testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

# /etc/strongswan.conf - strongSwan configuration file

charon {
  load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite

  syslog {
    auth {
      default = 0
    }
    daemon {
      tls = 2
      tnc = 2 
      imv = 3
    }
  }
  plugins {
    tnc-pdp {
      server = aaa.strongswan.org
      radius {
        secret = gv6URkSs
      }
    }
  }
}

libtls {
  suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
}

libimcv {
  database = sqlite:///etc/db.d/config.db
  policy_script = /usr/local/libexec/ipsec/imv_policy_manager 

  plugins {
    imv-swid {
      rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
    }
  }
}

imv_policy_manager {
  command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
  command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
}