summaryrefslogtreecommitdiff
path: root/man/strongswan.conf.5
diff options
context:
space:
mode:
Diffstat (limited to 'man/strongswan.conf.5')
-rw-r--r--man/strongswan.conf.547
1 files changed, 44 insertions, 3 deletions
diff --git a/man/strongswan.conf.5 b/man/strongswan.conf.5
index 2e58a87d0..e1e4dbe91 100644
--- a/man/strongswan.conf.5
+++ b/man/strongswan.conf.5
@@ -1,4 +1,4 @@
-.TH STRONGSWAN.CONF 5 "2010-09-09" "4.5.1" "strongSwan"
+.TH STRONGSWAN.CONF 5 "2010-09-09" "4.5.2" "strongSwan"
.SH NAME
strongswan.conf \- strongSwan configuration file
.SH DESCRIPTION
@@ -204,6 +204,9 @@ Delay request messages
.BR charon.receive_delay_type " [0]"
Specific IKEv2 message type to delay, 0 for any
.TP
+.BR charon.replay_window " [32]"
+Size of the AH/ESP replay window, in packets.
+.TP
.BR charon.retransmit_base " [1.8]"
Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
.TP
@@ -257,6 +260,9 @@ Derive user-defined MAC address from hash of IKEv2 identity
.BR charon.plugins.dhcp.server " [255.255.255.255]"
DHCP server unicast or broadcast IP address
.TP
+.BR charon.plugins.duplicheck.enable " [yes]"
+enable loaded duplicheck plugin
+.TP
.BR charon.plugins.eap-aka.request_identity " [yes]"
.TP
@@ -265,6 +271,29 @@ DHCP server unicast or broadcast IP address
.TP
.BR charon.plugins.eap-gtc.pam_service " [login]"
PAM service to be used for authentication
+
+.TP
+.BR charon.plugins.eap-peap.fragment_size " [1024]"
+Maximum size of an EAP-PEAP packet
+.TP
+.BR charon.plugins.eap-peap.max_message_count " [32]"
+Maximum number of processed EAP-PEAP packets
+.TP
+.BR charon.plugins.eap-peap.include_length " [no]"
+Include length in non-fragmented EAP-PEAP packets
+.TP
+.BR charon.plugins.eap-peap.phase2_method " [mschapv2]"
+Phase2 EAP client authentication method
+.TP
+.BR charon.plugins.eap-peap.phase2_piggyback " [no]"
+Phase2 EAP Identity request piggybacked by server onto TLS Finished message
+.TP
+.BR charon.plugins.eap-peap.phase2_tnc " [no]"
+Start phase2 EAP TNC protocol after successful client authentication
+.TP
+.BR charon.plugins.eap-peap.request_peer_auth " [no]"
+Request peer authentication based on a client certificate
+
.TP
.BR charon.plugins.eap-radius.class_group " [no]"
Use the
@@ -284,7 +313,7 @@ If the RADIUS
attribute with value
.B ESP
is received, use the
-.I filter_id
+.I filter_id
attribute sent in the RADIUS-Accept message as group membership information that
is compared to the groups specified in the
.B rightgroups
@@ -339,18 +368,27 @@ Maximum size of an EAP-TLS packet
.BR charon.plugins.eap-tls.max_message_count " [32]"
Maximum number of processed EAP-TLS packets
.TP
+.BR charon.plugins.eap-tls.include_length " [yes]"
+Include length in non-fragmented EAP-TLS packets
+.TP
.BR charon.plugins.eap-tnc.fragment_size " [50000]"
Maximum size of an EAP-TNC packet
.TP
.BR charon.plugins.eap-tnc.max_message_count " [10]"
Maximum number of processed EAP-TNC packets
.TP
+.BR charon.plugins.eap-tnc.include_length " [yes]"
+Include length in non-fragmented EAP-TNC packets
+.TP
.BR charon.plugins.eap-ttls.fragment_size " [1024]"
Maximum size of an EAP-TTLS packet
.TP
.BR charon.plugins.eap-ttls.max_message_count " [32]"
Maximum number of processed EAP-TTLS packets
.TP
+.BR charon.plugins.eap-ttls.include_length " [yes]"
+Include length in non-fragmented EAP-TTLS packets
+.TP
.BR charon.plugins.eap-ttls.phase2_method " [md5]"
Phase2 EAP client authentication method
.TP
@@ -382,7 +420,7 @@ Request peer authentication based on a client certificate
.TP
.BR charon.plugins.ha.remote
-
+
.TP
.BR charon.plugins.ha.resync " [yes]"
@@ -425,6 +463,9 @@ TNC IMC configuration directory
.TP
.BR charon.plugins.tnc-imv.tnc_config " [/etc/tnc_config]"
TNC IMV configuration directory
+.TP
+.BR charon.plugins.whitelist.enable " [yes]"
+enable loaded whitelist plugin
.SS libstrongswan section
.TP
.BR libstrongswan.crypto_test.bench " [no]"