diff options
author | Yves-Alexis Perez <corsac@corsac.net> | 2017-09-01 17:21:25 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-09-01 17:21:25 +0200 |
commit | d35f9a428e3443c4478b3ba1b03d7f69ce43436c (patch) | |
tree | c57633158ae938ac37bac0be0564fc9360746999 /conf/strongswan.conf.5.main | |
parent | debb2443d93d74388b2330341a787e5ba420909d (diff) | |
parent | 11d6b62db969bdd808d0f56706cb18f113927a31 (diff) | |
download | vyos-strongswan-d35f9a428e3443c4478b3ba1b03d7f69ce43436c.tar.gz vyos-strongswan-d35f9a428e3443c4478b3ba1b03d7f69ce43436c.zip |
Updated version 5.6.0 from 'upstream/5.6.0'
with Debian dir e138a03837a338ec35cc53a33de19381770a5f0c
Diffstat (limited to 'conf/strongswan.conf.5.main')
-rw-r--r-- | conf/strongswan.conf.5.main | 101 |
1 files changed, 96 insertions, 5 deletions
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main index 4df7ce42d..4f38c9b03 100644 --- a/conf/strongswan.conf.5.main +++ b/conf/strongswan.conf.5.main @@ -519,6 +519,11 @@ Hashing algorithm to fingerprint coupled certificates. Maximum number of coupling entries to create. .TP +.BR charon.plugins.curl.redir " [-1]" +Maximum number of redirects followed by the plugin, set to 0 to disable +following redirects, set to \-1 for no limit. + +.TP .BR charon.plugins.dhcp.force_server_address " [no]" Always use the configured server address. This might be helpful if the DHCP server runs on the same host as strongSwan, and the DHCP daemon does not listen @@ -556,7 +561,15 @@ Socket provided by the duplicheck plugin. .TP .BR charon.plugins.eap-aka.request_identity " [yes]" .TP -.BR charon.plugins.eap-aka-3ggp2.seq_check " []" +.BR charon.plugins.eap-aka-3gpp.seq_check " []" +Enable to activate sequence check of the AKA SQN values in order to trigger +resync cycles. + +.TP +.BR charon.plugins.eap-aka-3gpp2.seq_check " []" +Enable to activate sequence check of the AKA SQN values in order to trigger +resync cycles. + .TP .BR charon.plugins.eap-dynamic.prefer_user " [no]" If enabled the EAP methods proposed in an EAP\-Nak message sent by the peer are @@ -2115,15 +2128,34 @@ Send open listening ports without being prompted. Directory where SWID tags are located. .TP -.BR libimcv.plugins.imc-swid.swid_full " [FALSE]" +.BR libimcv.plugins.imc-swid.swid_full " [no]" Include file information in the XML\-encoded SWID tags. .TP -.BR libimcv.plugins.imc-swid.swid_generator " [/usr/local/bin/swid_generator]" -SWID generator command to be executed. +.BR libimcv.plugins.imc-swid.swid_pretty " [no]" +Generate XML\-encoded SWID tags with pretty indentation. .TP -.BR libimcv.plugins.imc-swid.swid_pretty " [FALSE]" +.BR libimcv.plugins.imc-swima.eid_epoch " [0x11223344]" +Set 32 bit epoch value for event IDs manually if software collector database is +not available. + +.TP +.BR libimcv.plugins.imc-swima.swid_database " []" +URI to software collector database containing event timestamps, software +creation and deletion events and collected software identifiers. If it contains +a password, make sure to adjust the permissions of the config file accordingly. + +.TP +.BR libimcv.plugins.imc-swima.swid_directory " [${prefix}/share]" +Directory where SWID tags are located. + +.TP +.BR libimcv.plugins.imc-swima.swid_full " [no]" +Include file information in the XML\-encoded SWID tags. + +.TP +.BR libimcv.plugins.imc-swima.swid_pretty " [no]" Generate XML\-encoded SWID tags with pretty indentation. .TP @@ -2183,6 +2215,14 @@ Timeout of SWID REST API HTTP POST transaction. HTTP URI of the SWID REST API. .TP +.BR libimcv.plugins.imv-swima.rest_api.timeout " [120]" +Timeout of SWID REST API HTTP POST transaction. + +.TP +.BR libimcv.plugins.imv-swima.rest_api.uri " []" +HTTP URI of the SWID REST API. + +.TP .BR libimcv.plugins.imv-test.rounds " [0]" Number of IMC\-IMV retry rounds. @@ -2193,6 +2233,18 @@ Disable output to stderr with a stand\-alone library. .TP +.BR libimcv.swid_gen.command " [/usr/local/bin/swid_generator]" +SWID generator command to be executed. + +.TP +.BR libimcv.swid_gen.tag_creator.name " [strongSwan Project]" +Name of the tagCreator entity. + +.TP +.BR libimcv.swid_gen.tag_creator.regid " [strongswan.org]" +regid of the tagCreator entity. + +.TP .BR manager.database " []" Credential database URI for manager. If it contains a password, make sure to adjust the permissions of the config file accordingly. @@ -2291,6 +2343,45 @@ Location of the ipsec.conf file Disable charon plugin load option warning. .TP +.B sw-collector +.br +Options for the sw\-collector tool. + +.TP +.BR sw-collector.database " []" +URI to software collector database containing event timestamps, software +creation and deletion events and collected software identifiers. If it contains +a password, make sure to adjust the permissions of the config file accordingly. + +.TP +.BR sw-collector.first_file " [/var/log/bootstrap.log]" +Path pointing to file created when the Linux OS was installed. + +.TP +.BR sw-collector.first_time " [0000-00-00T00:00:00Z]" +Time in UTC when the Linux OS was installed. + +.TP +.BR sw-collector.history " []" +Path pointing to apt history.log file. + +.TP +.BR sw-collector.load " []" +Plugins to load in sw\-collector tool. + +.TP +.BR sw-collector.rest_api.timeout " [120]" +Timeout of REST API HTTP POST transaction. + +.TP +.BR sw-collector.rest_api.uri " []" +HTTP URI of the central collector's REST API. + +.TP .BR swanctl.load " []" Plugins to load in swanctl. +.TP +.BR swanctl.socket " [unix://${piddir}/charon.vici]" +VICI socket to connect to by default. + |