From 05ddd767992d68bb38c7f16ece142e8c2e9ae016 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Sat, 1 Apr 2017 16:26:44 +0200 Subject: New upstream version 5.5.2 --- src/swanctl/swanctl.conf | 123 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 119 insertions(+), 4 deletions(-) (limited to 'src/swanctl/swanctl.conf') diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index eb46005e1..789b128fd 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -31,6 +31,10 @@ # Set the Mode Config mode to use. # pull = yes + # Differentiated Services Field Codepoint to set on outgoing IKE packets + # (six binary digits). + # dscp = 000000 + # Enforce UDP encapsulation by faking NAT-D payloads. # encap = no @@ -73,6 +77,15 @@ # Comma separated list of named IP pools. # pools = + # Whether this connection is a mediation connection. + # mediation = no + + # The name of the connection to mediate this connection through. + # mediated_by = + + # Identity under which the peer is registered at the mediation server. + # mediation_peer = + # Section for a local authentication round. # local { @@ -85,6 +98,9 @@ # authentication. # certs = + # Section for a certificate candidate to use for authentication. + # cert = + # Comma separated list of raw public key candidates to use for # authentication. # pubkeys = @@ -106,6 +122,22 @@ # Client XAuth username used in the XAuth exchange. # xauth_id = id + # cert { + + # Absolute path to the certificate to load. + # file = + + # Hex-encoded CKA_ID of the certificate on a token. + # handle = + + # Optional slot number of the token that stores the certificate. + # slot = + + # Optional PKCS#11 module name. + # module = + + # } + # } # Section for a remote authentication round. @@ -122,13 +154,22 @@ # Authorization group memberships to require. # groups = + # Certificate policy OIDs the peer's certificate must have. + # cert_policy = + # Comma separated list of certificate to accept for authentication. # certs = + # Section for a certificate to accept for authentication. + # cert = + # Comma separated list of CA certificates to accept for # authentication. # cacerts = + # Section for a CA certificate to accept for authentication. + # cacert = + # Comma separated list of raw public keys to accept for # authentication. # pubkeys = @@ -140,6 +181,39 @@ # or eap[-method]). # auth = pubkey + # cert { + + # Absolute path to the certificate to load. + # file = + + # Hex-encoded CKA_ID of the certificate on a token. + # handle = + + # Optional slot number of the token that stores the certificate. + # slot = + + # Optional PKCS#11 module name. + # module = + + # } + + # cacert { + + # Absolute path to the certificate to load. + # file = + + # Hex-encoded CKA_ID of the CA certificate on a token. + # handle = + + # Optional slot number of the token that stores the CA + # certificate. + # slot = + + # Optional PKCS#11 module name. + # module = + + # } + # } # children { @@ -194,8 +268,8 @@ # Hostaccess variable to pass to updown script. # hostaccess = yes - # IPsec Mode to establish (tunnel, transport, beet, pass or - # drop). + # IPsec Mode to establish (tunnel, transport, transport_proxy, + # beet, pass or drop). # mode = tunnel # Whether to install IPsec policies or not. @@ -270,6 +344,17 @@ # } + # NTLM secret section for a specific secret. + # ntlm { + + # Value of the NTLM secret. + # secret = + + # Identity the NTLM secret belongs to. + # id = + + # } + # IKE preshared secret section for a specific secret. # ike { @@ -340,6 +425,24 @@ # } + # Definition for a private key that's stored on a token/smartcard. + # token { + + # Hex-encoded CKA_ID of the private key on the token. + # handle = + + # Optional slot number to access the token. + # slot = + + # Optional PKCS#11 module name to access the token. + # module = + + # Optional PIN required to access the key on the token. If none is + # provided the user is prompted during an interactive --load-creds call. + # pin = + + # } + # } # Section defining named pools. @@ -367,10 +470,22 @@ # CA certificate belonging to the certification authority. # cacert = - # Comma-separated list of CRL distribution points + # Absolute path to the certificate to load. + # file = + + # Hex-encoded CKA_ID of the CA certificate on a token. + # handle = + + # Optional slot number of the token that stores the CA certificate. + # slot = + + # Optional PKCS#11 module name. + # module = + + # Comma-separated list of CRL distribution points. # crl_uris = - # Comma-separated list of OCSP URIs + # Comma-separated list of OCSP URIs. # ocsp_uris = # Defines the base URI for the Hash and URL feature supported by IKEv2. -- cgit v1.2.3