthrough
1092 keyingtries=3
1093 ikelifetime=1h
1094 salifetime=1h
1095 rekey=no
1096 auto=route
1097
1098 These conns are not affected by anything in conn %default. They will
1099 only work if %defaultroute works. The leftid will be the interfaces IP
1100 address; this requires that reverse DNS records be set up properly.
1101
1102 The implicit conns are defined after all others. It is appropriate and
1103 reasonable to use also=private-or-clear (for example) in any other
1104 opportunistic conn.
1105
1107 The optional files under /etc/ipsec.d/policy, including
1108
1109
1110 /etc/ipsec.d/policies/clear
1111 /etc/ipsec.d/policies/clear-or-private
1112 /etc/ipsec.d/policies/private-or-clear
1113 /etc/ipsec.d/policies/private
1114 /etc/ipsec.d/policies/block
1115
1116
1117 may contain policy group configuration information to supplement
1118 ipsec.conf. Their contents are not security-sensitive.
1119
1120 These files are text files. Each consists of a list of CIDR blocks, one
1121 per line. White space followed by # followed by anything to the end of
1122 the line is a comment and is ignored, as are empty lines.
1123
1124 A connection in ipsec.conf which has right=%group or
1125 right=%opportunisticgroup is a policy group connection. When a policy
1126 group file of the same name is loaded, with
1127
1128 ipsec auto --rereadgroups
1129
1130 or at system start, the connection is instantiated such that each CIDR
1131 block serves as an instance´s right value. The system treats the
1132 resulting instances as normal connections.
1133
1134 For example, given a suitable connection definition private, and the
1135 file /etc/ipsec.d/policy/private with an entry 192.0.2.3, the system
1136 creates a connection instance private#192.0.2.3. This connection
1137 inherits all details from private, except that its right client is
1138 192.0.2.3.
1139
1141 The standard Openswan install includes several policy groups which
1142 provide a way of classifying possible peers into IPsec security
1143 classes: private (talk encrypted only), private-or-clear (prefer
1144 encryption), clear-or-private (respond to requests for encryption),
1145 clear and block. Implicit policy groups apply to the local host only,
1146 and are implemented by the IMPLICIT CONNECTIONS described above.
1147
1149 When choosing a connection to apply to an outbound packet caught with a
1150 %trap, the system prefers the one with the most specific eroute that
1151 includes the packet´s source and destination IP addresses. Source
1152 subnets are examined before destination subnets. For initiating, only
1153 routed connections are considered. For responding, unrouted but added
1154 connections are considered.
1155
1156 When choosing a connection to use to respond to a negotiation which
1157 doesn´t match an ordinary conn, an opportunistic connection may be
1158 instantiated. Eventually, its instance will be /32 -> /32, but for
1159 earlier stages of the negotiation, there will not be enough information
1160 about the client subnets to complete the instantiation.
1161
1163 /etc/ipsec.conf
1164 /etc/ipsec.d/policies/clear
1165 /etc/ipsec.d/policies/clear-or-private
1166 /etc/ipsec.d/policies/private-or-clear
1167 /etc/ipsec.d/policies/private
1168 /etc/ipsec.d/policies/block
1169
1171 ipsec(8), ipsec_ttoaddr(8), ipsec_auto(8), ipsec_manual(8),
1172 ipsec_rsasigkey(8)
1173
1175 Designed for the FreeS/WAN project <http://www.freeswan.org> by Henry
1176 Spencer.
1177
1179 Before reporting new bugs, please ensure you are using the latest
1180 version of Openswan, and if not using KLIPS, please ensure you are
1181 using the latest kernel code for your IPsec stack.
1182
1183 When type or failureshunt is set to drop or reject, Openswan blocks
1184 outbound packets using eroutes, but assumes inbound blocking is handled
1185 by the firewall. Openswan offers firewall hooks via an “updown” script.
1186 However, the default ipsec _updown provides no help in controlling a
1187 modern firewall.
1188
1189 Including attributes of the keying channel (authentication methods,
1190 ikelifetime, etc.) as an attribute of a connection, rather than of a
1191 participant pair, is dubious and incurs limitations.
1192
1193 The use of %any with the protoport= option is ambiguous. Should the SA
1194 permits any port through or should the SA negotiate any single port
1195 through? The first is a basic conn with a wildcard. The second is a
1196 template. The second is the current behaviour, and it´s wrong for quite
1197 a number of uses involving TCP. The keyword %one may be introduced in
1198 the future to separate these two cases.
1199
1200 ipsec_manual is not nearly as generous about the syntax of subnets,
1201 addresses, etc. as the usual Openswan user interfaces. Four-component
1202 dotted-decimal must be used for all addresses. It is smart enough to
1203 translate bit-count netmasks to dotted-decimal form.
1204
1205 It would be good to have a line-continuation syntax, especially for the
1206 very long lines involved in RSA signature keys.
1207
1208 First packet caching is only implemented for the KLIPS(NG) and MAST
1209 stacks. NETKEY returns POSIX-breaking responses, visiable as connect:
1210 Resource temporarily unavailable errors. This affects Opportunistic
1211 Encryption and DPD. Functionality on the BSD and Windows stacks is
1212 unknown.
1213
1214 Some state information is only available when using KLIPS, and will
1215 return errors on other IPsec stacks. These include ipsec eroute, ipsec
1216 spi and ipsec look.
1217
1218 Multiple L2TP clients behind the same NAT router, and multiple L2TP
1219 clients behind different NAT routers using the same Virtual IP is
1220 currently only working for the KLIPSNG stack.
1221
1222 The ability to specify different identities, authby, and public keys
1223 for different automatic-keyed connections between the same participants
1224 is misleading; this doesn´t work dependably because the identity of the
1225 participants is not known early enough. This is especially awkward for
1226 the “Road Warrior” case, where the remote IP address is specified as
1227 0.0.0.0, and that is considered to be the “participant” for such
1228 connections.
1229
1230 In principle it might be necessary to control MTU on an
1231 interface-by-interface basis, rather than with the single global
1232 override that overridemtu provides. This feature is planned for a
1233 future release.
1234
1235 A number of features which could be implemented in both manual and
1236 automatic keying actually are not yet implemented for manual keying.
1237 This is unlikely to be fixed any time soon.
1238
1239 If conns are to be added before DNS is available, left=FQDN,
1240 leftnextop=FQDN, and leftrsasigkey=%dnsonload will fail.
1241 ipsec_pluto(8) does not actually use the public key for our side of a
1242 conn but it isn´t generally known at a add-time which side is ours
1243 (Road Warrior and Opportunistic conns are currently exceptions).
1244
1245 The myid option does not affect explicit
1246 ipsec auto --add or ipsec auto --replace commands for implicit conns.
1247
1248
1249
1250[FIXME: source] 10/16/2014 IPSEC.CONF(5)