diff options
Diffstat (limited to 'conf/strongswan.conf.5.main')
-rw-r--r-- | conf/strongswan.conf.5.main | 95 |
1 files changed, 65 insertions, 30 deletions
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main index f83211805..486ee5af9 100644 --- a/conf/strongswan.conf.5.main +++ b/conf/strongswan.conf.5.main @@ -85,7 +85,7 @@ Buffer size used for crypto benchmark. .TP .BR charon.crypto_test.bench_time " [50]" -Number of iterations to test each algorithm. +Time in ms during which crypto algorithm performance is measured. .TP .BR charon.crypto_test.on_add " [no]" @@ -155,41 +155,49 @@ Section to define file loggers, see LOGGER CONFIGURATION in .TP -.B charon.filelog.<filename> +.B charon.filelog.<name> .br -<filename> is the full path to the log file. +<name> may be the full path to the log file if it only contains characters +permitted in section names. Is ignored if +.RI "" "path" "" +is specified. .TP -.BR charon.filelog.<filename>.<subsystem> " [<default>]" +.BR charon.filelog.<name>.<subsystem> " [<default>]" Loglevel for a specific subsystem. .TP -.BR charon.filelog.<filename>.append " [yes]" +.BR charon.filelog.<name>.append " [yes]" If this option is enabled log entries are appended to the existing file. .TP -.BR charon.filelog.<filename>.default " [1]" +.BR charon.filelog.<name>.default " [1]" Specifies the default loglevel to be used for subsystems for which no specific loglevel is defined. .TP -.BR charon.filelog.<filename>.flush_line " [no]" +.BR charon.filelog.<name>.flush_line " [no]" Enabling this option disables block buffering and enables line buffering. .TP -.BR charon.filelog.<filename>.ike_name " [no]" +.BR charon.filelog.<name>.ike_name " [no]" Prefix each log entry with the connection name and a unique numerical identifier for each IKE_SA. .TP -.BR charon.filelog.<filename>.time_add_ms " [no]" +.BR charon.filelog.<name>.path " []" +Optional path to the log file. Overrides the section name. Must be used if the +path contains characters that aren't allowed in section names. + +.TP +.BR charon.filelog.<name>.time_add_ms " [no]" Adds the milliseconds within the current second after the timestamp (separated by a dot, so .RI "" "time_format" "" should end with %S or %T). .TP -.BR charon.filelog.<filename>.time_format " []" +.BR charon.filelog.<name>.time_format " []" Prefix each log entry with a timestamp. The option accepts a format string as passed to .RB "" "strftime" "(3)." @@ -556,6 +564,18 @@ DHCP server. DHCP server unicast or broadcast IP address. .TP +.BR charon.plugins.dhcp.use_server_port " [no]" +Use the DHCP server port (67) as source port, instead of the DHCP client port +(68), when a unicast server address is configured and the plugin acts as relay +agent. When replying in this mode the DHCP server will always send packets to +the DHCP server port and if no process binds that port an ICMP port unreachables +will be sent back, which might be problematic for some DHCP servers. To avoid +that, enabling this option will cause the plugin to bind the DHCP server port to +send its requests when acting as relay agent. This is not necessary if a DHCP +server is already running on the same host and might even cause conflicts (and +since the server port is already bound, ICMPs should not be an issue). + +.TP .BR charon.plugins.dnscert.enable " [no]" Enable fetching of CERT RRs via DNS. @@ -778,6 +798,11 @@ and Number of sockets (ports) to use, increase for high load. .TP +.BR charon.plugins.eap-radius.station_id_with_port " [yes]" +Whether to include the UDP port in the Called\- and Calling\-Station\-Id RADIUS +attributes. + +.TP .B charon.plugins.eap-radius.xauth .br Section to configure multiple XAuth authentication rounds via RADIUS. The @@ -1660,6 +1685,32 @@ Send an unsupported PB\-TNC message type with the NOSKIP flag set. Send a PB\-TNC batch with a modified PB\-TNC version. .TP +.BR charon.plugins.tpm.tcti.name " [device|tabrmd]" +Name of TPM 2.0 TCTI library. Valid values: +.RI "" "tabrmd" "," +.RI "" "device" "" +or +.RI "" "mssim" "." +Defaults are +.RI "" "device" "" +if the +.RI "" "/dev/tpmrm0" "" +in\-kernel TPM 2.0 resource manager +device exists, and +.RI "" "tabrmd" "" +otherwise, requiring the d\-bus based TPM 2.0 access +broker and resource manager to be available. + +.TP +.BR charon.plugins.tpm.tcti.opts " [/dev/tpmrm0|<none>]" +Options for the TPM 2.0 TCTI library. Defaults are +.RI "" "/dev/tpmrm0" "" +if the TCTI +library name is +.RI "" "device" "" +and no options otherwise. + +.TP .BR charon.plugins.tpm.use_rng " [no]" Whether the TPM should be used as RNG. @@ -2191,23 +2242,15 @@ Send operating system info without being prompted. Send open listening ports without being prompted. .TP -.BR libimcv.plugins.imc-swid.swid_directory " [${prefix}/share]" -Directory where SWID tags are located. - -.TP -.BR libimcv.plugins.imc-swid.swid_full " [no]" -Include file information in the XML\-encoded SWID tags. - -.TP -.BR libimcv.plugins.imc-swid.swid_pretty " [no]" -Generate XML\-encoded SWID tags with pretty indentation. - -.TP .BR libimcv.plugins.imc-swima.eid_epoch " [0x11223344]" Set 32 bit epoch value for event IDs manually if software collector database is not available. .TP +.BR libimcv.plugins.imc-swima.subscriptions " [no]" +Accept SW Inventory or SW Events subscriptions. + +.TP .BR libimcv.plugins.imc-swima.swid_database " []" URI to software collector database containing event timestamps, software creation and deletion events and collected software identifiers. If it contains @@ -2274,14 +2317,6 @@ URI pointing to operating system remediation instructions. URI pointing to scanner remediation instructions. .TP -.BR libimcv.plugins.imv-swid.rest_api_timeout " [120]" -Timeout of SWID REST API HTTP POST transaction. - -.TP -.BR libimcv.plugins.imv-swid.rest_api_uri " []" -HTTP URI of the SWID REST API. - -.TP .BR libimcv.plugins.imv-swima.rest_api.timeout " [120]" Timeout of SWID REST API HTTP POST transaction. |