summaryrefslogtreecommitdiff
path: root/conf
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
committerYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
commite1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch)
treeae0c8b5f4cd8289d0797882ea18969f33ea59a1e /conf
parent11d6b62db969bdd808d0f56706cb18f113927a31 (diff)
downloadvyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz
vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip
New upstream version 5.6.1
Diffstat (limited to 'conf')
-rw-r--r--conf/Makefile.am2
-rw-r--r--conf/Makefile.in4
-rw-r--r--conf/options/charon.conf3
-rw-r--r--conf/options/charon.opt3
-rw-r--r--conf/options/pacman.conf12
-rw-r--r--conf/options/pacman.opt7
-rw-r--r--conf/options/sec-updater.conf42
-rw-r--r--conf/options/sec-updater.opt29
-rw-r--r--conf/plugins/eap-radius.conf4
-rw-r--r--conf/plugins/eap-radius.opt4
-rw-r--r--conf/plugins/systime-fix.conf4
-rw-r--r--conf/plugins/systime-fix.opt4
-rw-r--r--conf/strongswan.conf.5.main62
13 files changed, 149 insertions, 31 deletions
diff --git a/conf/Makefile.am b/conf/Makefile.am
index 87319db22..38181db2c 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -18,13 +18,13 @@ options = \
options/imv_policy_manager.opt \
options/manager.opt \
options/medsrv.opt \
- options/pacman.opt \
options/pki.opt \
options/pool.opt \
options/scepclient.opt \
options/starter.opt \
options/swanctl.opt \
options/tnc.opt \
+ options/sec-updater.opt \
options/sw-collector.opt
plugins = \
diff --git a/conf/Makefile.in b/conf/Makefile.in
index b403c727d..c2cb213f7 100644
--- a/conf/Makefile.in
+++ b/conf/Makefile.in
@@ -199,9 +199,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -422,13 +424,13 @@ options = \
options/imv_policy_manager.opt \
options/manager.opt \
options/medsrv.opt \
- options/pacman.opt \
options/pki.opt \
options/pool.opt \
options/scepclient.opt \
options/starter.opt \
options/swanctl.opt \
options/tnc.opt \
+ options/sec-updater.opt \
options/sw-collector.opt
plugins = \
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index f0d084bed..cef9fe36c 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -230,6 +230,9 @@ charon {
# Priority of the routing table.
# routing_table_prio =
+ # Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
+ # rsa_pss = no
+
# Delay in ms for sending packets, to simulate larger RTT.
# send_delay = 0
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 900b9b46b..161ebb724 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -341,6 +341,9 @@ charon.routing_table
charon.routing_table_prio
Priority of the routing table.
+charon.rsa_pss = no
+ Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
+
charon.send_delay = 0
Delay in ms for sending packets, to simulate larger RTT.
diff --git a/conf/options/pacman.conf b/conf/options/pacman.conf
deleted file mode 100644
index 730e5435c..000000000
--- a/conf/options/pacman.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-pacman {
-
- # Database URI for the database that stores the package information. If it
- # contains a password, make sure to adjust the permissions of the config
- # file accordingly.
- # database =
-
- # Plugins to load in package manager.
- # load =
-
-}
-
diff --git a/conf/options/pacman.opt b/conf/options/pacman.opt
deleted file mode 100644
index dfb4ba2b1..000000000
--- a/conf/options/pacman.opt
+++ /dev/null
@@ -1,7 +0,0 @@
-pacman.database =
- Database URI for the database that stores the package information. If it
- contains a password, make sure to adjust the permissions of the config file
- accordingly.
-
-pacman.load =
- Plugins to load in package manager.
diff --git a/conf/options/sec-updater.conf b/conf/options/sec-updater.conf
new file mode 100644
index 000000000..081476a50
--- /dev/null
+++ b/conf/options/sec-updater.conf
@@ -0,0 +1,42 @@
+# Options for the sec-updater tool.
+sec-updater {
+
+ # Global IMV policy database URI. If it contains a password, make sure to
+ # adjust the permissions of the config file accordingly.
+ # database =
+
+ # Plugins to load in sec-updater tool.
+ # load =
+
+ # strongTNC manage.py command used to import SWID tags.
+ # tnc_manage_command = /var/www/tnc/manage.py
+
+ swid_gen {
+
+ # SWID generator command to be executed.
+ # command = /usr/local/bin/swid_generator
+
+ tag_creator {
+
+ # Name of the tagCreator entity.
+ # name = strongSwan Project
+
+ # regid of the tagCreator entity.
+ # regid = strongswan.org
+
+ }
+
+ }
+
+ tmp {
+
+ # Temporary storage for downloaded deb package file.
+ # deb_file = /tmp/sec-updater.deb
+
+ # Temporary storage for generated SWID tags.
+ # tag_file = /tmp/sec-updater.tag
+
+ }
+
+}
+
diff --git a/conf/options/sec-updater.opt b/conf/options/sec-updater.opt
new file mode 100644
index 000000000..f6669250e
--- /dev/null
+++ b/conf/options/sec-updater.opt
@@ -0,0 +1,29 @@
+sec-updater {}
+ Options for the sec-updater tool.
+
+ Options for the sec-updater tool.
+
+sec-updater.database =
+ Global IMV policy database URI. If it contains a password, make sure to
+ adjust the permissions of the config file accordingly.
+
+sec-updater.swid_gen.command = /usr/local/bin/swid_generator
+ SWID generator command to be executed.
+
+sec-updater.swid_gen.tag_creator.name = strongSwan Project
+ Name of the tagCreator entity.
+
+sec-updater.swid_gen.tag_creator.regid = strongswan.org
+ regid of the tagCreator entity.
+
+sec-updater.tnc_manage_command = /var/www/tnc/manage.py
+ strongTNC manage.py command used to import SWID tags.
+
+sec-updater.tmp.deb_file = /tmp/sec-updater.deb
+ Temporary storage for downloaded deb package file.
+
+sec-updater.tmp.tag_file = /tmp/sec-updater.tag
+ Temporary storage for generated SWID tags.
+
+sec-updater.load =
+ Plugins to load in sec-updater tool.
diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf
index 8858f3fc5..5a486114e 100644
--- a/conf/plugins/eap-radius.conf
+++ b/conf/plugins/eap-radius.conf
@@ -15,6 +15,10 @@ eap-radius {
# virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
# accounting_requires_vip = no
+ # If enabled, adds the Class attributes received in Access-Accept message to
+ # the RADIUS accounting messages.
+ # accounting_send_class = no
+
# Use class attributes in Access-Accept messages as group membership
# information.
# class_group = no
diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
index c3668ec06..f18a74c49 100644
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@@ -13,6 +13,10 @@ charon.plugins.eap-radius.accounting_requires_vip = no
If enabled, accounting is disabled unless an IKE_SA has at least one
virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
+charon.plugins.eap-radius.accounting_send_class = no
+ If enabled, adds the Class attributes received in Access-Accept message to
+ the RADIUS accounting messages.
+
charon.plugins.eap-radius.class_group = no
Use class attributes in Access-Accept messages as group membership
information.
diff --git a/conf/plugins/systime-fix.conf b/conf/plugins/systime-fix.conf
index f5cd4cd5d..1d9a6983a 100644
--- a/conf/plugins/systime-fix.conf
+++ b/conf/plugins/systime-fix.conf
@@ -18,5 +18,9 @@ systime-fix {
# strptime(3) format used to parse threshold option.
# threshold_format = %Y
+ # How long to wait for a valid system time if an interval is configured. 0
+ # to recheck indefinitely.
+ # timeout = 0s
+
}
diff --git a/conf/plugins/systime-fix.opt b/conf/plugins/systime-fix.opt
index 7abd03627..714981a52 100644
--- a/conf/plugins/systime-fix.opt
+++ b/conf/plugins/systime-fix.opt
@@ -10,3 +10,7 @@ charon.plugins.systime-fix.threshold =
charon.plugins.systime-fix.threshold_format = %Y
**strptime**(3) format used to parse threshold option.
+
+charon.plugins.systime-fix.timeout = 0s
+ How long to wait for a valid system time if an interval is configured. 0 to
+ recheck indefinitely.
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index 4f38c9b03..b54f3e492 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -632,6 +632,11 @@ If enabled, accounting is disabled unless an IKE_SA has at least one virtual IP.
Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
.TP
+.BR charon.plugins.eap-radius.accounting_send_class " [no]"
+If enabled, adds the Class attributes received in Access\-Accept message to the
+RADIUS accounting messages.
+
+.TP
.BR charon.plugins.eap-radius.class_group " [no]"
Use the
.RI "" "class" ""
@@ -1495,6 +1500,11 @@ Threshold date where system time is considered valid. Disabled if not specified.
format used to parse threshold option.
.TP
+.BR charon.plugins.systime-fix.timeout " [0s]"
+How long to wait for a valid system time if an interval is configured. 0 to
+recheck indefinitely.
+
+.TP
.BR charon.plugins.tnc-ifmap.client_cert " []"
Path to X.509 certificate file of IF\-MAP client.
@@ -1763,6 +1773,10 @@ Numerical routing table to install routes to.
Priority of the routing table.
.TP
+.BR charon.rsa_pss " [no]"
+Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
+
+.TP
.BR charon.send_delay " [0]"
Delay in ms for sending packets, to simulate larger RTT.
@@ -2307,16 +2321,6 @@ Number of thread for mediation service web application.
Session timeout for mediation service.
.TP
-.BR pacman.database " []"
-Database URI for the database that stores the package information. If it
-contains a password, make sure to adjust the permissions of the config file
-accordingly.
-
-.TP
-.BR pacman.load " []"
-Plugins to load in package manager.
-
-.TP
.BR pki.load " []"
Plugins to load in ipsec pki tool.
@@ -2335,6 +2339,44 @@ Plugins to load in ipsec pool tool.
Plugins to load in ipsec scepclient tool.
.TP
+.B sec-updater
+.br
+Options for the sec\-updater tool.
+
+.TP
+.BR sec-updater.database " []"
+Global IMV policy database URI. If it contains a password, make sure to adjust
+the permissions of the config file accordingly.
+
+.TP
+.BR sec-updater.load " []"
+Plugins to load in sec\-updater tool.
+
+.TP
+.BR sec-updater.swid_gen.command " [/usr/local/bin/swid_generator]"
+SWID generator command to be executed.
+
+.TP
+.BR sec-updater.swid_gen.tag_creator.name " [strongSwan Project]"
+Name of the tagCreator entity.
+
+.TP
+.BR sec-updater.swid_gen.tag_creator.regid " [strongswan.org]"
+regid of the tagCreator entity.
+
+.TP
+.BR sec-updater.tmp.deb_file " [/tmp/sec-updater.deb]"
+Temporary storage for downloaded deb package file.
+
+.TP
+.BR sec-updater.tmp.tag_file " [/tmp/sec-updater.tag]"
+Temporary storage for generated SWID tags.
+
+.TP
+.BR sec-updater.tnc_manage_command " [/var/www/tnc/manage.py]"
+strongTNC manage.py command used to import SWID tags.
+
+.TP
.BR starter.config_file " [${sysconfdir}/ipsec.conf]"
Location of the ipsec.conf file