diff options
author | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
commit | e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch) | |
tree | ae0c8b5f4cd8289d0797882ea18969f33ea59a1e /conf | |
parent | 11d6b62db969bdd808d0f56706cb18f113927a31 (diff) | |
download | vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip |
New upstream version 5.6.1
Diffstat (limited to 'conf')
-rw-r--r-- | conf/Makefile.am | 2 | ||||
-rw-r--r-- | conf/Makefile.in | 4 | ||||
-rw-r--r-- | conf/options/charon.conf | 3 | ||||
-rw-r--r-- | conf/options/charon.opt | 3 | ||||
-rw-r--r-- | conf/options/pacman.conf | 12 | ||||
-rw-r--r-- | conf/options/pacman.opt | 7 | ||||
-rw-r--r-- | conf/options/sec-updater.conf | 42 | ||||
-rw-r--r-- | conf/options/sec-updater.opt | 29 | ||||
-rw-r--r-- | conf/plugins/eap-radius.conf | 4 | ||||
-rw-r--r-- | conf/plugins/eap-radius.opt | 4 | ||||
-rw-r--r-- | conf/plugins/systime-fix.conf | 4 | ||||
-rw-r--r-- | conf/plugins/systime-fix.opt | 4 | ||||
-rw-r--r-- | conf/strongswan.conf.5.main | 62 |
13 files changed, 149 insertions, 31 deletions
diff --git a/conf/Makefile.am b/conf/Makefile.am index 87319db22..38181db2c 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -18,13 +18,13 @@ options = \ options/imv_policy_manager.opt \ options/manager.opt \ options/medsrv.opt \ - options/pacman.opt \ options/pki.opt \ options/pool.opt \ options/scepclient.opt \ options/starter.opt \ options/swanctl.opt \ options/tnc.opt \ + options/sec-updater.opt \ options/sw-collector.opt plugins = \ diff --git a/conf/Makefile.in b/conf/Makefile.in index b403c727d..c2cb213f7 100644 --- a/conf/Makefile.in +++ b/conf/Makefile.in @@ -199,9 +199,11 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ GEM = @GEM@ GENHTML = @GENHTML@ GPERF = @GPERF@ +GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ @@ -422,13 +424,13 @@ options = \ options/imv_policy_manager.opt \ options/manager.opt \ options/medsrv.opt \ - options/pacman.opt \ options/pki.opt \ options/pool.opt \ options/scepclient.opt \ options/starter.opt \ options/swanctl.opt \ options/tnc.opt \ + options/sec-updater.opt \ options/sw-collector.opt plugins = \ diff --git a/conf/options/charon.conf b/conf/options/charon.conf index f0d084bed..cef9fe36c 100644 --- a/conf/options/charon.conf +++ b/conf/options/charon.conf @@ -230,6 +230,9 @@ charon { # Priority of the routing table. # routing_table_prio = + # Whether to use RSA with PSS padding instead of PKCS#1 padding by default. + # rsa_pss = no + # Delay in ms for sending packets, to simulate larger RTT. # send_delay = 0 diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 900b9b46b..161ebb724 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -341,6 +341,9 @@ charon.routing_table charon.routing_table_prio Priority of the routing table. +charon.rsa_pss = no + Whether to use RSA with PSS padding instead of PKCS#1 padding by default. + charon.send_delay = 0 Delay in ms for sending packets, to simulate larger RTT. diff --git a/conf/options/pacman.conf b/conf/options/pacman.conf deleted file mode 100644 index 730e5435c..000000000 --- a/conf/options/pacman.conf +++ /dev/null @@ -1,12 +0,0 @@ -pacman { - - # Database URI for the database that stores the package information. If it - # contains a password, make sure to adjust the permissions of the config - # file accordingly. - # database = - - # Plugins to load in package manager. - # load = - -} - diff --git a/conf/options/pacman.opt b/conf/options/pacman.opt deleted file mode 100644 index dfb4ba2b1..000000000 --- a/conf/options/pacman.opt +++ /dev/null @@ -1,7 +0,0 @@ -pacman.database = - Database URI for the database that stores the package information. If it - contains a password, make sure to adjust the permissions of the config file - accordingly. - -pacman.load = - Plugins to load in package manager. diff --git a/conf/options/sec-updater.conf b/conf/options/sec-updater.conf new file mode 100644 index 000000000..081476a50 --- /dev/null +++ b/conf/options/sec-updater.conf @@ -0,0 +1,42 @@ +# Options for the sec-updater tool. +sec-updater { + + # Global IMV policy database URI. If it contains a password, make sure to + # adjust the permissions of the config file accordingly. + # database = + + # Plugins to load in sec-updater tool. + # load = + + # strongTNC manage.py command used to import SWID tags. + # tnc_manage_command = /var/www/tnc/manage.py + + swid_gen { + + # SWID generator command to be executed. + # command = /usr/local/bin/swid_generator + + tag_creator { + + # Name of the tagCreator entity. + # name = strongSwan Project + + # regid of the tagCreator entity. + # regid = strongswan.org + + } + + } + + tmp { + + # Temporary storage for downloaded deb package file. + # deb_file = /tmp/sec-updater.deb + + # Temporary storage for generated SWID tags. + # tag_file = /tmp/sec-updater.tag + + } + +} + diff --git a/conf/options/sec-updater.opt b/conf/options/sec-updater.opt new file mode 100644 index 000000000..f6669250e --- /dev/null +++ b/conf/options/sec-updater.opt @@ -0,0 +1,29 @@ +sec-updater {} + Options for the sec-updater tool. + + Options for the sec-updater tool. + +sec-updater.database = + Global IMV policy database URI. If it contains a password, make sure to + adjust the permissions of the config file accordingly. + +sec-updater.swid_gen.command = /usr/local/bin/swid_generator + SWID generator command to be executed. + +sec-updater.swid_gen.tag_creator.name = strongSwan Project + Name of the tagCreator entity. + +sec-updater.swid_gen.tag_creator.regid = strongswan.org + regid of the tagCreator entity. + +sec-updater.tnc_manage_command = /var/www/tnc/manage.py + strongTNC manage.py command used to import SWID tags. + +sec-updater.tmp.deb_file = /tmp/sec-updater.deb + Temporary storage for downloaded deb package file. + +sec-updater.tmp.tag_file = /tmp/sec-updater.tag + Temporary storage for generated SWID tags. + +sec-updater.load = + Plugins to load in sec-updater tool. diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf index 8858f3fc5..5a486114e 100644 --- a/conf/plugins/eap-radius.conf +++ b/conf/plugins/eap-radius.conf @@ -15,6 +15,10 @@ eap-radius { # virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary. # accounting_requires_vip = no + # If enabled, adds the Class attributes received in Access-Accept message to + # the RADIUS accounting messages. + # accounting_send_class = no + # Use class attributes in Access-Accept messages as group membership # information. # class_group = no diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt index c3668ec06..f18a74c49 100644 --- a/conf/plugins/eap-radius.opt +++ b/conf/plugins/eap-radius.opt @@ -13,6 +13,10 @@ charon.plugins.eap-radius.accounting_requires_vip = no If enabled, accounting is disabled unless an IKE_SA has at least one virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary. +charon.plugins.eap-radius.accounting_send_class = no + If enabled, adds the Class attributes received in Access-Accept message to + the RADIUS accounting messages. + charon.plugins.eap-radius.class_group = no Use class attributes in Access-Accept messages as group membership information. diff --git a/conf/plugins/systime-fix.conf b/conf/plugins/systime-fix.conf index f5cd4cd5d..1d9a6983a 100644 --- a/conf/plugins/systime-fix.conf +++ b/conf/plugins/systime-fix.conf @@ -18,5 +18,9 @@ systime-fix { # strptime(3) format used to parse threshold option. # threshold_format = %Y + # How long to wait for a valid system time if an interval is configured. 0 + # to recheck indefinitely. + # timeout = 0s + } diff --git a/conf/plugins/systime-fix.opt b/conf/plugins/systime-fix.opt index 7abd03627..714981a52 100644 --- a/conf/plugins/systime-fix.opt +++ b/conf/plugins/systime-fix.opt @@ -10,3 +10,7 @@ charon.plugins.systime-fix.threshold = charon.plugins.systime-fix.threshold_format = %Y **strptime**(3) format used to parse threshold option. + +charon.plugins.systime-fix.timeout = 0s + How long to wait for a valid system time if an interval is configured. 0 to + recheck indefinitely. diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main index 4f38c9b03..b54f3e492 100644 --- a/conf/strongswan.conf.5.main +++ b/conf/strongswan.conf.5.main @@ -632,6 +632,11 @@ If enabled, accounting is disabled unless an IKE_SA has at least one virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary. .TP +.BR charon.plugins.eap-radius.accounting_send_class " [no]" +If enabled, adds the Class attributes received in Access\-Accept message to the +RADIUS accounting messages. + +.TP .BR charon.plugins.eap-radius.class_group " [no]" Use the .RI "" "class" "" @@ -1495,6 +1500,11 @@ Threshold date where system time is considered valid. Disabled if not specified. format used to parse threshold option. .TP +.BR charon.plugins.systime-fix.timeout " [0s]" +How long to wait for a valid system time if an interval is configured. 0 to +recheck indefinitely. + +.TP .BR charon.plugins.tnc-ifmap.client_cert " []" Path to X.509 certificate file of IF\-MAP client. @@ -1763,6 +1773,10 @@ Numerical routing table to install routes to. Priority of the routing table. .TP +.BR charon.rsa_pss " [no]" +Whether to use RSA with PSS padding instead of PKCS#1 padding by default. + +.TP .BR charon.send_delay " [0]" Delay in ms for sending packets, to simulate larger RTT. @@ -2307,16 +2321,6 @@ Number of thread for mediation service web application. Session timeout for mediation service. .TP -.BR pacman.database " []" -Database URI for the database that stores the package information. If it -contains a password, make sure to adjust the permissions of the config file -accordingly. - -.TP -.BR pacman.load " []" -Plugins to load in package manager. - -.TP .BR pki.load " []" Plugins to load in ipsec pki tool. @@ -2335,6 +2339,44 @@ Plugins to load in ipsec pool tool. Plugins to load in ipsec scepclient tool. .TP +.B sec-updater +.br +Options for the sec\-updater tool. + +.TP +.BR sec-updater.database " []" +Global IMV policy database URI. If it contains a password, make sure to adjust +the permissions of the config file accordingly. + +.TP +.BR sec-updater.load " []" +Plugins to load in sec\-updater tool. + +.TP +.BR sec-updater.swid_gen.command " [/usr/local/bin/swid_generator]" +SWID generator command to be executed. + +.TP +.BR sec-updater.swid_gen.tag_creator.name " [strongSwan Project]" +Name of the tagCreator entity. + +.TP +.BR sec-updater.swid_gen.tag_creator.regid " [strongswan.org]" +regid of the tagCreator entity. + +.TP +.BR sec-updater.tmp.deb_file " [/tmp/sec-updater.deb]" +Temporary storage for downloaded deb package file. + +.TP +.BR sec-updater.tmp.tag_file " [/tmp/sec-updater.tag]" +Temporary storage for generated SWID tags. + +.TP +.BR sec-updater.tnc_manage_command " [/var/www/tnc/manage.py]" +strongTNC manage.py command used to import SWID tags. + +.TP .BR starter.config_file " [${sysconfdir}/ipsec.conf]" Location of the ipsec.conf file |