# /etc/strongswan.conf - strongSwan configuration file charon-systemd { load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite syslog { daemon { tls = 2 tnc = 2 imv = 3 } } plugins { tnc-pdp { server = aaa.strongswan.org radius { secret = gv6URkSs } } tnc-imv { dlclose = no } } } libtls { suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 } libimcv { database = sqlite:///etc/db.d/config.db policy_script = /usr/local/libexec/ipsec/imv_policy_manager plugins { imv-swima { rest_api { uri = http://admin-user:strongSwan@tnc.strongswan.org/api/ } } } } imv_policy_manager { command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""' command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""' }