diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2018-09-24 15:11:14 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2018-09-24 15:11:14 +0200 |
commit | e0e280b7669435b991b7e457abd8aa450930b3e8 (patch) | |
tree | 3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /conf/plugins | |
parent | 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff) | |
download | vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip |
New upstream version 5.7.0
Diffstat (limited to 'conf/plugins')
-rw-r--r-- | conf/plugins/dhcp.conf | 4 | ||||
-rw-r--r-- | conf/plugins/dhcp.opt | 15 | ||||
-rw-r--r-- | conf/plugins/eap-radius.conf | 4 | ||||
-rw-r--r-- | conf/plugins/eap-radius.opt | 4 | ||||
-rw-r--r-- | conf/plugins/imc-swid.conf | 8 | ||||
-rw-r--r-- | conf/plugins/imc-swid.opt | 8 | ||||
-rw-r--r-- | conf/plugins/imc-swima.opt | 3 | ||||
-rw-r--r-- | conf/plugins/imv-swid.conf | 8 | ||||
-rw-r--r-- | conf/plugins/imv-swid.opt | 5 | ||||
-rw-r--r-- | conf/plugins/tpm.conf | 14 | ||||
-rw-r--r-- | conf/plugins/tpm.opt | 10 |
11 files changed, 54 insertions, 29 deletions
diff --git a/conf/plugins/dhcp.conf b/conf/plugins/dhcp.conf index 88bbe36e3..c880cfa59 100644 --- a/conf/plugins/dhcp.conf +++ b/conf/plugins/dhcp.conf @@ -17,5 +17,9 @@ dhcp { # DHCP server unicast or broadcast IP address. # server = 255.255.255.255 + # Use the DHCP server port (67) as source port when a unicast server address + # is configured. + # use_server_port = no + } diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt index 6b337bc34..7c6d31c87 100644 --- a/conf/plugins/dhcp.opt +++ b/conf/plugins/dhcp.opt @@ -15,6 +15,21 @@ charon.plugins.dhcp.identity_lease = no charon.plugins.dhcp.server = 255.255.255.255 DHCP server unicast or broadcast IP address. +charon.plugins.dhcp.use_server_port = no + Use the DHCP server port (67) as source port when a unicast server address + is configured. + + Use the DHCP server port (67) as source port, instead of the DHCP client + port (68), when a unicast server address is configured and the plugin acts + as relay agent. When replying in this mode the DHCP server will always send + packets to the DHCP server port and if no process binds that port an ICMP + port unreachables will be sent back, which might be problematic for some + DHCP servers. To avoid that, enabling this option will cause the plugin to + bind the DHCP server port to send its requests when acting as relay agent. + This is not necessary if a DHCP server is already running on the same host + and might even cause conflicts (and since the server port is already bound, + ICMPs should not be an issue). + charon.plugins.dhcp.interface Interface name the plugin uses for address allocation. diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf index 5a486114e..24f2eaacd 100644 --- a/conf/plugins/eap-radius.conf +++ b/conf/plugins/eap-radius.conf @@ -66,6 +66,10 @@ eap-radius { # Number of sockets (ports) to use, increase for high load. # sockets = 1 + # Whether to include the UDP port in the Called- and Calling-Station-Id + # RADIUS attributes. + # station_id_with_port = yes + dae { # Enables support for the Dynamic Authorization Extension (RFC 5176). diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt index f18a74c49..192996c73 100644 --- a/conf/plugins/eap-radius.opt +++ b/conf/plugins/eap-radius.opt @@ -108,6 +108,10 @@ charon.plugins.eap-radius.servers {} charon.plugins.eap-radius.sockets = 1 Number of sockets (ports) to use, increase for high load. +charon.plugins.eap-radius.station_id_with_port = yes + Whether to include the UDP port in the Called- and Calling-Station-Id + RADIUS attributes. + charon.plugins.eap-radius.xauth {} Section to configure multiple XAuth authentication rounds via RADIUS. diff --git a/conf/plugins/imc-swid.conf b/conf/plugins/imc-swid.conf deleted file mode 100644 index 4893703ad..000000000 --- a/conf/plugins/imc-swid.conf +++ /dev/null @@ -1,8 +0,0 @@ -imc-swid { - - # Whether to load the plugin. Can also be an integer to increase the - # priority of this plugin. - load = yes - -} - diff --git a/conf/plugins/imc-swid.opt b/conf/plugins/imc-swid.opt deleted file mode 100644 index e622aa683..000000000 --- a/conf/plugins/imc-swid.opt +++ /dev/null @@ -1,8 +0,0 @@ -libimcv.plugins.imc-swid.swid_directory = ${prefix}/share - Directory where SWID tags are located. - -libimcv.plugins.imc-swid.swid_pretty = no - Generate XML-encoded SWID tags with pretty indentation. - -libimcv.plugins.imc-swid.swid_full = no - Include file information in the XML-encoded SWID tags. diff --git a/conf/plugins/imc-swima.opt b/conf/plugins/imc-swima.opt index 099a3c80f..daa4ecadd 100644 --- a/conf/plugins/imc-swima.opt +++ b/conf/plugins/imc-swima.opt @@ -19,3 +19,6 @@ libimcv.plugins.imc-swima.swid_pretty = no libimcv.plugins.imc-swima.swid_full = no Include file information in the XML-encoded SWID tags. + +libimcv.plugins.imc-swima.subscriptions = no + Accept SW Inventory or SW Events subscriptions. diff --git a/conf/plugins/imv-swid.conf b/conf/plugins/imv-swid.conf deleted file mode 100644 index bfd49bd1c..000000000 --- a/conf/plugins/imv-swid.conf +++ /dev/null @@ -1,8 +0,0 @@ -imv-swid { - - # Whether to load the plugin. Can also be an integer to increase the - # priority of this plugin. - load = yes - -} - diff --git a/conf/plugins/imv-swid.opt b/conf/plugins/imv-swid.opt deleted file mode 100644 index d451c78ce..000000000 --- a/conf/plugins/imv-swid.opt +++ /dev/null @@ -1,5 +0,0 @@ -libimcv.plugins.imv-swid.rest_api_uri = - HTTP URI of the SWID REST API. - -libimcv.plugins.imv-swid.rest_api_timeout = 120 - Timeout of SWID REST API HTTP POST transaction. diff --git a/conf/plugins/tpm.conf b/conf/plugins/tpm.conf index 222bb7b0a..1be961e89 100644 --- a/conf/plugins/tpm.conf +++ b/conf/plugins/tpm.conf @@ -7,5 +7,19 @@ tpm { # Whether the TPM should be used as RNG. # use_rng = no + tcti { + + # Name of TPM 2.0 TCTI library. Valid values: tabrmd, device or mssim. + # Defaults are device if the /dev/tpmrm0 in-kernel TPM 2.0 resource + # manager device exists, and tabrmd otherwise, requiring the d-bus based + # TPM 2.0 access broker and resource manager to be available. + # name = device|tabrmd + + # Options for the TPM 2.0 TCTI library. Defaults are /dev/tpmrm0 if the + # TCTI library name is device and no options otherwise. + # opts = /dev/tpmrm0|<none> + + } + } diff --git a/conf/plugins/tpm.opt b/conf/plugins/tpm.opt index cd666dde8..df7adb098 100644 --- a/conf/plugins/tpm.opt +++ b/conf/plugins/tpm.opt @@ -1,2 +1,12 @@ charon.plugins.tpm.use_rng = no Whether the TPM should be used as RNG. + +charon.plugins.tpm.tcti.name = device|tabrmd + Name of TPM 2.0 TCTI library. Valid values: _tabrmd_, _device_ or _mssim_. + Defaults are _device_ if the _/dev/tpmrm0_ in-kernel TPM 2.0 resource manager + device exists, and _tabrmd_ otherwise, requiring the d-bus based TPM 2.0 + access broker and resource manager to be available. + +charon.plugins.tpm.tcti.opts = /dev/tpmrm0|<none> + Options for the TPM 2.0 TCTI library. Defaults are _/dev/tpmrm0_ if the + TCTI library name is _device_ and no options otherwise. |