New upstream version 5.7.0

author: Yves-Alexis Perez <corsac@debian.org> 2018-09-24 15:11:14 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2018-09-24 15:11:14 +0200
commit: e0e280b7669435b991b7e457abd8aa450930b3e8 (patch)
tree: 3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /conf/plugins
parent: 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff)
download: vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz
vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip
11 files changed, 54 insertions, 29 deletions
diff --git a/conf/plugins/dhcp.conf b/conf/plugins/dhcp.conf
index 88bbe36e3..c880cfa59 100644
--- a/conf/plugins/dhcp.conf
+++ b/conf/plugins/dhcp.conf
@@ -17,5 +17,9 @@ dhcp {
     # DHCP server unicast or broadcast IP address.
     # server = 255.255.255.255
 
+    # Use the DHCP server port (67) as source port when a unicast server address
+    # is configured.
+    # use_server_port = no
+
 }
 
diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt
index 6b337bc34..7c6d31c87 100644
--- a/conf/plugins/dhcp.opt
+++ b/conf/plugins/dhcp.opt
@@ -15,6 +15,21 @@ charon.plugins.dhcp.identity_lease = no
 charon.plugins.dhcp.server = 255.255.255.255
 	DHCP server unicast or broadcast IP address.
 
+charon.plugins.dhcp.use_server_port = no
+	Use the DHCP server port (67) as source port when a unicast server address
+	is configured.
+
+	Use the DHCP server port (67) as source port, instead of the DHCP client
+	port (68), when a unicast server address is configured and the plugin acts
+	as relay agent.  When replying in this mode the DHCP server will always send
+	packets to the DHCP server port and if no process binds that port an ICMP
+	port unreachables will be sent back, which might be problematic for some
+	DHCP servers.  To avoid that, enabling this option will cause the plugin to
+	bind the DHCP server port to send its requests when acting as relay agent.
+	This is not necessary if a DHCP server is already running on the same host
+	and might even cause conflicts (and since the server port is already bound,
+	ICMPs should not be an issue).
+
 charon.plugins.dhcp.interface
 	Interface name the plugin uses for address allocation.
 
diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf
index 5a486114e..24f2eaacd 100644
--- a/conf/plugins/eap-radius.conf
+++ b/conf/plugins/eap-radius.conf
@@ -66,6 +66,10 @@ eap-radius {
     # Number of sockets (ports) to use, increase for high load.
     # sockets = 1
 
+    # Whether to include the UDP port in the Called- and Calling-Station-Id
+    # RADIUS attributes.
+    # station_id_with_port = yes
+
     dae {
 
         # Enables support for the Dynamic Authorization Extension (RFC 5176).
diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
index f18a74c49..192996c73 100644
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@@ -108,6 +108,10 @@ charon.plugins.eap-radius.servers {}
 charon.plugins.eap-radius.sockets = 1
 	Number of sockets (ports) to use, increase for high load.
 
+charon.plugins.eap-radius.station_id_with_port = yes
+	Whether to include the UDP port in the Called- and Calling-Station-Id
+	RADIUS attributes.
+
 charon.plugins.eap-radius.xauth {}
 	Section to configure multiple XAuth authentication rounds via RADIUS.
 
diff --git a/conf/plugins/imc-swid.conf b/conf/plugins/imc-swid.conf
deleted file mode 100644
index 4893703ad..000000000
--- a/conf/plugins/imc-swid.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-imc-swid {
-
-    # Whether to load the plugin. Can also be an integer to increase the
-    # priority of this plugin.
-    load = yes
-
-}
-
diff --git a/conf/plugins/imc-swid.opt b/conf/plugins/imc-swid.opt
deleted file mode 100644
index e622aa683..000000000
--- a/conf/plugins/imc-swid.opt
+++ /dev/null
@@ -1,8 +0,0 @@
-libimcv.plugins.imc-swid.swid_directory = ${prefix}/share
-	Directory where SWID tags are located.
-
-libimcv.plugins.imc-swid.swid_pretty = no
-	Generate XML-encoded SWID tags with pretty indentation.
-
-libimcv.plugins.imc-swid.swid_full = no
-	Include file information in the XML-encoded SWID tags.
diff --git a/conf/plugins/imc-swima.opt b/conf/plugins/imc-swima.opt
index 099a3c80f..daa4ecadd 100644
--- a/conf/plugins/imc-swima.opt
+++ b/conf/plugins/imc-swima.opt
@@ -19,3 +19,6 @@ libimcv.plugins.imc-swima.swid_pretty = no
 
 libimcv.plugins.imc-swima.swid_full = no
 	Include file information in the XML-encoded SWID tags.
+
+libimcv.plugins.imc-swima.subscriptions = no
+	Accept SW Inventory or SW Events subscriptions.
diff --git a/conf/plugins/imv-swid.conf b/conf/plugins/imv-swid.conf
deleted file mode 100644
index bfd49bd1c..000000000
--- a/conf/plugins/imv-swid.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-imv-swid {
-
-    # Whether to load the plugin. Can also be an integer to increase the
-    # priority of this plugin.
-    load = yes
-
-}
-
diff --git a/conf/plugins/imv-swid.opt b/conf/plugins/imv-swid.opt
deleted file mode 100644
index d451c78ce..000000000
--- a/conf/plugins/imv-swid.opt
+++ /dev/null
@@ -1,5 +0,0 @@
-libimcv.plugins.imv-swid.rest_api_uri = 
-	HTTP URI of the SWID REST API.
-
-libimcv.plugins.imv-swid.rest_api_timeout = 120
-	Timeout of SWID REST API HTTP POST transaction.
diff --git a/conf/plugins/tpm.conf b/conf/plugins/tpm.conf
index 222bb7b0a..1be961e89 100644
--- a/conf/plugins/tpm.conf
+++ b/conf/plugins/tpm.conf
@@ -7,5 +7,19 @@ tpm {
     # Whether the TPM should be used as RNG.
     # use_rng = no
 
+    tcti {
+
+        # Name of TPM 2.0 TCTI library. Valid values: tabrmd, device or mssim.
+        # Defaults are device if the /dev/tpmrm0 in-kernel TPM 2.0 resource
+        # manager device exists, and tabrmd otherwise, requiring the d-bus based
+        # TPM 2.0 access broker and resource manager to be available.
+        # name = device|tabrmd
+
+        # Options for the TPM 2.0 TCTI library. Defaults are /dev/tpmrm0 if the
+        # TCTI library name is device and no options otherwise.
+        # opts = /dev/tpmrm0|<none>
+
+    }
+
 }
 
diff --git a/conf/plugins/tpm.opt b/conf/plugins/tpm.opt
index cd666dde8..df7adb098 100644
--- a/conf/plugins/tpm.opt
+++ b/conf/plugins/tpm.opt
@@ -1,2 +1,12 @@
 charon.plugins.tpm.use_rng = no
 	Whether the TPM should be used as RNG.
+
+charon.plugins.tpm.tcti.name = device|tabrmd
+	Name of TPM 2.0 TCTI library. Valid values: _tabrmd_, _device_ or _mssim_.
+	Defaults are _device_ if the _/dev/tpmrm0_ in-kernel TPM 2.0 resource manager
+	device exists, and _tabrmd_ otherwise, requiring the d-bus based TPM 2.0
+	access broker and resource manager to be available.
+
+charon.plugins.tpm.tcti.opts = /dev/tpmrm0|<none>
+	Options for the TPM 2.0 TCTI library. Defaults are _/dev/tpmrm0_ if the
+	TCTI library name is _device_ and no options otherwise.
author	Yves-Alexis Perez <corsac@debian.org>	2018-09-24 15:11:14 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2018-09-24 15:11:14 +0200
commit	e0e280b7669435b991b7e457abd8aa450930b3e8 (patch)
tree	3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /conf/plugins
parent	51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff)
download	vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip