1STRONGSWAN.CONF(5) strongSwan STRONGSWAN.CONF(5)
2
6 strongswan.conf - strongSwan configuration file
7
9 While the ipsec.conf(5) configuration file is well suited to define
10 IPsec related configuration parameters, it is not useful for other
11 strongSwan applications to read options from this file. The file is
12 hard to parse and only ipsec starter is capable of doing so. As the
13 number of components of the strongSwan project is continually growing,
14 a more flexible configuration file was needed, one that is easy to ex‐
15 tend and can be used by all components. With strongSwan 4.2.1
16 strongswan.conf(5) was introduced which meets these requirements.
17
20 The format of the strongswan.conf file consists of hierarchical sec‐
21 tions and a list of key/value pairs in each section. Each section has a
22 name, followed by C-Style curly brackets defining the section body.
23 Each section body contains a set of subsections and key/value pairs:
24 settings := (section|keyvalue)*
26 section := name { settings }
27 keyvalue := key = value\n
28 Values must be terminated by a newline.
30 Comments are possible using the #-character.
32 Section names and keys may contain any printable character except:
34 . , : { } = " # \n \t space
36 An example file in this format might look like this:
38 a = b
40 section-one {
41 somevalue = asdf
42 subsection {
43 othervalue = xxx
44 }
45 # yei, a comment
46 yetanother = zz
47 }
48 section-two {
49 x = 12
50 }
51 Indentation is optional, you may use tabs or spaces.
53
56 Options that define an integer value can be specified as decimal (the
57 default) or hexadecimal ("0x" prefix, upper- or lowercase letters are
58 accepted). Locale-dependent strings (e.g. the thousands separator of
59 the current locale) may also be accepted in locales other than "C".
60 Options that define a floating-point value can be specified as decimal
62 (the default) or hexadecimal ("0x" prefix, upper- or lowercase letters
63 are accepted). The radix character (decimal separator) in either case
64 is locale-dependent, usually ".".
65
68 Unless stated otherwise, options that define a time are specified in
69 seconds. The "s", "m", "h" and "d" suffixes may be used to automati‐
70 cally convert values given in seconds, minutes, hours or days (for in‐
71 stance, instead of configuring a rekey time of 4 hours as "14400" sec‐
72 onds, "4h" may be used).
73 There are some global options that don't accept these suffixes as they
75 are configured as integer values in seconds or milliseconds, or even as
76 floating-point numbers (e.g. the retransmission timeout). Options that
77 accept the suffixes have a corresponding default value.
78
81 It is possible to inherit settings and sections from another section.
82 This feature is mainly useful in swanctl.conf (which uses the same file
83 format). The syntax is as follows:
84 section := name : references { settings }
86 references := absname[, absname]*
87 absname := name[.name]*
88 All key/value pairs and all subsections of the referenced sections will
90 be inherited by the section that references them via their absolute
91 name. Values may be overridden in the section or any of its sub-sec‐
92 tions (use an empty assignment to clear a value so its default value,
93 if any, will apply). It is currently not possible to limit the inclu‐
94 sion level or clear/remove inherited sub-sections.
95 If the order is important (e.g. for auth rounds in a connection, if
97 round is not used), it should be noted that inherited settings/sections
98 will follow those defined in the current section (if multiple sections
99 are referenced, their settings are enumerated left to right).
100 References are evaluated dynamically at runtime, so referring to sec‐
102 tions later in the config file or included via other files is no prob‐
103 lem.
104 Here is an example of how this might look like:
106 conn-defaults {
108 # default settings for all conns (e.g. a cert, or IP pools)
109 }
110 eap-defaults {
111 # defaults if eap is used (e.g. a remote auth round)
112 }
113 child-defaults {
114 # defaults for child configs (e.g. traffic selectors)
115 }
116 connections {
117 conn-a : conn-defaults, eap-defaults {
118 # set/override stuff specific to this connection
119 children {
120 child-a : child-defaults {
121 # set/override stuff specific to this child
122 }
123 }
124 }
125 conn-b : conn-defaults {
126 # set/override stuff specific to this connection
127 children {
128 child-b : child-defaults {
129 # set/override stuff specific to this child
130 }
131 }
132 }
133 conn-c : connections.conn-a {
134 # everything is inherited, including everything conn-a
135 # already inherits from the sections it and its
136 # sub-section reference
137 }
138 }
139
141 Using the include statement it is possible to include other files into
142 strongswan.conf, e.g.
143 include /some/path/*.conf
145 If the file name is not an absolute path, it is considered to be rela‐
147 tive to the directory of the file containing the include statement. The
148 file name may include shell wildcards (see sh(1)). Also, such inclu‐
149 sions can be nested.
150 Sections loaded from included files extend previously loaded sections;
152 already existing values are replaced. It is important to note that
153 settings are added relative to the section the include statement is in.
154 As an example, the following three files result in the same final con‐
156 fig as the one given above:
157 a = b
159 section-one {
160 somevalue = before include
161 include include.conf
162 }
163 include other.conf
164 include.conf:
166 # settings loaded from this file are added to section-one
167 # the following replaces the previous value
168 somevalue = asdf
169 subsection {
170 othervalue = yyy
171 }
172 yetanother = zz
173 other.conf:
175 # this extends section-one and subsection
176 section-one {
177 subsection {
178 # this replaces the previous value
179 othervalue = xxx
180 }
181 }
182 section-two {
183 x = 12
184 }
185
188 Values are accessed using a dot-separated section list and a key. With
189 reference to the example above, accessing section-one.subsection.other‐
190 value will return xxx.
191
194 The following keys are currently defined (using dot notation). The de‐
195 fault value (if any) is listed in brackets after the key.
196 aikgen.load []
198 Plugins to load in ipsec aikgen tool.
199 attest.database []
202 File measurement information database URI. If it contains a
203 password, make sure to adjust the permissions of the config file
204 accordingly.
205 attest.load []
208 Plugins to load in ipsec attest tool.
209 charon
212 Options for the charon IKE daemon.
213 Note: Many of the options in this section also apply to
215 charon-cmd and other charon derivatives. Just use their respec‐
216 tive name (e.g. charon-cmd instead of charon). For many op‐
217 tions defaults can be defined in the libstrongswan section.
218 charon.accept_private_algs [no]
221 Deliberately violate the IKE standard's requirement and allow
222 the use of private algorithm identifiers, even if the peer im‐
223 plementation is unknown.
224 charon.accept_unencrypted_mainmode_messages [no]
227 Accept unencrypted ID and HASH payloads in IKEv1 Main Mode.
228 Some implementations send the third Main Mode message unen‐
230 crypted, probably to find the PSKs for the specified ID for au‐
231 thentication. This is very similar to Aggressive Mode, and has
232 the same security implications: A passive attacker can sniff the
233 negotiated Identity, and start brute forcing the PSK using the
234 HASH payload.
235 It is recommended to keep this option to no, unless you know ex‐
237 actly what the implications are and require compatibility to
238 such devices (for example, some SonicWall boxes).
239 charon.block_threshold [5]
242 Maximum number of half-open IKE_SAs (including unprocessed
243 IKE_SA_INITs) for a single peer IP.
244 charon.cache_crls [no]
247 Whether Certificate Revocation Lists (CRLs) fetched via HTTP or
248 LDAP should be saved under a unique file name derived from the
249 public key of the Certification Authority (CA) to
250 ${sysconfdir}/ipsec.d/crls (stroke) or
251 ${sysconfdir}/swanctl/x509crl (vici), respectively.
252 charon.cert_cache [yes]
255 Whether relations in validated certificate chains should be
256 cached in memory.
257 charon.check_current_path [no]
260 By default, after detecting any changes to interfaces and/or ad‐
261 dresses no action is taken if the current path to the remote
262 peer still looks usable. Enabling this option will use DPD to
263 check if the path actually still works, or, for instance, the
264 peer removed the state after a longer phase without connectiv‐
265 ity. It will also trigger a MOBIKE update if NAT mappings were
266 removed during the downtime.
267 charon.cisco_flexvpn [no]
270 Send the Cisco FlexVPN vendor ID payload, which is required in
271 order to make Cisco brand devices allow negotiating a local
272 traffic selector (from strongSwan's point of view) that is not
273 the assigned virtual IP address if such an address is requested
274 by strongSwan. Sending the Cisco FlexVPN vendor ID prevents
275 the peer from narrowing the initiator's local traffic selector
276 and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0
277 instead. This has been tested with a "tunnel mode ipsec ipv4"
278 Cisco template but should also work for GRE encapsulation.
279 charon.cisco_unity [no]
282 Send Cisco Unity vendor ID payload (IKEv1 only).
283 charon.close_ike_on_child_failure [no]
286 Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH
287 failed.
288 charon.cookie_threshold [30]
291 Number of half-open IKE_SAs (including unprocessed IKE_SA_INITs)
292 that activate the cookie mechanism.
293 charon.cookie_threshold_ip [3]
296 Number of half-open IKE_SAs (including unprocessed IKE_SA_INITs)
297 for a single peer IP that activate the cookie mechanism.
298 charon.crypto_test.bench [no]
301 Benchmark crypto algorithms and order them by efficiency.
302 charon.crypto_test.bench_size [1024]
305 Buffer size used for crypto benchmark.
306 charon.crypto_test.bench_time [50]
309 Time in ms during which crypto algorithm performance is mea‐
310 sured.
311 charon.crypto_test.on_add [no]
314 Test crypto algorithms during registration (requires test vec‐
315 tors provided by the test-vectors plugin).
316 charon.crypto_test.on_create [no]
319 Test crypto algorithms on each crypto primitive instantiation.
320 charon.crypto_test.required [no]
323 Strictly require at least one test vector to enable an algo‐
324 rithm.
325 charon.crypto_test.rng_true [no]
328 Whether to test RNG with TRUE quality; requires a lot of en‐
329 tropy.
330 charon.delete_rekeyed [no]
333 Delete CHILD_SAs right after they got successfully rekeyed
334 (IKEv1 only). Reduces the number of stale CHILD_SAs in scenarios
335 with a lot of rekeyings. However, this might cause problems with
336 implementations that continue to use rekeyed SAs until they ex‐
337 pire.
338 charon.delete_rekeyed_delay [5]
341 Delay in seconds until inbound IPsec SAs are deleted after
342 rekeyings (IKEv2 only). To process delayed packets the inbound
343 part of a CHILD_SA is kept installed up to the configured number
344 of seconds after it got replaced during a rekeying. If set to 0
345 the CHILD_SA will be kept installed until it expires (if no
346 lifetime is set it will be destroyed immediately).
347 charon.dh_exponent_ansi_x9_42 [yes]
350 Use ANSI X9.42 DH exponent size or optimum size matched to cryp‐
351 tographic strength.
352 charon.dlopen_use_rtld_now [no]
355 Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to
356 reveal missing symbols immediately.
357 charon.dns1 []
360 DNS server assigned to peer via configuration payload (CP).
361 charon.dns2 []
364 DNS server assigned to peer via configuration payload (CP).
365 charon.dos_protection [yes]
368 Enable Denial of Service protection using cookies and aggres‐
369 siveness checks.
370 charon.filelog
373 Section to define file loggers, see LOGGER CONFIGURATION in
374 strongswan.conf(5).
375 charon.filelog.<name>
379 <name> may be the full path to the log file if it only contains
380 characters permitted in section names. Is ignored if path is
381 specified.
382 charon.filelog.<name>.<subsystem> [<default>]
385 Loglevel for a specific subsystem.
386 charon.filelog.<name>.append [yes]
389 If this option is enabled log entries are appended to the exist‐
390 ing file.
391 charon.filelog.<name>.default [1]
394 Specifies the default loglevel to be used for subsystems for
395 which no specific loglevel is defined.
396 charon.filelog.<name>.flush_line [no]
399 Enabling this option disables block buffering and enables line
400 buffering.
401 charon.filelog.<name>.ike_name [no]
404 Prefix each log entry with the connection name and a unique nu‐
405 merical identifier for each IKE_SA.
406 charon.filelog.<name>.log_level [no]
409 Add the log level of each message after the subsystem (e.g.
410 [IKE2]).
411 charon.filelog.<name>.path []
414 Optional path to the log file. Overrides the section name. Must
415 be used if the path contains characters that aren't allowed in
416 section names.
417 charon.filelog.<name>.time_add_ms [no]
420 Adds the milliseconds within the current second after the time‐
421 stamp (separated by a dot, so time_format should end with %S or
422 %T).
423 charon.filelog.<name>.time_format []
426 Prefix each log entry with a timestamp. The option accepts a
427 format string as passed to strftime(3).
428 charon.flush_auth_cfg [no]
432 If enabled objects used during authentication (certificates,
433 identities etc.) are released to free memory once an IKE_SA is
434 established. Enabling this might conflict with plugins that
435 later need access to e.g. the used certificates.
436 charon.follow_redirects [yes]
439 Whether to follow IKEv2 redirects (RFC 5685).
440 charon.force_eap_only_authentication [no]
443 Violate RFC 5998 and use EAP-only authentication even if the
444 peer did not send an EAP_ONLY_AUTHENTICATION notify during
445 IKE_AUTH.
446 charon.fragment_size [1280]
449 Maximum size (complete IP datagram size in bytes) of a sent IKE
450 fragment when using proprietary IKEv1 or standardized IKEv2
451 fragmentation, defaults to 1280 (use 0 for address family spe‐
452 cific default values, which uses a lower value for IPv4). If
453 specified this limit is used for both IPv4 and IPv6.
454 charon.group []
457 Name of the group the daemon changes to after startup.
458 charon.half_open_timeout [30]
461 Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT
462 DROPPING).
463 charon.hash_and_url [no]
466 Enable hash and URL support.
467 charon.host_resolver.max_threads [3]
470 Maximum number of concurrent resolver threads (they are termi‐
471 nated if unused).
472 charon.host_resolver.min_threads [0]
475 Minimum number of resolver threads to keep around.
476 charon.i_dont_care_about_security_and_use_aggressive_mode_psk [no]
479 If enabled responders are allowed to use IKEv1 Aggressive Mode
480 with pre-shared keys, which is discouraged due to security con‐
481 cerns (offline attacks on the openly transmitted hash of the
482 PSK).
483 charon.ignore_acquire_ts [no]
486 If this is disabled the traffic selectors from the kernel's ac‐
487 quire events, which are derived from the triggering packet, are
488 prepended to the traffic selectors from the configuration for
489 IKEv2 connection. By enabling this, such specific traffic selec‐
490 tors will be ignored and only the ones in the config will be
491 sent. This always happens for IKEv1 connections as the protocol
492 only supports one set of traffic selectors per CHILD_SA.
493 charon.ignore_routing_tables []
496 A space-separated list of routing tables to be excluded from
497 route lookups.
498 charon.ikesa_limit [0]
501 Maximum number of IKE_SAs that can be established at the same
502 time before new connection attempts are blocked.
503 charon.ikesa_table_segments [1]
506 Number of exclusively locked segments in the hash table.
507 charon.ikesa_table_size [1]
510 Size of the IKE_SA hash table.
511 charon.imcv
514 Defaults for options in this section can be configured in the
515 libimcv section.
516 charon.imcv.assessment_result [yes]
519 Whether IMVs send a standard IETF Assessment Result attribute.
520 charon.imcv.database []
523 Global IMV policy database URI. If it contains a password, make
524 sure to adjust the permissions of the config file accordingly.
525 charon.imcv.os_info.default_password_enabled [no]
528 Manually set whether a default password is enabled
529 charon.imcv.os_info.name []
532 Manually set the name of the client OS (e.g. Ubuntu).
533 charon.imcv.os_info.version []
536 Manually set the version of the client OS (e.g. 12.04 i686).
537 charon.imcv.policy_script [ipsec _imv_policy]
540 Script called for each TNC connection to generate IMV policies.
541 charon.inactivity_close_ike [no]
544 Whether to close IKE_SA if the only CHILD_SA closed due to inac‐
545 tivity.
546 charon.init_limit_half_open [0]
549 Limit new connections based on the current number of half open
550 IKE_SAs, see IKE_SA_INIT DROPPING in strongswan.conf(5).
551 charon.init_limit_job_load [0]
555 Limit new connections based on the number of jobs currently
556 queued for processing (see IKE_SA_INIT DROPPING).
557 charon.initiator_only [no]
560 Causes charon daemon to ignore IKE initiation requests.
561 charon.install_routes [yes]
564 Install routes into a separate routing table for established
565 IPsec tunnels.
566 charon.install_virtual_ip [yes]
569 Install virtual IP addresses.
570 charon.install_virtual_ip_on []
573 The name of the interface on which virtual IP addresses should
574 be installed. If not specified the addresses will be installed
575 on the outbound interface.
576 charon.integrity_test [no]
579 Check daemon, libstrongswan and plugin integrity at startup.
580 charon.interfaces_ignore []
583 A comma-separated list of network interfaces that should be ig‐
584 nored, if interfaces_use is specified this option has no effect.
585 charon.interfaces_use []
588 A comma-separated list of network interfaces that should be used
589 by charon. All other interfaces are ignored.
590 charon.keep_alive [20s]
593 NAT keep alive interval.
594 charon.keep_alive_dpd_margin [0s]
597 Number of seconds the keep alive interval may be exceeded before
598 a DPD is sent instead of a NAT keep alive (0 to disable). This
599 is only useful if a clock is used that includes time spent sus‐
600 pended (e.g. CLOCK_BOOTTIME).
601 charon.leak_detective.detailed [yes]
604 Includes source file names and line numbers in leak detective
605 output.
606 charon.leak_detective.usage_threshold [10240]
609 Threshold in bytes for allocations to be included in usage re‐
610 ports (0 to include all).
611 charon.leak_detective.usage_threshold_count [0]
614 Threshold in number of allocations for allocations to be in‐
615 cluded in usage reports (0 to include all).
616 charon.load []
619 Plugins to load in the IKE daemon charon.
620 charon.load_modular [no]
623 If enabled, the list of plugins to load is determined via the
624 value of the charon.plugins.<name>.load options. In addition to
625 a simple boolean flag that option may take an integer value in‐
626 dicating the priority of a plugin, which would influence the or‐
627 der of a plugin in the plugin list (the default is 1). If two
628 plugins have the same priority their order in the default plugin
629 list is preserved. Enabled plugins not found in that list are
630 ordered alphabetically before other plugins with the same prior‐
631 ity.
632 charon.make_before_break [no]
635 Initiate IKEv2 reauthentication with a make-before-break instead
636 of a break-before-make scheme. Make-before-break uses overlap‐
637 ping IKE and CHILD_SA during reauthentication by first recreat‐
638 ing all new SAs before deleting the old ones. This behavior can
639 be beneficial to avoid connectivity gaps during reauthentica‐
640 tion, but requires support for overlapping SAs by the peer.
641 strongSwan can handle such overlapping SAs since version 5.3.0.
642 charon.max_ikev1_exchanges [3]
645 Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep
646 state about and track concurrently.
647 charon.max_packet [10000]
650 Maximum packet size accepted by charon.
651 charon.multiple_authentication [yes]
654 Enable multiple authentication exchanges (RFC 4739).
655 charon.nbns1 []
658 WINS servers assigned to peer via configuration payload (CP).
659 charon.nbns2 []
662 WINS servers assigned to peer via configuration payload (CP).
663 charon.plugins.addrblock.depth [-1]
666 RFC3779 requires that all addrblocks claimed by a certificate
667 must be contained in the addrblock extension of the issuer cer‐
668 tificate, up to the root CA. The default depth setting of -1 en‐
669 forces this.
670 In practice, third party (root) CAs may not contain the exten‐
672 sion, making the addrblock extension unusable under such CAs. By
673 limiting the validation depth, only a certain level of issuer
674 certificates are validated for proper addrblock extensions: A
675 depth of 0 does not check any issuer certificate extensions, a
676 depth of 1 only the direct issuer of the end entity certificate
677 is checkend, and so on.
678 charon.plugins.addrblock.strict [yes]
681 If set to yes, a subject certificate without an addrblock exten‐
682 sion is rejected if the issuer certificate has such an addrblock
683 extension. If set to no, subject certificates issued without the
684 addrblock extension are accepted without any traffic selector
685 checks and no policy is enforced by the plugin.
686 charon.plugins.android_log.loglevel [1]
689 Loglevel for logging to Android specific logger.
690 charon.plugins.attr
693 Section to specify arbitrary attributes that are assigned to a
694 peer via configuration payload (CP).
695 charon.plugins.attr.<attr> []
698 <attr> can be either address, netmask, dns, nbns, dhcp, subnet,
699 split-include, split-exclude or the numeric identifier of the
700 attribute type. The assigned value can be an IPv4/IPv6 address,
701 a subnet in CIDR notation or an arbitrary value depending on the
702 attribute type. For some attribute types multiple values may be
703 specified as a comma separated list.
704 charon.plugins.attr-sql.crash_recovery [yes]
707 Release all online leases during startup. Disable this to share
708 the DB between multiple VPN gateways.
709 charon.plugins.attr-sql.database []
712 Database URI for attr-sql plugin used by charon. If it contains
713 a password, make sure to adjust the permissions of the config
714 file accordingly.
715 charon.plugins.attr-sql.lease_history [yes]
718 Enable logging of SQL IP pool leases.
719 charon.plugins.bliss.use_bliss_b [yes]
722 Use the enhanced BLISS-B key generation and signature algorithm.
723 charon.plugins.botan.internal_rng_only [no]
726 If enabled, only Botan's internal RNG will be used throughout
727 the plugin. Otherwise, and if supported by Botan, rng_t imple‐
728 mentations provided by other loaded plugins will be used as RNG.
729 charon.plugins.bypass-lan.interfaces_ignore []
732 A comma-separated list of network interfaces for which connected
733 subnets should be ignored, if interfaces_use is specified this
734 option has no effect.
735 charon.plugins.bypass-lan.interfaces_use []
738 A comma-separated list of network interfaces for which connected
739 subnets should be considered. All other interfaces are ignored.
740 charon.plugins.bypass-lan.load [no]
743 charon.plugins.certexpire.csv.cron []
745 Cron style string specifying CSV export times.
746 charon.plugins.certexpire.csv.empty_string []
749 String to use in empty intermediate CA fields.
750 charon.plugins.certexpire.csv.fixed_fields [yes]
753 Use a fixed intermediate CA field count.
754 charon.plugins.certexpire.csv.force [yes]
757 Force export of all trustchains we have a private key for.
758 charon.plugins.certexpire.csv.format [%d:%m:%Y]
761 strftime(3) format string to export expiration dates as.
762 charon.plugins.certexpire.csv.local []
765 strftime(3) format string for the CSV file name to export local
766 certificates to.
767 charon.plugins.certexpire.csv.remote []
770 strftime(3) format string for the CSV file name to export remote
771 certificates to.
772 charon.plugins.certexpire.csv.separator [,]
775 CSV field separator.
776 charon.plugins.coupling.file []
779 File to store coupling list to.
780 charon.plugins.coupling.hash [sha1]
783 Hashing algorithm to fingerprint coupled certificates.
784 charon.plugins.coupling.max [1]
787 Maximum number of coupling entries to create.
788 charon.plugins.curl.redir [-1]
791 Maximum number of redirects followed by the plugin, set to 0 to
792 disable following redirects, set to -1 for no limit.
793 charon.plugins.curl.tls_backend []
796 The SSL/TLS backend to configure in curl if multiple are avail‐
797 able (requires libcurl 7.56 or newer). A list of available op‐
798 tions is logged on level 2 if nothing is configured. Similar but
799 on level 1 if the selected backend isn't available.
800 charon.plugins.dhcp.force_server_address [no]
803 Always use the configured server address. This might be helpful
804 if the DHCP server runs on the same host as strongSwan, and the
805 DHCP daemon does not listen on the loopback interface. In that
806 case the server cannot be reached via unicast (or even
807 255.255.255.255) as that would be routed via loopback. Setting
808 this option to yes and configuring the local broadcast address
809 (e.g. 192.168.0.255) as server address might work.
810 charon.plugins.dhcp.identity_lease [no]
813 Derive user-defined MAC address from hash of IKE identity and
814 send client identity DHCP option.
815 charon.plugins.dhcp.interface []
818 Interface name the plugin uses for address allocation. The de‐
819 fault is to bind to any (0.0.0.0) and let the system decide
820 which way to route the packets to the DHCP server.
821 charon.plugins.dhcp.server [255.255.255.255]
824 DHCP server unicast or broadcast IP address.
825 charon.plugins.dhcp.use_server_port [no]
828 Use the DHCP server port (67) as source port, instead of the
829 DHCP client port (68), when a unicast server address is config‐
830 ured and the plugin acts as relay agent. When replying in this
831 mode the DHCP server will always send packets to the DHCP server
832 port and if no process binds that port an ICMP port unreachables
833 will be sent back, which might be problematic for some DHCP
834 servers. To avoid that, enabling this option will cause the
835 plugin to bind the DHCP server port to send its requests when
836 acting as relay agent. This is not necessary if a DHCP server is
837 already running on the same host and might even cause conflicts
838 (and since the server port is already bound, ICMPs should not be
839 an issue).
840 charon.plugins.dnscert.enable [no]
843 Enable fetching of CERT RRs via DNS.
844 charon.plugins.drbg.max_drbg_requests [4294967294]
847 Number of pseudo-random bit requests from the DRBG before an au‐
848 tomatic reseeding occurs.
849 charon.plugins.duplicheck.enable [yes]
852 Enable duplicheck plugin (if loaded).
853 charon.plugins.duplicheck.socket [unix://${piddir}/charon.dck]
856 Socket provided by the duplicheck plugin.
857 charon.plugins.eap-aka.request_identity [yes]
860 charon.plugins.eap-aka-3gpp.seq_check []
862 Enable to activate sequence check of the AKA SQN values in order
863 to trigger resync cycles.
864 charon.plugins.eap-aka-3gpp2.seq_check []
867 Enable to activate sequence check of the AKA SQN values in order
868 to trigger resync cycles.
869 charon.plugins.eap-dynamic.prefer_user [no]
872 If enabled the EAP methods proposed in an EAP-Nak message sent
873 by the peer are preferred over the methods registered locally.
874 charon.plugins.eap-dynamic.preferred []
877 The preferred EAP method(s) to be used. If it is not given the
878 first registered method will be used initially. If a comma sep‐
879 arated list is given the methods are tried in the given order
880 before trying the rest of the registered methods.
881 charon.plugins.eap-gtc.backend [pam]
884 XAuth backend to be used for credential verification.
885 charon.plugins.eap-peap.fragment_size [1024]
888 Maximum size of an EAP-PEAP packet.
889 charon.plugins.eap-peap.include_length [no]
892 Include length in non-fragmented EAP-PEAP packets.
893 charon.plugins.eap-peap.max_message_count [32]
896 Maximum number of processed EAP-PEAP packets (0 = no limit).
897 charon.plugins.eap-peap.phase2_method [mschapv2]
900 Phase2 EAP client authentication method.
901 charon.plugins.eap-peap.phase2_piggyback [no]
904 Phase2 EAP Identity request piggybacked by server onto TLS Fin‐
905 ished message, relevant only if TLS 1.2 or earlier is negoti‐
906 ated.
907 charon.plugins.eap-peap.phase2_tnc [no]
910 Start phase2 EAP TNC protocol after successful client authenti‐
911 cation.
912 charon.plugins.eap-peap.request_peer_auth [no]
915 Request peer authentication based on a client certificate.
916 charon.plugins.eap-radius.accounting [no]
919 Send RADIUS accounting information to RADIUS servers.
920 charon.plugins.eap-radius.accounting_close_on_timeout [yes]
923 Close the IKE_SA if there is a timeout during interim RADIUS ac‐
924 counting updates.
925 charon.plugins.eap-radius.accounting_interval [0s]
928 Interval in seconds for interim RADIUS accounting updates, if
929 not specified by the RADIUS server in the Access-Accept message.
930 charon.plugins.eap-radius.accounting_requires_vip [no]
933 If enabled, accounting is disabled unless an IKE_SA has at least
934 one virtual IP. Only for IKEv2, for IKEv1 a virtual IP is
935 strictly necessary.
936 charon.plugins.eap-radius.accounting_send_class [no]
939 If enabled, adds the Class attributes received in Access-Accept
940 message to the RADIUS accounting messages.
941 charon.plugins.eap-radius.class_group [no]
944 Use the class attribute sent in the RADIUS-Accept message as
945 group membership information that is compared to the groups
946 specified in the rightgroups option in ipsec.conf(5).
947 charon.plugins.eap-radius.close_all_on_timeout [no]
951 Closes all IKE_SAs if communication with the RADIUS server times
952 out. If it is not set only the current IKE_SA is closed.
953 charon.plugins.eap-radius.dae.enable [no]
956 Enables support for the Dynamic Authorization Extension (RFC
957 5176).
958 charon.plugins.eap-radius.dae.listen [0.0.0.0]
961 Address to listen for DAE messages from the RADIUS server.
962 charon.plugins.eap-radius.dae.port [3799]
965 Port to listen for DAE requests.
966 charon.plugins.eap-radius.dae.secret []
969 Shared secret used to verify/sign DAE messages. If set, make
970 sure to adjust the permissions of the config file accordingly.
971 charon.plugins.eap-radius.eap_start [no]
974 Send EAP-Start instead of EAP-Identity to start RADIUS conversa‐
975 tion.
976 charon.plugins.eap-radius.filter_id [no]
979 If the RADIUS tunnel_type attribute with value ESP is received,
980 use the filter_id attribute sent in the RADIUS-Accept message as
981 group membership information that is compared to the groups
982 specified in the rightgroups option in ipsec.conf(5).
983 charon.plugins.eap-radius.forward.ike_to_radius []
987 RADIUS attributes to be forwarded from IKEv2 to RADIUS (can be
988 defined by name or attribute number, a colon can be used to
989 specify vendor-specific attributes, e.g. Reply-Message, or 11,
990 or 36906:12).
991 charon.plugins.eap-radius.forward.radius_to_ike []
994 Same as charon.plugins.eap-radius.forward.ike_to_radius but from
995 RADIUS to IKEv2, a strongSwan specific private notify (40969) is
996 used to transmit the attributes.
997 charon.plugins.eap-radius.id_prefix []
1000 Prefix to EAP-Identity, some AAA servers use a IMSI prefix to
1001 select the EAP method.
1002 charon.plugins.eap-radius.nas_identifier [strongSwan]
1005 NAS-Identifier to include in RADIUS messages.
1006 charon.plugins.eap-radius.port [1812]
1009 Port of RADIUS server (authentication).
1010 charon.plugins.eap-radius.retransmit_base [1.4]
1013 Base to use for calculating exponential back off.
1014 charon.plugins.eap-radius.retransmit_timeout [2.0]
1017 Timeout in seconds before sending first retransmit.
1018 charon.plugins.eap-radius.retransmit_tries [4]
1021 Number of times to retransmit a packet before giving up.
1022 charon.plugins.eap-radius.secret []
1025 Shared secret between RADIUS and NAS. If set, make sure to ad‐
1026 just the permissions of the config file accordingly.
1027 charon.plugins.eap-radius.server []
1030 IP/Hostname of RADIUS server.
1031 charon.plugins.eap-radius.servers
1034 Section to specify multiple RADIUS servers. The nas_identifier,
1035 secret, sockets and port (or auth_port) options can be specified
1036 for each server. A server's IP/Hostname can be configured using
1037 the address option. The acct_port [1813] option can be used to
1038 specify the port used for RADIUS accounting. For each RADIUS
1039 server a priority can be specified using the preference [0] op‐
1040 tion. The retransmission time for each server can set set using
1041 retransmit_base, retransmit_timeout and retransmit_tries.
1042 charon.plugins.eap-radius.sockets [1]
1046 Number of sockets (ports) to use, increase for high load.
1047 charon.plugins.eap-radius.station_id_with_port [yes]
1050 Whether to include the UDP port in the Called- and Calling-Sta‐
1051 tion-Id RADIUS attributes.
1052 charon.plugins.eap-radius.xauth
1055 Section to configure multiple XAuth authentication rounds via
1056 RADIUS. The subsections define so called authentication profiles
1057 with arbitrary names. In each profile section one or more XAuth
1058 types can be configured, with an assigned message. For each type
1059 a separate XAuth exchange will be initiated and all replies get
1060 concatenated into the User-Password attribute, which then gets
1061 verified over RADIUS.
1062 Available XAuth types are password, passcode, nextpin, and an‐
1064 swer. This type is not relevant to strongSwan or the AAA
1065 server, but the client may show a different dialog (along with
1066 the configured message).
1067 To use the configured profiles, they have to be configured in
1069 the respective connection in ipsec.conf(5) by appending the pro‐
1070 file name, separated by a colon, to the xauth-radius XAauth
1071 backend configuration in rightauth or rightauth2, for instance,
1072 rightauth2=xauth-radius:profile.
1073 charon.plugins.eap-sim.request_identity [yes]
1077 charon.plugins.eap-simaka-sql.database []
1079 charon.plugins.eap-simaka-sql.remove_used [no]
1081 charon.plugins.eap-tls.fragment_size [1024]
1083 Maximum size of an EAP-TLS packet.
1084 charon.plugins.eap-tls.include_length [yes]
1087 Include length in non-fragmented EAP-TLS packets.
1088 charon.plugins.eap-tls.max_message_count [32]
1091 Maximum number of processed EAP-TLS packets (0 = no limit).
1092 charon.plugins.eap-tnc.max_message_count [10]
1095 Maximum number of processed EAP-TNC packets (0 = no limit).
1096 charon.plugins.eap-tnc.protocol [tnccs-2.0]
1099 IF-TNCCS protocol version to be used (tnccs-1.1, tnccs-2.0,
1100 tnccs-dynamic).
1101 charon.plugins.eap-ttls.fragment_size [1024]
1105 Maximum size of an EAP-TTLS packet.
1106 charon.plugins.eap-ttls.include_length [yes]
1109 Include length in non-fragmented EAP-TTLS packets.
1110 charon.plugins.eap-ttls.max_message_count [32]
1113 Maximum number of processed EAP-TTLS packets (0 = no limit).
1114 charon.plugins.eap-ttls.phase2_method [md5]
1117 Phase2 EAP client authentication method.
1118 charon.plugins.eap-ttls.phase2_piggyback [no]
1121 Phase2 EAP Identity request piggybacked by server onto TLS Fin‐
1122 ished message.
1123 charon.plugins.eap-ttls.phase2_tnc [no]
1126 Start phase2 EAP TNC protocol after successful client authenti‐
1127 cation.
1128 charon.plugins.eap-ttls.phase2_tnc_method [pt]
1131 Phase2 EAP TNC transport protocol (pt as IETF standard or legacy
1132 tnc)
1133 charon.plugins.eap-ttls.request_peer_auth [no]
1137 Request peer authentication based on a client certificate.
1138 charon.plugins.error-notify.socket [unix://${piddir}/charon.enfy]
1141 Socket provided by the error-notify plugin.
1142 charon.plugins.ext-auth.script []
1145 Command to pass to the system shell for peer authorization. Au‐
1146 thorization is considered successful if the command executes
1147 normally with an exit code of zero. For all other exit codes
1148 IKE_SA authorization is rejected.
1149 The following environment variables get passed to the script:
1151 IKE_UNIQUE_ID: The IKE_SA numerical unique identifier.
1152 IKE_NAME: The peer configuration connection name. IKE_LO‐
1153 CAL_HOST: Local IKE IP address. IKE_REMOTE_HOST: Remote IKE IP
1154 address. IKE_LOCAL_ID: Local IKE identity. IKE_REMOTE_ID: Re‐
1155 mote IKE identity. IKE_REMOTE_EAP_ID: Remote EAP or XAuth iden‐
1156 tity, if used.
1157 charon.plugins.forecast.groups
1160 [224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250]
1161 Comma separated list of multicast groups to join locally. The
1162 local host receives and forwards packets in the local LAN for
1163 joined multicast groups only. Packets matching the list of mul‐
1164 ticast groups get forwarded to connected clients. The default
1165 group includes host multicasts, IGMP, mDNS, LLMNR and
1166 SSDP/WS-Discovery, and is usually a good choice for Windows
1167 clients.
1168 charon.plugins.forecast.interface []
1171 Name of the local interface to listen for broadcasts messages to
1172 forward. If no interface is configured, the first usable inter‐
1173 face is used, which is usually just fine for single-homed hosts.
1174 If your host has multiple interfaces, set this option to the lo‐
1175 cal LAN interface you want to forward broadcasts from/to.
1176 charon.plugins.forecast.reinject []
1179 Comma separated list of CHILD_SA configuration names for which
1180 to perform multi/broadcast reinjection. For clients connecting
1181 over such a configuration, any multi/broadcast received over the
1182 tunnel gets reinjected to all active tunnels. This makes the
1183 broadcasts visible to other peers, and for examples allows
1184 clients to see others shares. If disabled, multi/broadcast mes‐
1185 sages received over a tunnel are injected to the local network
1186 only, but not to other IPsec clients.
1187 charon.plugins.gcrypt.quick_random [no]
1190 Use faster random numbers in gcrypt; for testing only, produces
1191 weak keys!
1192 charon.plugins.ha.autobalance [0]
1195 Interval in seconds to automatically balance handled segments
1196 between nodes. Set to 0 to disable.
1197 charon.plugins.ha.buflen [2048]
1200 Buffer size for received HA messages. For IKEv1 the public DH
1201 factors are also transmitted so depending on the DH group the HA
1202 messages can get quite big (the default should be fine up to
1203 modp4096).
1204 charon.plugins.ha.fifo_interface [yes]
1208 charon.plugins.ha.heartbeat_delay [1000]
1210 charon.plugins.ha.heartbeat_timeout [2100]
1212 charon.plugins.ha.local []
1214 charon.plugins.ha.monitor [yes]
1216 charon.plugins.ha.pools []
1218 charon.plugins.ha.remote []
1220 charon.plugins.ha.resync [yes]
1222 charon.plugins.ha.secret []
1224 charon.plugins.ha.segment_count [1]
1226 charon.plugins.ipseckey.enable [no]
1228 Enable fetching of IPSECKEY RRs via DNS.
1229 charon.plugins.kernel-libipsec.allow_peer_ts [no]
1232 Allow that the remote traffic selector equals the IKE peer. The
1233 route installed for such traffic (via TUN device) usually pre‐
1234 vents further IKE traffic. The fwmark options for the ker‐
1235 nel-netlink and socket-default plugins can be used to circumvent
1236 that problem.
1237 charon.plugins.kernel-libipsec.fwmark [charon.plugins.socket-de‐
1240 fault.fwmark]
1241 Firewall mark to set on outbound raw ESP packets.
1242 charon.plugins.kernel-libipsec.raw_esp [no]
1245 Whether to send and receive ESP packets without UDP encapsula‐
1246 tion if supported on this platform and no NAT is detected.
1247 charon.plugins.kernel-netlink.buflen [<min(PAGE_SIZE, 8192)>]
1250 Buffer size for received Netlink messages.
1251 charon.plugins.kernel-netlink.force_receive_buffer_size [no]
1254 If the maximum Netlink socket receive buffer in bytes set by re‐
1255 ceive_buffer_size exceeds the system-wide maximum from
1256 /proc/sys/net/core/rmem_max, this option can be used to override
1257 the limit. Enabling this option requires special privileges
1258 (CAP_NET_ADMIN).
1259 charon.plugins.kernel-netlink.fwmark []
1262 Firewall mark to set on the routing rule that directs traffic to
1263 our routing table. The format is [!]mark[/mask], where the op‐
1264 tional exclamation mark inverts the meaning (i.e. the rule only
1265 applies to packets that don't match the mark).
1266 charon.plugins.kernel-netlink.hw_offload_feature_interface [lo]
1269 If the kernel supports hardware offloading, the plugin needs to
1270 find the feature flag which represents hardware offloading sup‐
1271 port for network devices. Using the loopback device for this
1272 purpose is usually fine, since it should always be present. For
1273 rare cases in which the loopback device cannot be used to obtain
1274 the appropriate feature flag, this option can be used to specify
1275 an alternative interface for offload feature detection.
1276 charon.plugins.kernel-netlink.ignore_retransmit_errors [no]
1279 Whether to ignore errors potentially resulting from a retrans‐
1280 mission.
1281 charon.plugins.kernel-netlink.install_routes_xfrmi [no]
1284 Whether routes via XFRM interfaces are automatically installed
1285 for SAs that reference such an interface via if_id_out. If the
1286 traffic selectors include the IKE traffic to the peer, this re‐
1287 quires special care (e.g. installing bypass policies and/or
1288 routes, or setting a mark on the IKE socket and excluding such
1289 packets from the configured routing table via fwmark option).
1290 charon.plugins.kernel-netlink.mss [0]
1293 MSS to set on installed routes, 0 to disable.
1294 charon.plugins.kernel-netlink.mtu [0]
1297 MTU to set on installed routes, 0 to disable.
1298 charon.plugins.kernel-netlink.parallel_route [no]
1301 Whether to perform concurrent Netlink ROUTE queries on a single
1302 socket. While parallel queries can improve throughput, it has
1303 more overhead. On vanilla Linux, DUMP queries fail with EBUSY
1304 and must be retried, further decreasing performance.
1305 charon.plugins.kernel-netlink.parallel_xfrm [no]
1308 Whether to perform concurrent Netlink XFRM queries on a single
1309 socket.
1310 charon.plugins.kernel-netlink.policy_update [no]
1313 Whether to always use XFRM_MSG_UPDPOLICY to install policies.
1314 charon.plugins.kernel-netlink.port_bypass [no]
1317 Whether to use port or socket based IKE XFRM bypass policies.
1318 IKE bypass policies are used to exempt IKE traffic from XFRM
1319 processing. The default socket based policies are directly tied
1320 to the IKE UDP sockets, port based policies use global XFRM by‐
1321 pass policies for the used IKE UDP ports.
1322 charon.plugins.kernel-netlink.process_rules [no]
1325 Whether to process changes in routing rules to trigger roam
1326 events. This is currently only useful if the kernel based route
1327 lookup is used (i.e. if route installation is disabled or an in‐
1328 verted fwmark match is configured).
1329 charon.plugins.kernel-netlink.receive_buffer_size [0]
1332 Maximum Netlink socket receive buffer in bytes. This value con‐
1333 trols how many bytes of Netlink messages can be received on a
1334 Netlink socket. The default value is set by
1335 /proc/sys/net/core/rmem_default. The specified value cannot ex‐
1336 ceed the system-wide maximum from /proc/sys/net/core/rmem_max,
1337 unless force_receive_buffer_size is enabled.
1338 charon.plugins.kernel-netlink.retries [0]
1341 Number of Netlink message retransmissions to send on timeout.
1342 charon.plugins.kernel-netlink.roam_events [yes]
1345 Whether to trigger roam events when interfaces, addresses or
1346 routes change.
1347 charon.plugins.kernel-netlink.set_proto_port_transport_sa [no]
1350 Whether to set protocol and ports in the selector installed on
1351 transport mode IPsec SAs in the kernel. While doing so enforces
1352 policies for inbound traffic, it also prevents the use of a sin‐
1353 gle IPsec SA by more than one traffic selector.
1354 charon.plugins.kernel-netlink.spdh_thresh
1357 XFRM policy hashing threshold configuration for IPv4 and IPv6.
1358 The section defines hashing thresholds to configure in the ker‐
1360 nel during daemon startup. Each address family takes a threshold
1361 for the local subnet of an IPsec policy (src in out-policies,
1362 dst in in- and forward-policies) and the remote subnet (dst in
1363 out-policies, src in in- and forward-policies).
1364 If the subnet has more or equal net bits than the threshold, the
1366 first threshold bits are used to calculate a hash to lookup the
1367 policy.
1368 Policy hashing thresholds are not supported before Linux 3.18
1370 and might conflict with socket policies before Linux 4.8.
1371 charon.plugins.kernel-netlink.spdh_thresh.ipv4.lbits [32]
1374 Local subnet XFRM policy hashing threshold for IPv4.
1375 charon.plugins.kernel-netlink.spdh_thresh.ipv4.rbits [32]
1378 Remote subnet XFRM policy hashing threshold for IPv4.
1379 charon.plugins.kernel-netlink.spdh_thresh.ipv6.lbits [128]
1382 Local subnet XFRM policy hashing threshold for IPv6.
1383 charon.plugins.kernel-netlink.spdh_thresh.ipv6.rbits [128]
1386 Remote subnet XFRM policy hashing threshold for IPv6.
1387 charon.plugins.kernel-netlink.timeout [0]
1390 Netlink message retransmission timeout, 0 to disable retransmis‐
1391 sions.
1392 charon.plugins.kernel-netlink.xfrm_acq_expires [165]
1395 Lifetime of XFRM acquire state created by the kernel when traf‐
1396 fic matches a trap policy. The value gets written to
1397 /proc/sys/net/core/xfrm_acq_expires. Indirectly controls the
1398 delay between XFRM acquire messages triggered by the kernel for
1399 a trap policy. The same value is used as timeout for SPIs allo‐
1400 cated by the kernel. The default value equals the total re‐
1401 transmission timeout for IKE messages, see IKEv2 RETRANSMISSION
1402 in strongswan.conf(5).
1403 charon.plugins.kernel-pfkey.events_buffer_size [0]
1407 Size of the receive buffer for the event socket (0 for default
1408 size). Because events are received asynchronously installing
1409 e.g. lots of policies may require a larger buffer than the de‐
1410 fault on certain platforms in order to receive all messages.
1411 charon.plugins.kernel-pfkey.route_via_internal [no]
1414 Whether to use the internal or external interface in installed
1415 routes. The internal interface is the one where the IP address
1416 contained in the local traffic selector is located, the external
1417 interface is the one over which the destination address of the
1418 IPsec tunnel can be reached. This is not relevant if virtual IPs
1419 are used, for which a TUN device is created that's used in the
1420 routes.
1421 charon.plugins.kernel-pfroute.mtu [1400]
1424 MTU to set on TUN devices created for virtual IPs.
1425 charon.plugins.kernel-pfroute.vip_wait [1000]
1428 Time in ms to wait until virtual IP addresses appear/disappear
1429 before failing.
1430 charon.plugins.led.activity_led []
1433 charon.plugins.led.blink_time [50]
1435 charon.plugins.load-tester
1437 Section to configure the load-tester plugin, see LOAD TESTS in
1438 strongswan.conf(5) for details.
1439 charon.plugins.load-tester.addrs
1442 Section that contains key/value pairs with address pools (in
1443 CIDR notation) to use for a specific network interface e.g. eth0
1444 = 10.10.0.0/16.
1445 charon.plugins.load-tester.addrs_keep [no]
1448 Whether to keep dynamic addresses even after the associated SA
1449 got terminated.
1450 charon.plugins.load-tester.addrs_prefix [16]
1453 Network prefix length to use when installing dynamic addresses.
1454 If set to -1 the full address is used (i.e. 32 or 128).
1455 charon.plugins.load-tester.ca_dir []
1458 Directory to load (intermediate) CA certificates from.
1459 charon.plugins.load-tester.child_rekey [600]
1462 Seconds to start CHILD_SA rekeying after setup.
1463 charon.plugins.load-tester.crl []
1466 URI to a CRL to include as certificate distribution point in
1467 generated certificates.
1468 charon.plugins.load-tester.delay [0]
1471 Delay between initiations for each thread.
1472 charon.plugins.load-tester.delete_after_established [no]
1475 Delete an IKE_SA as soon as it has been established.
1476 charon.plugins.load-tester.digest [sha1]
1479 Digest algorithm used when issuing certificates.
1480 charon.plugins.load-tester.dpd_delay [0]
1483 DPD delay to use in load test.
1484 charon.plugins.load-tester.dynamic_port [0]
1487 Base port to be used for requests (each client uses a different
1488 port).
1489 charon.plugins.load-tester.eap_password [default-pwd]
1492 EAP secret to use in load test.
1493 charon.plugins.load-tester.enable [no]
1496 Enable the load testing plugin. WARNING: Never enable this
1497 plugin on productive systems. It provides preconfigured creden‐
1498 tials and allows an attacker to authenticate as any user.
1499 charon.plugins.load-tester.esp [aes128-sha1]
1502 CHILD_SA proposal to use for load tests.
1503 charon.plugins.load-tester.fake_kernel [no]
1506 Fake the kernel interface to allow load-testing against self.
1507 charon.plugins.load-tester.ike_rekey [0]
1510 Seconds to start IKE_SA rekeying after setup.
1511 charon.plugins.load-tester.init_limit [0]
1514 Global limit of concurrently established SAs during load test.
1515 charon.plugins.load-tester.initiator [0.0.0.0]
1518 Address to initiate from.
1519 charon.plugins.load-tester.initiator_auth [pubkey]
1522 Authentication method(s) the initiator uses.
1523 charon.plugins.load-tester.initiator_id []
1526 Initiator ID used in load test.
1527 charon.plugins.load-tester.initiator_match []
1530 Initiator ID to match against as responder.
1531 charon.plugins.load-tester.initiator_tsi []
1534 Traffic selector on initiator side, as proposed by initiator.
1535 charon.plugins.load-tester.initiator_tsr []
1538 Traffic selector on responder side, as proposed by initiator.
1539 charon.plugins.load-tester.initiators [0]
1542 Number of concurrent initiator threads to use in load test.
1543 charon.plugins.load-tester.issuer_cert []
1546 Path to the issuer certificate (if not configured a hard-coded
1547 default value is used).
1548 charon.plugins.load-tester.issuer_key []
1551 Path to private key that is used to issue certificates (if not
1552 configured a hard-coded default value is used).
1553 charon.plugins.load-tester.iterations [1]
1556 Number of IKE_SAs to initiate by each initiator in load test.
1557 charon.plugins.load-tester.mode [tunnel]
1560 IPsec mode to use, one of tunnel, transport, or beet.
1561 charon.plugins.load-tester.pool []
1565 Provide INTERNAL_IPV4_ADDRs from a named pool.
1566 charon.plugins.load-tester.preshared_key [<default-psk>]
1569 Preshared key to use in load test.
1570 charon.plugins.load-tester.proposal [aes128-sha1-modp768]
1573 IKE proposal to use in load test.
1574 charon.plugins.load-tester.request_virtual_ip [no]
1577 Request an INTERNAL_IPV4_ADDR and INTERNAL_IPV6_ADDR from the
1578 server.
1579 charon.plugins.load-tester.responder [127.0.0.1]
1582 Address to initiation connections to.
1583 charon.plugins.load-tester.responder_auth [pubkey]
1586 Authentication method(s) the responder uses.
1587 charon.plugins.load-tester.responder_id []
1590 Responder ID used in load test.
1591 charon.plugins.load-tester.responder_tsi [initiator_tsi]
1594 Traffic selector on initiator side, as narrowed by responder.
1595 charon.plugins.load-tester.responder_tsr [initiator_tsr]
1598 Traffic selector on responder side, as narrowed by responder.
1599 charon.plugins.load-tester.shutdown_when_complete [no]
1602 Shutdown the daemon after all IKE_SAs have been established.
1603 charon.plugins.load-tester.socket [unix://${piddir}/charon.ldt]
1606 Socket provided by the load-tester plugin.
1607 charon.plugins.load-tester.version [0]
1610 IKE version to use (0 means use IKEv2 as initiator and accept
1611 any version as responder).
1612 charon.plugins.lookip.socket [unix://${piddir}/charon.lkp]
1615 Socket provided by the lookip plugin.
1616 charon.plugins.ntru.parameter_set [optimum]
1619 The following parameter sets are available: x9_98_speed,
1620 x9_98_bandwidth, x9_98_balance and optimum, the last set not be‐
1621 ing part of the X9.98 standard but having the best performance.
1622 charon.plugins.openssl.engine_id [pkcs11]
1625 ENGINE ID to use in the OpenSSL plugin.
1626 charon.plugins.openssl.fips_mode [0]
1629 Set OpenSSL FIPS mode. With OpenSSL before 3.0, the supported
1630 values are disabled(0), enabled(1) and Suite B enabled(2). With
1631 OpenSSL 3+, any value other than 0 will explicitly load the fips
1632 and base providers (load_legacy will be ignored). The latter
1633 still requires the config in fipsmodule.cnf (e.g. for the mod‐
1634 ule's MAC), but allows explicitly loading the provider if it's
1635 not activated in that config.
1636 charon.plugins.openssl.load_legacy [yes]
1639 Load the legacy provider in OpenSSL 3+ for algorithms like MD4,
1640 DES, or Blowfish (the first two are required for EAP-MSCHAPv2).
1641 If disabled, the default provider is loaded, or those configured
1642 in the OpenSSL config (e.g. the fips provider).
1643 charon.plugins.osx-attr.append [yes]
1646 Whether DNS servers are appended to existing entries, instead of
1647 replacing them.
1648 charon.plugins.p-cscf.enable
1651 Section to enable requesting P-CSCF server addresses for indi‐
1652 vidual connections.
1653 charon.plugins.p-cscf.enable.<conn> [no]
1656 <conn> is the name of a connection with an ePDG from which to
1657 request P-CSCF server addresses. Requests will be sent for ad‐
1658 dresses of the same families for which internal IPs are re‐
1659 quested.
1660 charon.plugins.pkcs11.modules
1663 List of available PKCS#11 modules.
1664 charon.plugins.pkcs11.modules.<name>.load_certs [yes]
1667 Whether to automatically load certificates from tokens.
1668 charon.plugins.pkcs11.modules.<name>.os_locking [no]
1671 Whether OS locking should be enabled for this module.
1672 charon.plugins.pkcs11.modules.<name>.path []
1675 Full path to the shared object file of this PKCS#11 module.
1676 charon.plugins.pkcs11.reload_certs [no]
1679 Reload certificates from all tokens if charon receives a SIGHUP.
1680 charon.plugins.pkcs11.use_dh [no]
1683 Whether the PKCS#11 modules should be used for DH and ECDH (see
1684 use_ecc option).
1685 charon.plugins.pkcs11.use_ecc [no]
1688 Whether the PKCS#11 modules should be used for ECDH and ECDSA
1689 public key operations. ECDSA private keys can be used regardless
1690 of this option.
1691 charon.plugins.pkcs11.use_hasher [no]
1694 Whether the PKCS#11 modules should be used to hash data.
1695 charon.plugins.pkcs11.use_pubkey [no]
1698 Whether the PKCS#11 modules should be used for public key opera‐
1699 tions, even for keys not stored on tokens.
1700 charon.plugins.pkcs11.use_rng [no]
1703 Whether the PKCS#11 modules should be used as RNG.
1704 charon.plugins.radattr.dir []
1707 Directory where RADIUS attributes are stored in client-ID spe‐
1708 cific files.
1709 charon.plugins.radattr.message_id [-1]
1712 Attributes are added to all IKE_AUTH messages by default (-1),
1713 or only to the IKE_AUTH message with the given IKEv2 message ID.
1714 charon.plugins.random.random [${random_device}]
1717 File to read random bytes from.
1718 charon.plugins.random.strong_equals_true [no]
1721 If set to yes the RNG_STRONG class reads random bytes from the
1722 same source as the RNG_TRUE class.
1723 charon.plugins.random.urandom [${urandom_device}]
1726 File to read pseudo random bytes from.
1727 charon.plugins.resolve.file [/etc/resolv.conf]
1730 File where to add DNS server entries if not using resolvconf(8).
1731 charon.plugins.resolve.resolvconf.iface [lo.ipsec]
1734 The interface name and protocol sent to resolvconf(8). This has
1735 to be a valid interface name according to the rules defined by
1736 resolvconf. Also, it should have a high priority according to
1737 the order defined in interface-order(5) if relevant on the sys‐
1738 tem.
1739 charon.plugins.resolve.resolvconf.path [/sbin/resolvconf]
1742 Path/command for resolvconf(8). The command is executed by a
1743 shell, so "resolvconf" will work if it's in $PATH of the daemon.
1744 If not configured, resolvconf(8) will be used if found at the
1746 default location. Otherwise, the file in charon.plugins.re‐
1747 solve.file will be modified directly.
1748 charon.plugins.revocation.enable_crl [yes]
1751 Whether CRL validation should be enabled.
1752 charon.plugins.revocation.enable_ocsp [yes]
1755 Whether OCSP validation should be enabled.
1756 charon.plugins.revocation.timeout [10s]
1759 Timeout used when fetching OCSP/CRL.
1760 charon.plugins.save-keys.esp [no]
1763 Whether to save ESP keys.
1764 charon.plugins.save-keys.ike [no]
1767 Whether to save IKE keys.
1768 charon.plugins.save-keys.load [no]
1771 Whether to load the plugin.
1772 charon.plugins.save-keys.wireshark_keys []
1775 Directory where the keys are stored in the format supported by
1776 Wireshark. IKEv1 keys are stored in the ikev1_decryption_table
1777 file. IKEv2 keys are stored in the ikev2_decryption_table file.
1778 Keys for ESP CHILD_SAs are stored in the esp_sa file.
1779 charon.plugins.socket-default.fwmark []
1782 Firewall mark to set on outbound packets.
1783 charon.plugins.socket-default.set_source [yes]
1786 Set source address on outbound packets, if possible.
1787 charon.plugins.socket-default.set_sourceif [no]
1790 Force sending interface on outbound packets, if possible. This
1791 allows using IPv6 link-local addresses as tunnel endpoints.
1792 charon.plugins.socket-default.use_ipv4 [yes]
1795 Listen on IPv4, if possible.
1796 charon.plugins.socket-default.use_ipv6 [yes]
1799 Listen on IPv6, if possible.
1800 charon.plugins.sql.database []
1803 Database URI for charon's SQL plugin. If it contains a password,
1804 make sure to adjust the permissions of the config file accord‐
1805 ingly.
1806 charon.plugins.sql.loglevel [-1]
1809 Loglevel for logging to SQL database.
1810 charon.plugins.stroke.allow_swap [yes]
1813 Analyze addresses/hostnames in left|right to detect which side
1814 is local and swap configuration options if necessary. If dis‐
1815 abled left is always local.
1816 charon.plugins.stroke.ignore_missing_ca_basic_constraint [no]
1820 Treat certificates in ipsec.d/cacerts and ipsec.conf ca sections
1821 as CA certificates even if they don't contain a CA basic con‐
1822 straint.
1823 charon.plugins.stroke.max_concurrent [4]
1826 Maximum number of stroke messages handled concurrently.
1827 charon.plugins.stroke.prevent_loglevel_changes [no]
1830 If enabled log level changes via stroke socket are not allowed.
1831 charon.plugins.stroke.secrets_file [${sysconfdir}/ipsec.secrets]
1834 Location of the ipsec.secrets file
1835 charon.plugins.stroke.socket [unix://${piddir}/charon.ctl]
1838 Socket provided by the stroke plugin.
1839 charon.plugins.stroke.timeout [0]
1842 Timeout in ms for any stroke command. Use 0 to disable the time‐
1843 out.
1844 charon.plugins.systime-fix.interval [0]
1847 Interval in seconds to check system time for validity. 0 dis‐
1848 ables the check.
1849 charon.plugins.systime-fix.reauth [no]
1852 Whether to use reauth or delete if an invalid cert lifetime is
1853 detected.
1854 charon.plugins.systime-fix.threshold []
1857 Threshold date where system time is considered valid. Disabled
1858 if not specified.
1859 charon.plugins.systime-fix.threshold_format [%Y]
1862 strptime(3) format used to parse threshold option.
1863 charon.plugins.systime-fix.timeout [0s]
1866 How long to wait for a valid system time if an interval is con‐
1867 figured. 0 to recheck indefinitely.
1868 charon.plugins.tnc-ifmap.client_cert []
1871 Path to X.509 certificate file of IF-MAP client.
1872 charon.plugins.tnc-ifmap.client_key []
1875 Path to private key file of IF-MAP client.
1876 charon.plugins.tnc-ifmap.device_name []
1879 Unique name of strongSwan server as a PEP and/or PDP device.
1880 charon.plugins.tnc-ifmap.renew_session_interval [150]
1883 Interval in seconds between periodic IF-MAP RenewSession re‐
1884 quests.
1885 charon.plugins.tnc-ifmap.server_cert []
1888 Path to X.509 certificate file of IF-MAP server.
1889 charon.plugins.tnc-ifmap.server_uri [https://localhost:8444/imap]
1892 URI of the form [https://]servername[:port][/path].
1893 charon.plugins.tnc-ifmap.username_password []
1896 Credentials of IF-MAP client of the form username:password. If
1897 set, make sure to adjust the permissions of the config file ac‐
1898 cordingly.
1899 charon.plugins.tnc-imc.dlclose [yes]
1902 Unload IMC after use.
1903 charon.plugins.tnc-imc.preferred_language [en]
1906 Preferred language for TNC recommendations.
1907 charon.plugins.tnc-imv.dlclose [yes]
1910 Unload IMV after use.
1911 charon.plugins.tnc-imv.recommendation_policy [default]
1914 TNC recommendation policy, one of default, any, or all.
1915 charon.plugins.tnc-pdp.pt_tls.enable [yes]
1919 Enable PT-TLS protocol on the strongSwan PDP.
1920 charon.plugins.tnc-pdp.pt_tls.port [271]
1923 PT-TLS server port the strongSwan PDP is listening on.
1924 charon.plugins.tnc-pdp.radius.enable [yes]
1927 Enable RADIUS protocol on the strongSwan PDP.
1928 charon.plugins.tnc-pdp.radius.method [ttls]
1931 EAP tunnel method to be used.
1932 charon.plugins.tnc-pdp.radius.port [1812]
1935 RADIUS server port the strongSwan PDP is listening on.
1936 charon.plugins.tnc-pdp.radius.secret []
1939 Shared RADIUS secret between strongSwan PDP and NAS. If set,
1940 make sure to adjust the permissions of the config file accord‐
1941 ingly.
1942 charon.plugins.tnc-pdp.server []
1945 Name of the strongSwan PDP as contained in the AAA certificate.
1946 charon.plugins.tnc-pdp.timeout []
1949 Timeout in seconds before closing incomplete connections.
1950 charon.plugins.tnccs-11.max_message_size [45000]
1953 Maximum size of a PA-TNC message (XML & Base64 encoding).
1954 charon.plugins.tnccs-20.max_batch_size [65522]
1957 Maximum size of a PB-TNC batch (upper limit via PT-EAP = 65529).
1958 charon.plugins.tnccs-20.max_message_size [65490]
1961 Maximum size of a PA-TNC message (upper limit via PT-EAP =
1962 65497).
1963 charon.plugins.tnccs-20.mutual [no]
1966 Enable PB-TNC mutual protocol.
1967 charon.plugins.tnccs-20.tests.pb_tnc_noskip [no]
1970 Send an unsupported PB-TNC message type with the NOSKIP flag
1971 set.
1972 charon.plugins.tnccs-20.tests.pb_tnc_version [2]
1975 Send a PB-TNC batch with a modified PB-TNC version.
1976 charon.plugins.tpm.ek_handle []
1979 Handle of the RSA or ECC Endorsement Key (EK) to be used to set
1980 up an authenticated session with a TPM 2.0 (e.g. 0x81010001).
1981 charon.plugins.tpm.fips_186_4 [no]
1984 Is the TPM 2.0 FIPS-186-4 compliant, forcing e.g. the use of the
1985 default salt length instead of maximum salt length with RSAPSS
1986 padding.
1987 charon.plugins.tpm.tcti.name [device|tabrmd]
1990 Name of TPM 2.0 TCTI library. Valid values: tabrmd, device or
1991 mssim. Defaults are device if the /dev/tpmrm0 in-kernel TPM 2.0
1992 resource manager device exists, and tabrmd otherwise, requiring
1993 the d-bus based TPM 2.0 access broker and resource manager to be
1994 available.
1995 charon.plugins.tpm.tcti.opts [/dev/tpmrm0|<none>]
1998 Options for the TPM 2.0 TCTI library. Defaults are /dev/tpmrm0
1999 if the TCTI library name is device and no options otherwise.
2000 charon.plugins.tpm.use_rng [no]
2003 Whether the TPM should be used as RNG. For security reasons en‐
2004 able only if an authenticated session can be set up (see ek_han‐
2005 dle option).
2006 charon.plugins.unbound.dlv_anchors []
2009 File to read trusted keys for DLV (DNSSEC Lookaside Validation)
2010 from. It uses the same format as trust_anchors. Only one DLV
2011 can be configured, which is then used as a root trusted DLV,
2012 this means that it is a lookaside for the root.
2013 charon.plugins.unbound.resolv_conf [/etc/resolv.conf]
2016 File to read DNS resolver configuration from.
2017 charon.plugins.unbound.trust_anchors
2020 [${sysconfdir}/ipsec.d/dnssec.keys]
2021 File to read DNSSEC trust anchors from (usually root zone KSK).
2022 The format of the file is the standard DNS Zone file format, an‐
2023 chors can be stored as DS or DNSKEY entries in the file.
2024 charon.plugins.updown.dns_handler [no]
2027 Whether the updown script should handle DNS servers assigned via
2028 IKEv1 Mode Config or IKEv2 Config Payloads (if enabled they
2029 can't be handled by other plugins, like resolve)
2030 charon.plugins.vici.socket [unix://${piddir}/charon.vici]
2033 Socket the vici plugin serves clients.
2034 charon.plugins.whitelist.enable [yes]
2037 Enable loaded whitelist plugin.
2038 charon.plugins.whitelist.socket [unix://${piddir}/charon.wlst]
2041 Socket provided by the whitelist plugin.
2042 charon.plugins.wolfssl.fips_mode [no]
2045 Enable to prevent loading the plugin if wolfSSL is not in FIPS
2046 mode.
2047 charon.plugins.xauth-eap.backend [radius]
2050 EAP plugin to be used as backend for XAuth credential verifica‐
2051 tion.
2052 charon.plugins.xauth-pam.pam_service [login]
2055 PAM service to be used for authentication.
2056 charon.plugins.xauth-pam.session [no]
2059 Open/close a PAM session for each active IKE_SA.
2060 charon.plugins.xauth-pam.trim_email [yes]
2063 If an email address is received as an XAuth username, trim it to
2064 just the username part.
2065 charon.port [500]
2068 UDP port used locally. If set to 0 a random port will be allo‐
2069 cated.
2070 charon.port_nat_t [4500]
2073 UDP port used locally in case of NAT-T. If set to 0 a random
2074 port will be allocated. Has to be different from charon.port,
2075 otherwise a random port will be allocated.
2076 charon.prefer_best_path [no]
2079 By default, charon keeps SAs on the routing path with addresses
2080 it previously used if that path is still usable. By setting this
2081 option to yes, it tries more aggressively to update SAs with MO‐
2082 BIKE on routing priority changes using the cheapest path. This
2083 adds more noise, but allows to dynamically adapt SAs to routing
2084 priority changes. This option has no effect if MOBIKE is not
2085 supported or disabled.
2086 charon.prefer_configured_proposals [yes]
2089 Prefer locally configured proposals for IKE/IPsec over supplied
2090 ones as responder (disabling this can avoid keying retries due
2091 to INVALID_KE_PAYLOAD notifies).
2092 charon.prefer_temporary_addrs [no]
2095 By default, permanent IPv6 source addresses are preferred over
2096 temporary ones (RFC 4941), to make connections more stable. En‐
2097 able this option to reverse this.
2098 It also affects which IPv6 addresses are announced as additional
2100 addresses if MOBIKE is used. If the option is disabled, only
2101 permanent addresses are sent, and only temporary ones if it is
2102 enabled.
2103 charon.process_route [yes]
2106 Process RTM_NEWROUTE and RTM_DELROUTE events.
2107 charon.processor.priority_threads
2110 Section to configure the number of reserved threads per priority
2111 class see JOB PRIORITY MANAGEMENT in strongswan.conf(5).
2112 charon.rdn_matching [strict]
2116 How RDNs in subject DNs of certificates are matched against con‐
2117 figured identities. Possible values are strict (the default),
2118 reordered, and relaxed. With strict the number, type and order
2119 of all RDNs has to match, wildcards (*) for the values of RDNs
2120 are allowed (that's the case for all three variants). Using re‐
2121 ordered also matches DNs if the RDNs appear in a different or‐
2122 der, the number and type still has to match. Finally, relaxed
2123 also allows matches of DNs that contain more RDNs than the con‐
2124 figured identity (missing RDNs are treated like a wildcard
2125 match).
2126 Note that reordered and relaxed impose a considerable overhead
2128 on memory usage and runtime, in particular, for mismatches, com‐
2129 pared to strict.
2130 charon.receive_delay [0]
2134 Delay in ms for receiving packets, to simulate larger RTT.
2135 charon.receive_delay_request [yes]
2138 Delay request messages.
2139 charon.receive_delay_response [yes]
2142 Delay response messages.
2143 charon.receive_delay_type [0]
2146 Specific IKEv2 message type to delay, 0 for any.
2147 charon.replay_window [32]
2150 Size of the AH/ESP replay window, in packets.
2151 charon.reqid_base [1]
2154 Value of the first reqid to be automatically assigned to a
2155 CHILD_SA.
2156 charon.retransmit_base [1.8]
2159 Base to use for calculating exponential back off, see IKEv2 RE‐
2160 TRANSMISSION in strongswan.conf(5).
2161 charon.retransmit_jitter [0]
2165 Maximum jitter in percent to apply randomly to calculated re‐
2166 transmission timeout (0 to disable).
2167 charon.retransmit_limit [0]
2170 Upper limit in seconds for calculated retransmission timeout (0
2171 to disable).
2172 charon.retransmit_timeout [4.0]
2175 Timeout in seconds before sending first retransmit.
2176 charon.retransmit_tries [5]
2179 Number of times to retransmit a packet before giving up.
2180 charon.retry_initiate_interval [0s]
2183 Interval in seconds to use when retrying to initiate an IKE_SA
2184 (e.g. if DNS resolution failed), 0 to disable retries.
2185 charon.reuse_ikesa [yes]
2188 Initiate CHILD_SA within existing IKE_SAs (always enabled for
2189 IKEv1).
2190 charon.routing_table []
2193 Numerical routing table to install routes to.
2194 charon.routing_table_prio []
2197 Priority of the routing table.
2198 charon.rsa_pss [no]
2201 Whether to use RSA with PSS padding instead of PKCS#1 padding by
2202 default.
2203 charon.rsa_pss_trailerfield [no]
2206 Whether to encode an explicit trailerField value of 0x01 in the
2207 RSA-PSS algorithmIdentifier (CONTEXT3) or using the DEFAULT
2208 value by omitting it.
2209 charon.send_delay [0]
2212 Delay in ms for sending packets, to simulate larger RTT.
2213 charon.send_delay_request [yes]
2216 Delay request messages.
2217 charon.send_delay_response [yes]
2220 Delay response messages.
2221 charon.send_delay_type [0]
2224 Specific IKEv2 message type to delay, 0 for any.
2225 charon.send_vendor_id [no]
2228 Send strongSwan vendor ID payload
2229 charon.signature_authentication [yes]
2232 Whether to enable Signature Authentication as per RFC 7427.
2233 charon.signature_authentication_constraints [yes]
2236 If enabled, signature schemes configured in rightauth, in addi‐
2237 tion to getting used as constraints against signature schemes
2238 employed in the certificate chain, are also used as constraints
2239 against the signature scheme used by peers during IKEv2.
2240 charon.spi_label [0x0000000000000000]
2243 Value mixed into the local IKE SPIs after applying spi_mask.
2244 charon.spi_mask [0x0000000000000000]
2248 Mask applied to local IKE SPIs before mixing in spi_label (bits
2249 set will be replaced with spi_label).
2250 charon.spi_max [0xcfffffff]
2254 The upper limit for SPIs requested from the kernel for IPsec
2255 SAs.
2256 charon.spi_min [0xc0000000]
2259 The lower limit for SPIs requested from the kernel for IPsec
2260 SAs. Should not be set lower than 0x00000100 (256), as SPIs be‐
2261 tween 1 and 255 are reserved by IANA.
2262 charon.start-scripts
2265 Section containing a list of scripts (name = path) that are exe‐
2266 cuted when the daemon is started.
2267 charon.stop-scripts
2270 Section containing a list of scripts (name = path) that are exe‐
2271 cuted when the daemon is terminated.
2272 charon.syslog
2275 Section to define syslog loggers, see LOGGER CONFIGURATION in
2276 strongswan.conf(5).
2277 charon.syslog.<facility>
2281 <facility> is one of the supported syslog facilities, see LOGGER
2282 CONFIGURATION in strongswan.conf(5).
2283 charon.syslog.<facility>.<subsystem> [<default>]
2287 Loglevel for a specific subsystem.
2288 charon.syslog.<facility>.default [1]
2291 Specifies the default loglevel to be used for subsystems for
2292 which no specific loglevel is defined.
2293 charon.syslog.<facility>.ike_name [no]
2296 Prefix each log entry with the connection name and a unique nu‐
2297 merical identifier for each IKE_SA.
2298 charon.syslog.<facility>.log_level [no]
2301 Add the log level of each message after the subsystem (e.g.
2302 [IKE2]).
2303 charon.syslog.<facility>.map_level [-1]
2306 The default setting of -1 passes all messages to syslog using a
2307 log level of LOG_INFO. A non-negative value maps the strongSwan
2308 specific loglevels (0..4) to the syslog level starting at the
2309 specified number. For example, a value of 5 (LOG_NOTICE) maps
2310 strongSwan loglevel 0 to LOG_NOTICE, level 1 to LOG_INFO, and
2311 levels 2, 3 and 4 to LOG_DEBUG. This allows (additional) filter‐
2312 ing of log messages on the syslog server.
2313 charon.syslog.identifier []
2316 Global identifier used for an openlog(3) call, prepended to each
2317 log message by syslog. If not configured, openlog(3) is not
2318 called, so the value will depend on system defaults (often the
2319 program name).
2320 charon.threads [16]
2323 Number of worker threads in charon. Several of these are re‐
2324 served for long running tasks in internal modules and plugins.
2325 Therefore, make sure you don't set this value too low. The num‐
2326 ber of idle worker threads listed in ipsec statusall might be
2327 used as indicator on the number of reserved threads.
2328 charon.tls.cipher []
2331 List of TLS encryption ciphers.
2332 charon.tls.ke_group []
2335 List of TLS key exchange groups.
2336 charon.tls.key_exchange []
2339 List of TLS key exchange methods.
2340 charon.tls.mac []
2343 List of TLS MAC algorithms.
2344 charon.tls.send_certreq_authorities [yes]
2347 Whether to include CAs in a server's CertificateRequest message.
2348 May be disabled if clients can't handle a long list of CAs.
2349 charon.tls.signature []
2352 List of TLS signature schemes.
2353 charon.tls.suites []
2356 List of TLS cipher suites.
2357 charon.tls.version_max [1.2]
2360 Maximum TLS version to negotiate.
2361 charon.tls.version_min [1.2]
2364 Minimum TLS version to negotiate.
2365 charon.tnc.tnc_config [/etc/tnc_config]
2368 TNC IMC/IMV configuration file.
2369 charon.user []
2372 Name of the user the daemon changes to after startup.
2373 charon.x509.enforce_critical [yes]
2376 Discard certificates with unsupported or unknown critical exten‐
2377 sions.
2378 charon-nm.ca_dir [<default>]
2381 Directory from which to load CA certificates if no certificate
2382 is configured.
2383 charon-nm.mtu [1400]
2386 MTU for XFRM interfaces created by the NM plugin.
2387 charon-systemd.journal
2390 Section to configure native systemd journal logger, very similar
2391 to the syslog logger as described in LOGGER CONFIGURATION in
2392 strongswan.conf(5).
2393 charon-systemd.journal.<subsystem> [<default>]
2397 Loglevel for a specific subsystem.
2398 charon-systemd.journal.default [1]
2401 Specifies the default loglevel to be used for subsystems for
2402 which no specific loglevel is defined.
2403 imv_policy_manager.command_allow []
2406 Shell command to be executed with recommendation allow.
2407 imv_policy_manager.command_block []
2410 Shell command to be executed with all other recommendations.
2411 imv_policy_manager.database []
2414 Database URI for the database that stores the package informa‐
2415 tion. If it contains a password, make sure to adjust the permis‐
2416 sions of the config file accordingly.
2417 imv_policy_manager.load [sqlite]
2420 Plugins to load in IMV policy manager.
2421 libimcv.debug_level [1]
2424 Debug level for a stand-alone libimcv library.
2425 libimcv.load [random nonce gmp pubkey x509]
2428 Plugins to load in IMC/IMVs with stand-alone libimcv library.
2429 libimcv.plugins.imc-attestation.aik_blob []
2432 AIK encrypted private key blob file.
2433 libimcv.plugins.imc-attestation.aik_cert []
2436 AIK certificate file.
2437 libimcv.plugins.imc-attestation.aik_handle []
2440 AIK object handle.
2441 libimcv.plugins.imc-attestation.aik_pubkey []
2444 AIK public key file.
2445 libimcv.plugins.imc-attestation.hash_algorithm [sha384]
2448 Preferred measurement hash algorithm.
2449 libimcv.plugins.imc-attestation.mandatory_dh_groups [yes]
2452 Enforce mandatory Diffie-Hellman groups.
2453 libimcv.plugins.imc-attestation.nonce_len [20]
2456 DH nonce length.
2457 libimcv.plugins.imc-attestation.pcr17_after []
2460 PCR17 value after measurement.
2461 libimcv.plugins.imc-attestation.pcr17_before []
2464 PCR17 value before measurement.
2465 libimcv.plugins.imc-attestation.pcr17_meas []
2468 Dummy measurement value extended into PCR17 if the TBOOT log is
2469 not available.
2470 libimcv.plugins.imc-attestation.pcr18_after []
2473 PCR18 value after measurement.
2474 libimcv.plugins.imc-attestation.pcr18_before []
2477 PCR18 value before measurement.
2478 libimcv.plugins.imc-attestation.pcr18_meas []
2481 Dummy measurement value extended into PCR17 if the TBOOT log is
2482 not available.
2483 libimcv.plugins.imc-attestation.pcr_info [no]
2486 Whether to send pcr_before and pcr_after info.
2487 libimcv.plugins.imc-attestation.pcr_padding [no]
2490 Whether to pad IMA SHA1 measurements values when extending into
2491 SHA256 PCR bank.
2492 libimcv.plugins.imc-attestation.use_quote2 [yes]
2495 Use Quote2 AIK signature instead of Quote signature.
2496 libimcv.plugins.imc-attestation.use_version_info [no]
2499 Version Info is included in Quote2 signature.
2500 libimcv.plugins.imc-hcd.push_info [yes]
2503 Send quadruple info without being prompted.
2504 libimcv.plugins.imc-hcd.subtypes []
2507 Section to define PWG HCD PA subtypes.
2508 libimcv.plugins.imc-hcd.subtypes.<section> []
2511 Defines a PWG HCD PA subtype section. Recognized subtype section
2512 names are system, control, marker, finisher, interface and scan‐
2513 ner.
2514 libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type> []
2518 Defines a software type section. Recognized software type sec‐
2519 tion names are firmware, resident_application and user_applica‐
2520 tion.
2521 libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>.<software> []
2525 Defines a software section having an arbitrary name.
2526 libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>.<software>.name []
2529 Name of the software installed on the hardcopy device.
2530 libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>.<software>.patches
2533 []
2534 String describing all patches applied to the given software on
2535 this hardcopy device. The individual patches are separated by a
2536 newline character '\n'.
2537 libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>.<soft‐
2540 ware>.string_version []
2541 String describing the version of the given software on this
2542 hardcopy device.
2543 libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>.<software>.version
2546 []
2547 Hex-encoded version string with a length of 16 octets consisting
2548 of the fields major version number (4 octets), minor version
2549 number (4 octets), build number (4 octets), service pack major
2550 number (2 octets) and service pack minor number (2 octets).
2551 libimcv.plugins.imc-hcd.subtypes.<section>.attributes_natural_language
2554 [en]
2555 Variable length natural language tag conforming to RFC 5646
2556 specifies the language to be used in the health assessment mes‐
2557 sage of a given subtype.
2558 libimcv.plugins.imc-hcd.subtypes.system.certification_state []
2561 Hex-encoded certification state.
2562 libimcv.plugins.imc-hcd.subtypes.system.configuration_state []
2565 Hex-encoded configuration state.
2566 libimcv.plugins.imc-hcd.subtypes.system.machine_type_model []
2569 String specifying the machine type and model of the hardcopy de‐
2570 vice.
2571 libimcv.plugins.imc-hcd.subtypes.system.pstn_fax_enabled [no]
2574 Specifies if a PSTN facsimile interface is installed and enabled
2575 on the hardcopy device.
2576 libimcv.plugins.imc-hcd.subtypes.system.time_source []
2579 String specifying the hostname of the network time server used
2580 by the hardcopy device.
2581 libimcv.plugins.imc-hcd.subtypes.system.user_application_enabled [no]
2584 Specifies if users can dynamically download and execute applica‐
2585 tions on the hardcopy device.
2586 libimcv.plugins.imc-hcd.subtypes.system.user_application_persis‐
2589 tence_enabled [no]
2590 Specifies if user dynamically downloaded applications can per‐
2591 sist outside the boundaries of a single job on the hardcopy de‐
2592 vice.
2593 libimcv.plugins.imc-hcd.subtypes.system.vendor_name []
2596 String specifying the manufacturer of the hardcopy device.
2597 libimcv.plugins.imc-hcd.subtypes.system.vendor_smi_code []
2600 Integer specifying the globally unique 24-bit SMI code assigned
2601 to the manufacturer of the hardcopy device.
2602 libimcv.plugins.imc-os.device_cert []
2605 Manually set the path to the client device certificate (e.g.
2606 /etc/pts/aikCert.der)
2607 libimcv.plugins.imc-os.device_handle []
2610 Manually set handle to a private key bound to a smartcard or TPM
2611 (e.g. 0x81010004)
2612 libimcv.plugins.imc-os.device_id []
2615 Manually set the client device ID in hexadecimal format (e.g.
2616 1083f03988c9762703b1c1080c2e46f72b99cc31)
2617 libimcv.plugins.imc-os.device_pubkey []
2620 Manually set the path to the client device public key (e.g.
2621 /etc/pts/aikPub.der)
2622 libimcv.plugins.imc-os.push_info [yes]
2625 Send operating system info without being prompted.
2626 libimcv.plugins.imc-scanner.push_info [yes]
2629 Send open listening ports without being prompted.
2630 libimcv.plugins.imc-swima.eid_epoch [0x11223344]
2633 Set 32 bit epoch value for event IDs manually if software col‐
2634 lector database is not available.
2635 libimcv.plugins.imc-swima.subscriptions [no]
2638 Accept SW Inventory or SW Events subscriptions.
2639 libimcv.plugins.imc-swima.swid_database []
2642 URI to software collector database containing event timestamps,
2643 software creation and deletion events and collected software
2644 identifiers. If it contains a password, make sure to adjust the
2645 permissions of the config file accordingly.
2646 libimcv.plugins.imc-swima.swid_directory [${prefix}/share]
2649 Directory where SWID tags are located.
2650 libimcv.plugins.imc-swima.swid_full [no]
2653 Include file information in the XML-encoded SWID tags.
2654 libimcv.plugins.imc-swima.swid_pretty [no]
2657 Generate XML-encoded SWID tags with pretty indentation.
2658 libimcv.plugins.imc-test.additional_ids [0]
2661 Number of additional IMC IDs.
2662 libimcv.plugins.imc-test.command [none]
2665 Command to be sent to the Test IMV.
2666 libimcv.plugins.imc-test.dummy_size [0]
2669 Size of dummy attribute to be sent to the Test IMV (0 = dis‐
2670 abled).
2671 libimcv.plugins.imc-test.retry [no]
2674 Do a handshake retry.
2675 libimcv.plugins.imc-test.retry_command []
2678 Command to be sent to the Test IMV in the handshake retry.
2679 libimcv.plugins.imv-attestation.cadir []
2682 Path to directory with AIK cacerts.
2683 libimcv.plugins.imv-attestation.dh_group [ecp256]
2686 Preferred Diffie-Hellman group.
2687 libimcv.plugins.imv-attestation.hash_algorithm [sha384]
2690 Preferred measurement hash algorithm.
2691 libimcv.plugins.imv-attestation.mandatory_dh_groups [yes]
2694 Enforce mandatory Diffie-Hellman groups.
2695 libimcv.plugins.imv-attestation.min_nonce_len [0]
2698 DH minimum nonce length.
2699 libimcv.plugins.imv-os.remediation_uri []
2702 URI pointing to operating system remediation instructions.
2703 libimcv.plugins.imv-scanner.remediation_uri []
2706 URI pointing to scanner remediation instructions.
2707 libimcv.plugins.imv-swima.rest_api.timeout [120]
2710 Timeout of SWID REST API HTTP POST transaction.
2711 libimcv.plugins.imv-swima.rest_api.uri []
2714 HTTP URI of the SWID REST API.
2715 libimcv.plugins.imv-test.rounds [0]
2718 Number of IMC-IMV retry rounds.
2719 libimcv.stderr_quiet [no]
2722 Disable output to stderr with a stand-alone libimcv library.
2723 libimcv.swid_gen.command [/usr/local/bin/swid_generator]
2726 SWID generator command to be executed.
2727 libimcv.swid_gen.tag_creator.name [strongSwan Project]
2730 Name of the tagCreator entity.
2731 libimcv.swid_gen.tag_creator.regid [strongswan.org]
2734 regid of the tagCreator entity.
2735 manager.database []
2738 Credential database URI for manager. If it contains a password,
2739 make sure to adjust the permissions of the config file accord‐
2740 ingly.
2741 manager.debug [no]
2744 Enable debugging in manager.
2745 manager.load []
2748 Plugins to load in manager.
2749 manager.socket []
2752 FastCGI socket of manager, to run it statically.
2753 manager.threads [10]
2756 Threads to use for request handling.
2757 manager.timeout [15m]
2760 Session timeout for manager.
2761 medsrv.database []
2764 Mediation server database URI. If it contains a password, make
2765 sure to adjust the permissions of the config file accordingly.
2766 medsrv.debug [no]
2769 Debugging in mediation server web application.
2770 medsrv.dpd [5m]
2773 DPD timeout to use in mediation server plugin.
2774 medsrv.load []
2777 Plugins to load in mediation server plugin.
2778 medsrv.password_length [6]
2781 Minimum password length required for mediation server user ac‐
2782 counts.
2783 medsrv.rekey [20m]
2786 Rekeying time on mediation connections in mediation server
2787 plugin.
2788 medsrv.socket []
2791 Run Mediation server web application statically on socket.
2792 medsrv.threads [5]
2795 Number of thread for mediation service web application.
2796 medsrv.timeout [15m]
2799 Session timeout for mediation service.
2800 pki.load []
2803 Plugins to load in the pki tool.
2804 pki.scep.http_bind []
2807 Source IP address to bind for HTTP operations.
2808 pki.scep.http_timeout [30s]
2811 Timeout for HTTP operations.
2812 pki.scep.renewal_via_pkcs_req [no]
2815 Some SCEP servers (e.g. openxpki) are incorrectly doing certifi‐
2816 cate renewal via messageType PKCSReq (19) instead of RenewalReq
2817 (17).
2818 pool.database []
2821 Database URI for the database that stores IP pools and configu‐
2822 ration attributes. If it contains a password, make sure
2823 to adjust the permissions of the config file accordingly.
2824 pool.load []
2827 Plugins to load in ipsec pool tool.
2828 sec-updater
2831 Options for the sec-updater tool.
2832 sec-updater.database []
2835 Global IMV policy database URI. If it contains a password, make
2836 sure to adjust the permissions of the config file accordingly.
2837 sec-updater.load []
2840 Plugins to load in sec-updater tool.
2841 sec-updater.swid_gen.command [/usr/local/bin/swid_generator]
2844 SWID generator command to be executed.
2845 sec-updater.swid_gen.tag_creator.name [strongSwan Project]
2848 Name of the tagCreator entity.
2849 sec-updater.swid_gen.tag_creator.regid [strongswan.org]
2852 regid of the tagCreator entity.
2853 sec-updater.tmp.deb_file [/tmp/sec-updater.deb]
2856 Temporary storage for downloaded deb package file.
2857 sec-updater.tmp.tag_file [/tmp/sec-updater.tag]
2860 Temporary storage for generated SWID tags.
2861 sec-updater.tnc_manage_command [/var/www/tnc/manage.py]
2864 strongTNC manage.py command used to import SWID tags.
2865 starter.config_file [${sysconfdir}/ipsec.conf]
2868 Location of the ipsec.conf file
2869 starter.load_warning [yes]
2872 Disable charon plugin load option warning.
2873 sw-collector
2876 Options for the sw-collector tool.
2877 sw-collector.database []
2880 URI to software collector database containing event timestamps,
2881 software creation and deletion events and collected software
2882 identifiers. If it contains a password, make sure to adjust the
2883 permissions of the config file accordingly.
2884 sw-collector.first_file [/var/log/bootstrap.log]
2887 Path pointing to file created when the Linux OS was installed.
2888 sw-collector.first_time [0000-00-00T00:00:00Z]
2891 Time in UTC when the Linux OS was installed.
2892 sw-collector.history []
2895 Path pointing to apt history.log file.
2896 sw-collector.load []
2899 Plugins to load in sw-collector tool.
2900 sw-collector.rest_api.timeout [120]
2903 Timeout of REST API HTTP POST transaction.
2904 sw-collector.rest_api.uri []
2907 HTTP URI of the central collector's REST API.
2908 swanctl.load []
2911 Plugins to load in swanctl.
2912 swanctl.socket [unix://${piddir}/charon.vici]
2915 VICI socket to connect to by default.
2916
2919 Options in strongswan.conf(5) provide a much more flexible way to con‐
2920 figure loggers for the IKE daemon charon than using the charondebug op‐
2921 tion in ipsec.conf(5).
2922 Note: If any loggers are specified in strongswan.conf, charondebug does
2924 not have any effect.
2925 There are currently two types of loggers:
2927 File loggers
2929 Log directly to a file and are defined by specifying an arbi‐
2930 trarily named subsection in the charon.filelog section. The full
2931 path to the file is configured in the path setting of that sub‐
2932 section, however, if it only contains characters permitted in
2933 section names, the setting may also be omitted and the path
2934 specified as name of the subsection. To log to the console the
2935 two special filenames stdout and stderr may be used.
2936 Syslog loggers
2938 Log into a syslog facility and are defined by specifying the fa‐
2939 cility to log to as the name of a subsection in the charon.sys‐
2940 log section. The following facilities are currently supported:
2941 daemon and auth.
2942 Multiple loggers can be defined for each type with different log ver‐
2944 bosity for the different subsystems of the daemon.
2945 Subsystems
2948 dmn Main daemon setup/cleanup/signal handling
2949 mgr IKE_SA manager, handling synchronization for IKE_SA access
2951 ike IKE_SA
2953 chd CHILD_SA
2955 job Jobs queueing/processing and thread pool management
2957 cfg Configuration management and plugins
2959 knl IPsec/Networking kernel interface
2961 net IKE network communication
2963 asn Low-level encoding/decoding (ASN.1, X.509 etc.)
2965 enc Packet encoding/decoding encryption/decryption operations
2967 tls libtls library messages
2969 esp libipsec library messages
2971 lib libstrongswan library messages
2973 tnc Trusted Network Connect
2975 imc Integrity Measurement Collector
2977 imv Integrity Measurement Verifier
2979 pts Platform Trust Service
2981 Loglevels
2983 -1 Absolutely silent
2984 0 Very basic auditing logs, (e.g. SA up/SA down)
2986 1 Generic control flow with errors, a good default to see what's
2988 going on
2989 2 More detailed debugging control flow
2991 3 Including RAW data dumps in Hex
2993 4 Also include sensitive material in dumps, e.g. keys
2995 Example
2997 charon {
2998 filelog {
2999 charon {
3000 path = /var/log/charon.log
3001 time_format = %b %e %T
3002 append = no
3003 default = 1
3004 }
3005 stderr {
3006 ike = 2
3007 knl = 3
3008 ike_name = yes
3009 }
3010 }
3011 syslog {
3012 # enable logging to LOG_DAEMON, use defaults
3013 daemon {
3014 }
3015 # minimalistic IKE auditing logging to LOG_AUTHPRIV
3016 auth {
3017 default = -1
3018 ike = 0
3019 }
3020 }
3021 }
3022
3025 Some operations in the IKEv2 daemon charon are currently implemented
3026 synchronously and blocking. Two examples for such operations are commu‐
3027 nication with a RADIUS server via EAP-RADIUS, or fetching CRL/OCSP in‐
3028 formation during certificate chain verification. Under high load condi‐
3029 tions, the thread pool may run out of available threads, and some more
3030 important jobs, such as liveness checking, may not get executed in
3031 time.
3032 To prevent thread starvation in such situations job priorities were in‐
3034 troduced. The job processor will reserve some threads for higher pri‐
3035 ority jobs, these threads are not available for lower priority, locking
3036 jobs.
3037 Implementation
3039 Currently 4 priorities have been defined, and they are used in charon
3040 as follows:
3041 CRITICAL
3043 Priority for long-running dispatcher jobs.
3044 HIGH INFORMATIONAL exchanges, as used by liveness checking (DPD).
3046 MEDIUM Everything not HIGH/LOW, including IKE_SA_INIT processing.
3048 LOW IKE_AUTH message processing. RADIUS and CRL fetching block here
3050 Although IKE_SA_INIT processing is computationally expensive, it is ex‐
3052 plicitly assigned to the MEDIUM class. This allows charon to do the DH
3053 exchange while other threads are blocked in IKE_AUTH. To prevent the
3054 daemon from accepting more IKE_SA_INIT requests than it can handle, use
3055 IKE_SA_INIT DROPPING.
3056 The thread pool processes jobs strictly by priority, meaning it will
3058 consume all higher priority jobs before looking for ones with lower
3059 priority. Further, it reserves threads for certain priorities. A prior‐
3060 ity class having reserved n threads will always have n threads avail‐
3061 able for this class (either currently processing a job, or waiting for
3062 one).
3063 Configuration
3065 To ensure that there are always enough threads available for higher
3066 priority tasks, threads must be reserved for each priority class.
3067 charon.processor.priority_threads.critical [0]
3069 Threads reserved for CRITICAL priority class jobs
3070 charon.processor.priority_threads.high [0]
3072 Threads reserved for HIGH priority class jobs
3073 charon.processor.priority_threads.medium [0]
3075 Threads reserved for MEDIUM priority class jobs
3076 charon.processor.priority_threads.low [0]
3078 Threads reserved for LOW priority class jobs
3079 Let's consider the following configuration:
3081 charon {
3083 processor {
3084 priority_threads {
3085 high = 1
3086 medium = 4
3087 }
3088 }
3089 }
3090 With this configuration, one thread is reserved for HIGH priority
3092 tasks. As currently only liveness checking and stroke message process‐
3093 ing is done with high priority, one or two threads should be suffi‐
3094 cient.
3095 The MEDIUM class mostly processes non-blocking jobs. Unless your setup
3097 is experiencing many blocks in locks while accessing shared resources,
3098 threads for one or two times the number of CPU cores is fine.
3099 It is usually not required to reserve threads for CRITICAL jobs. Jobs
3101 in this class rarely return and do not release their thread to the
3102 pool.
3103 The remaining threads are available for LOW priority jobs. Reserving
3105 threads does not make sense (until we have an even lower priority).
3106 Monitoring
3108 To see what the threads are actually doing, invoke ipsec statusall.
3109 Under high load, something like this will show up:
3110 worker threads: 2 or 32 idle, 5/1/2/22 working,
3112 job queue: 0/0/1/149, scheduled: 198
3113 From 32 worker threads,
3115 2 are currently idle.
3117 5 are running CRITICAL priority jobs (dispatching from sockets,
3119 etc.).
3120 1 is currently handling a HIGH priority job. This is actually the
3122 thread currently providing this information via stroke.
3123 2 are handling MEDIUM priority jobs, likely IKE_SA_INIT or CRE‐
3125 ATE_CHILD_SA messages.
3126 22 are handling LOW priority jobs, probably waiting for an EAP-RA‐
3128 DIUS response while processing IKE_AUTH messages.
3129 The job queue load shows how many jobs are queued for each priority,
3131 ready for execution. The single MEDIUM priority job will get executed
3132 immediately, as we have two spare threads reserved for MEDIUM class
3133 jobs.
3134
3137 If a responder receives more connection requests per seconds than it
3138 can handle, it does not make sense to accept more IKE_SA_INIT messages.
3139 And if they are queued but can't get processed in time, an answer might
3140 be sent after the client has already given up and restarted its connec‐
3141 tion setup. This additionally increases the load on the responder.
3142 To limit the responder load resulting from new connection attempts, the
3144 daemon can drop IKE_SA_INIT messages just after reception. There are
3145 two mechanisms to decide if this should happen, configured with the
3146 following options:
3147 charon.init_limit_half_open [0]
3149 Limit based on the number of half open IKE_SAs. Half open
3150 IKE_SAs are SAs in connecting state, but not yet established.
3151 charon.init_limit_job_load [0]
3153 Limit based on the number of jobs currently queued for process‐
3154 ing (sum over all job priorities).
3155 The second limit includes load from other jobs, such as rekeying.
3157 Choosing a good value is difficult and depends on the hardware and ex‐
3158 pected load.
3159 The first limit is simpler to calculate, but includes the load from new
3161 connections only. If your responder is capable of negotiating 100 tun‐
3162 nels/s, you might set this limit to 1000. The daemon will then drop new
3163 connection attempts if generating a response would require more than 10
3164 seconds. If you are allowing for a maximum response time of more than
3165 30 seconds, consider adjusting the timeout for connecting IKE_SAs
3166 (charon.half_open_timeout). A responder, by default, deletes an IKE_SA
3167 if the initiator does not establish it within 30 seconds. Under high
3168 load, a higher value might be required.
3169
3172 To do stability testing and performance optimizations, the IKE daemon
3173 charon provides the load-tester plugin. This plugin allows one to setup
3174 thousands of tunnels concurrently against the daemon itself or a remote
3175 host.
3176 WARNING: Never enable the load-testing plugin on productive systems. It
3178 provides preconfigured credentials and allows an attacker to authenti‐
3179 cate as any user.
3180 Configuration details
3182 For public key authentication, the responder uses the "CN=srv, OU=load-
3183 test, O=strongSwan" identity. For the initiator, each connection at‐
3184 tempt uses a different identity in the form "CN=c1-r1, OU=load-test,
3185 O=strongSwan", where the first number indicates the client number, the
3186 second the authentication round (if multiple authentication rounds are
3187 used).
3188 For PSK authentication, FQDN identities are used. The server uses
3190 srv.strongswan.org, the client uses an identity in the form
3191 c1-r1.strongswan.org.
3192 For EAP authentication, the client uses a NAI in the form
3194 100000000010001@strongswan.org.
3195 To configure multiple authentication rounds, concatenate multiple meth‐
3197 ods using, e.g.
3198 initiator_auth = pubkey|psk|eap-md5|eap-aka
3199 The responder uses a hardcoded certificate based on a 1024-bit RSA key.
3201 This certificate additionally serves as CA certificate. A peer uses the
3202 same private key, but generates client certificates on demand signed by
3203 the CA certificate. Install the Responder/CA certificate on the remote
3204 host to authenticate all clients.
3205 To speed up testing, the load tester plugin implements a special
3207 Diffie-Hellman implementation called modpnull. By setting
3208 proposal = aes128-sha1-modpnull
3209 this wicked fast DH implementation is used. It does not provide any se‐
3210 curity at all, but allows one to run tests without DH calculation over‐
3211 head.
3212 Examples
3214 In the simplest case, the daemon initiates IKE_SAs against itself using
3215 the loopback interface. This will actually establish double the number
3216 of IKE_SAs, as the daemon is initiator and responder for each IKE_SA at
3217 the same time. Installation of IPsec SAs would fail, as each SA gets
3218 installed twice. To simulate the correct behavior, a fake kernel inter‐
3219 face can be enabled which does not install the IPsec SAs at the kernel
3220 level.
3221 A simple loopback configuration might look like this:
3223 charon {
3225 # create new IKE_SAs for each CHILD_SA to simulate
3226 # different clients
3227 reuse_ikesa = no
3228 # turn off denial of service protection
3229 dos_protection = no
3230 plugins {
3232 load-tester {
3233 # enable the plugin
3234 enable = yes
3235 # use 4 threads to initiate connections
3236 # simultaneously
3237 initiators = 4
3238 # each thread initiates 1000 connections
3239 iterations = 1000
3240 # delay each initiation in each thread by 20ms
3241 delay = 20
3242 # enable the fake kernel interface to
3243 # avoid SA conflicts
3244 fake_kernel = yes
3245 }
3246 }
3247 }
3248 This will initiate 4000 IKE_SAs within 20 seconds. You may increase the
3250 delay value if your box can not handle that much load, or decrease it
3251 to put more load on it. If the daemon starts retransmitting messages
3252 your box probably can not handle all connection attempts.
3253 The plugin also allows one to test against a remote host. This might
3255 help to test against a real world configuration. A connection setup to
3256 do stress testing of a gateway might look like this:
3257 charon {
3259 reuse_ikesa = no
3260 threads = 32
3261 plugins {
3263 load-tester {
3264 enable = yes
3265 # 10000 connections, ten in parallel
3266 initiators = 10
3267 iterations = 1000
3268 # use a delay of 100ms, overall time is:
3269 # iterations * delay = 100s
3270 delay = 100
3271 # address of the gateway
3272 remote = 1.2.3.4
3273 # IKE-proposal to use
3274 proposal = aes128-sha1-modp1024
3275 # use faster PSK authentication instead
3276 # of 1024bit RSA
3277 initiator_auth = psk
3278 responder_auth = psk
3279 # request a virtual IP using configuration
3280 # payloads
3281 request_virtual_ip = yes
3282 # enable CHILD_SA every 60s
3283 child_rekey = 60
3284 }
3285 }
3286 }
3287
3290 Retransmission timeouts in the IKEv2 daemon charon can be configured
3291 globally using the three keys listed below:
3292 charon.retransmit_base [1.8]
3294 charon.retransmit_timeout [4.0]
3295 charon.retransmit_tries [5]
3296 charon.retransmit_jitter [0]
3297 charon.retransmit_limit [0]
3298 The following algorithm is used to calculate the timeout:
3300 relative timeout = retransmit_timeout * retransmit_base ^ (n-1)
3302 Where n is the current retransmission count. The calculated timeout
3304 can't exceed the configured retransmit_limit (if any), which is useful
3305 if the number of retries is high.
3306 If a jitter in percent is configured, the timeout is modified as fol‐
3308 lows:
3309 relative timeout -= random(0, retransmit_jitter * relative timeout)
3311 Using the default values, packets are retransmitted in:
3313 Retransmission Relative Timeout Absolute Timeout
3316 ─────────────────────────────────────────────────────
3317 1 4s 4s
3318 2 7s 11s
3319 3 13s 24s
3320 4 23s 47s
3321 5 42s 89s
3322 giving up 76s 165s
3323
3325 The variables used above are configured as follows:
3326 ${piddir} /run/strongswan
3328 ${prefix} /usr
3329 ${sysconfdir} /etc/strongswan
3330 ${random_device} /dev/random
3331 ${urandom_device} /dev/urandom
3332
3334 /etc/strongswan/strongswan.conf configuration file
3335 /etc/strongswan/strongswan.d/ directory containing included config snippets
3336 /etc/strongswan/strongswan.d/charon/ plugin specific config snippets
3337
3339 swanctl.conf(5), swanctl(8), ipsec.conf(5), ipsec.secrets(5), ipsec(8),
3340 charon-cmd(8)
3341
3344 Written for the strongSwan project ⟨https://www.strongswan.org⟩ by To‐
3345 bias Brunner, Andreas Steffen and Martin Willi.
33465.9.11 STRONGSWAN.CONF(5)