summaryrefslogtreecommitdiff
path: root/conf/strongswan.conf.5.main
diff options
context:
space:
mode:
Diffstat (limited to 'conf/strongswan.conf.5.main')
-rw-r--r--conf/strongswan.conf.5.main95
1 files changed, 65 insertions, 30 deletions
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index f83211805..486ee5af9 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -85,7 +85,7 @@ Buffer size used for crypto benchmark.
.TP
.BR charon.crypto_test.bench_time " [50]"
-Number of iterations to test each algorithm.
+Time in ms during which crypto algorithm performance is measured.
.TP
.BR charon.crypto_test.on_add " [no]"
@@ -155,41 +155,49 @@ Section to define file loggers, see LOGGER CONFIGURATION in
.TP
-.B charon.filelog.<filename>
+.B charon.filelog.<name>
.br
-<filename> is the full path to the log file.
+<name> may be the full path to the log file if it only contains characters
+permitted in section names. Is ignored if
+.RI "" "path" ""
+is specified.
.TP
-.BR charon.filelog.<filename>.<subsystem> " [<default>]"
+.BR charon.filelog.<name>.<subsystem> " [<default>]"
Loglevel for a specific subsystem.
.TP
-.BR charon.filelog.<filename>.append " [yes]"
+.BR charon.filelog.<name>.append " [yes]"
If this option is enabled log entries are appended to the existing file.
.TP
-.BR charon.filelog.<filename>.default " [1]"
+.BR charon.filelog.<name>.default " [1]"
Specifies the default loglevel to be used for subsystems for which no specific
loglevel is defined.
.TP
-.BR charon.filelog.<filename>.flush_line " [no]"
+.BR charon.filelog.<name>.flush_line " [no]"
Enabling this option disables block buffering and enables line buffering.
.TP
-.BR charon.filelog.<filename>.ike_name " [no]"
+.BR charon.filelog.<name>.ike_name " [no]"
Prefix each log entry with the connection name and a unique numerical identifier
for each IKE_SA.
.TP
-.BR charon.filelog.<filename>.time_add_ms " [no]"
+.BR charon.filelog.<name>.path " []"
+Optional path to the log file. Overrides the section name. Must be used if the
+path contains characters that aren't allowed in section names.
+
+.TP
+.BR charon.filelog.<name>.time_add_ms " [no]"
Adds the milliseconds within the current second after the timestamp (separated
by a dot, so
.RI "" "time_format" ""
should end with %S or %T).
.TP
-.BR charon.filelog.<filename>.time_format " []"
+.BR charon.filelog.<name>.time_format " []"
Prefix each log entry with a timestamp. The option accepts a format string as
passed to
.RB "" "strftime" "(3)."
@@ -556,6 +564,18 @@ DHCP server.
DHCP server unicast or broadcast IP address.
.TP
+.BR charon.plugins.dhcp.use_server_port " [no]"
+Use the DHCP server port (67) as source port, instead of the DHCP client port
+(68), when a unicast server address is configured and the plugin acts as relay
+agent. When replying in this mode the DHCP server will always send packets to
+the DHCP server port and if no process binds that port an ICMP port unreachables
+will be sent back, which might be problematic for some DHCP servers. To avoid
+that, enabling this option will cause the plugin to bind the DHCP server port to
+send its requests when acting as relay agent. This is not necessary if a DHCP
+server is already running on the same host and might even cause conflicts (and
+since the server port is already bound, ICMPs should not be an issue).
+
+.TP
.BR charon.plugins.dnscert.enable " [no]"
Enable fetching of CERT RRs via DNS.
@@ -778,6 +798,11 @@ and
Number of sockets (ports) to use, increase for high load.
.TP
+.BR charon.plugins.eap-radius.station_id_with_port " [yes]"
+Whether to include the UDP port in the Called\- and Calling\-Station\-Id RADIUS
+attributes.
+
+.TP
.B charon.plugins.eap-radius.xauth
.br
Section to configure multiple XAuth authentication rounds via RADIUS. The
@@ -1660,6 +1685,32 @@ Send an unsupported PB\-TNC message type with the NOSKIP flag set.
Send a PB\-TNC batch with a modified PB\-TNC version.
.TP
+.BR charon.plugins.tpm.tcti.name " [device|tabrmd]"
+Name of TPM 2.0 TCTI library. Valid values:
+.RI "" "tabrmd" ","
+.RI "" "device" ""
+or
+.RI "" "mssim" "."
+Defaults are
+.RI "" "device" ""
+if the
+.RI "" "/dev/tpmrm0" ""
+in\-kernel TPM 2.0 resource manager
+device exists, and
+.RI "" "tabrmd" ""
+otherwise, requiring the d\-bus based TPM 2.0 access
+broker and resource manager to be available.
+
+.TP
+.BR charon.plugins.tpm.tcti.opts " [/dev/tpmrm0|<none>]"
+Options for the TPM 2.0 TCTI library. Defaults are
+.RI "" "/dev/tpmrm0" ""
+if the TCTI
+library name is
+.RI "" "device" ""
+and no options otherwise.
+
+.TP
.BR charon.plugins.tpm.use_rng " [no]"
Whether the TPM should be used as RNG.
@@ -2191,23 +2242,15 @@ Send operating system info without being prompted.
Send open listening ports without being prompted.
.TP
-.BR libimcv.plugins.imc-swid.swid_directory " [${prefix}/share]"
-Directory where SWID tags are located.
-
-.TP
-.BR libimcv.plugins.imc-swid.swid_full " [no]"
-Include file information in the XML\-encoded SWID tags.
-
-.TP
-.BR libimcv.plugins.imc-swid.swid_pretty " [no]"
-Generate XML\-encoded SWID tags with pretty indentation.
-
-.TP
.BR libimcv.plugins.imc-swima.eid_epoch " [0x11223344]"
Set 32 bit epoch value for event IDs manually if software collector database is
not available.
.TP
+.BR libimcv.plugins.imc-swima.subscriptions " [no]"
+Accept SW Inventory or SW Events subscriptions.
+
+.TP
.BR libimcv.plugins.imc-swima.swid_database " []"
URI to software collector database containing event timestamps, software
creation and deletion events and collected software identifiers. If it contains
@@ -2274,14 +2317,6 @@ URI pointing to operating system remediation instructions.
URI pointing to scanner remediation instructions.
.TP
-.BR libimcv.plugins.imv-swid.rest_api_timeout " [120]"
-Timeout of SWID REST API HTTP POST transaction.
-
-.TP
-.BR libimcv.plugins.imv-swid.rest_api_uri " []"
-HTTP URI of the SWID REST API.
-
-.TP
.BR libimcv.plugins.imv-swima.rest_api.timeout " [120]"
Timeout of SWID REST API HTTP POST transaction.