diff options
Diffstat (limited to 'src/swanctl/swanctl.opt')
| -rw-r--r-- | src/swanctl/swanctl.opt | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index b6ef17546..ef38d5d86 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -589,6 +589,12 @@ connections.<conn>.children.<child>.mode = tunnel _pass_ and _drop_ are used to install shunt policies, which explicitly bypass the defined traffic from IPsec processing, or drop it, respectively. +connections.<conn>.children.<child>.policies = yes + Whether to install IPsec policies or not. + + Whether to install IPsec policies or not. Disabling this can be useful in + some scenarios e.g. MIPv6, where policies are not managed by the IKE daemon. + connections.<conn>.children.<child>.dpd_action = clear Action to perform on DPD timeout (_clear_, _trap_ or _restart_). @@ -810,3 +816,35 @@ pools.<name>.<attr> = subnets for the corresponding attribute types. Alternatively, **<attr>** can be a numerical identifier, for which string attribute values are accepted as well. + +authorities { # } + Section defining attributes of certification authorities. + +authorities.<name> { # } + Section defining a certification authority with a unique name. + +authorities.<name>.cacert = + CA certificate belonging to the certification authority. + + The certificates may use a relative path from the **swanctl** _x509ca_ + directory, or an absolute path. + +authorities.<name>.crl_uris = + Comma-separated list of CRL distribution points + + Comma-separated list of CRL distribution points (ldap, http, or file URI) + +authorities.<name>.ocsp_uris = + Comma-separated list of OCSP URIs + + Comma-separated list of OCSP URIs + +authorities.<name>.cert_uri_base = + Defines the base URI for the Hash and URL feature supported by IKEv2. + + Defines the base URI for the Hash and URL feature supported by IKEv2. + Instead of exchanging complete certificates, IKEv2 allows one to send an + URI that resolves to the DER encoded certificate. The certificate URIs are + built by appending the SHA1 hash of the DER encoded certificates to this + base URI. + |