| blob | 197b8debaf83878800d6434356ee861d97cee979 |
1 # See: https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf
2 #
3 # When strongSwan is upgraded please update the parameters in this file. You can
4 # see which parameters should be deleted, changed or added by diffing
5 # swanctl.opt:
6 #
7 # git clone https://github.com/strongswan/strongswan.git
8 # cd strongswan
9 # git diff 5.7.2..5.8.0 src/swanctl/swanctl.opt
11 lib:
12 with (import ./param-constructors.nix lib);
14 let
15 certParams = {
16 file = mkOptionalStrParam ''
17 Absolute path to the certificate to load. Passed as-is to the daemon, so
18 it must be readable by it.
20 Configure either this or {option}`handle`, but not both, in one section.
21 '';
23 handle = mkOptionalHexParam ''
24 Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
25 respectively.
27 Configure either this or {option}`file`, but not both, in one section.
28 '';
30 slot = mkOptionalIntParam ''
31 Optional slot number of the token that stores the certificate.
32 '';
34 module = mkOptionalStrParam ''
35 Optional PKCS#11 module name.
36 '';
37 };
38 in
39 {
40 authorities =
41 mkAttrsOfParams
42 (
43 {
45 cacert = mkOptionalStrParam ''
46 The certificates may use a relative path from the swanctl
47 `x509ca` directory or an absolute path.
49 Configure one of {option}`cacert`,
50 {option}`file`, or
51 {option}`handle` per section.
52 '';
54 cert_uri_base = mkOptionalStrParam ''
55 Defines the base URI for the Hash and URL feature supported by
56 IKEv2. Instead of exchanging complete certificates, IKEv2 allows one to
57 send an URI that resolves to the DER encoded certificate. The certificate
58 URIs are built by appending the SHA1 hash of the DER encoded certificates
59 to this base URI.
60 '';
62 crl_uris = mkCommaSepListParam [ ] ''
63 List of CRL distribution points (ldap, http, or file URI).
64 '';
66 ocsp_uris = mkCommaSepListParam [ ] ''
67 List of OCSP URIs.
68 '';
70 }
71 // certParams
72 )
73 ''
74 Section defining complementary attributes of certification authorities, each
75 in its own subsection with an arbitrary yet unique name
76 '';
78 connections =
79 mkAttrsOfParams
80 {
82 version = mkIntParam 0 ''
83 IKE major version to use for connection.
85 - 1 uses IKEv1 aka ISAKMP,
86 - 2 uses IKEv2.
87 - A connection using the default of 0 accepts both IKEv1 and IKEv2 as
88 responder, and initiates the connection actively with IKEv2.
89 '';
91 local_addrs = mkCommaSepListParam [ ] ''
92 Local address(es) to use for IKE communication. Takes
93 single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
95 As initiator, the first non-range/non-subnet is used to initiate the
96 connection from. As responder, the local destination address must match at
97 least to one of the specified addresses, subnets or ranges.
99 If FQDNs are assigned they are resolved every time a configuration lookup
100 is done. If DNS resolution times out, the lookup is delayed for that time.
101 '';
103 remote_addrs = mkCommaSepListParam [ ] ''
104 Remote address(es) to use for IKE communication. Takes
105 single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
107 As initiator, the first non-range/non-subnet is used to initiate the
108 connection to. As responder, the initiator source address must match at
109 least to one of the specified addresses, subnets or ranges.
111 If FQDNs are assigned they are resolved every time a configuration lookup
112 is done. If DNS resolution times out, the lookup is delayed for that time.
113 To initiate a connection, at least one specific address or DNS name must
114 be specified.
115 '';
117 local_port = mkIntParam 500 ''
118 Local UDP port for IKE communication. By default the port of the socket
119 backend is used, which is usually `500`. If port
120 `500` is used, automatic IKE port floating to port
121 `4500` is used to work around NAT issues.
123 Using a non-default local IKE port requires support from the socket
124 backend in use (socket-dynamic).
125 '';
127 remote_port = mkIntParam 500 ''
128 Remote UDP port for IKE communication. If the default of port
129 `500` is used, automatic IKE port floating to port
130 `4500` is used to work around NAT issues.
131 '';
133 proposals = mkCommaSepListParam [ "default" ] ''
134 A proposal is a set of algorithms. For non-AEAD algorithms, this includes
135 for IKE an encryption algorithm, an integrity algorithm, a pseudo random
136 function and a Diffie-Hellman group. For AEAD algorithms, instead of
137 encryption and integrity algorithms, a combined algorithm is used.
139 In IKEv2, multiple algorithms of the same kind can be specified in a
140 single proposal, from which one gets selected. In IKEv1, only one
141 algorithm per kind is allowed per proposal, more algorithms get implicitly
142 stripped. Use multiple proposals to offer different algorithms
143 combinations in IKEv1.
145 Algorithm keywords get separated using dashes. Multiple proposals may be
146 specified in a list. The special value `default` forms a
147 default proposal of supported algorithms considered safe, and is usually a
148 good choice for interoperability.
149 '';
151 vips = mkCommaSepListParam [ ] ''
152 List of virtual IPs to request in IKEv2 configuration payloads or IKEv1
153 Mode Config. The wildcard addresses `0.0.0.0` and
154 `::` request an arbitrary address, specific addresses may
155 be defined. The responder may return a different address, though, or none
156 at all.
157 '';
159 aggressive = mkYesNoParam no ''
160 Enables Aggressive Mode instead of Main Mode with Identity
161 Protection. Aggressive Mode is considered less secure, because the ID and
162 HASH payloads are exchanged unprotected. This allows a passive attacker to
163 snoop peer identities, and even worse, start dictionary attacks on the
164 Preshared Key.
165 '';
167 pull = mkYesNoParam yes ''
168 If the default of yes is used, Mode Config works in pull mode, where the
169 initiator actively requests a virtual IP. With no, push mode is used,
170 where the responder pushes down a virtual IP to the initiating peer.
172 Push mode is currently supported for IKEv1, but not in IKEv2. It is used
173 by a few implementations only, pull mode is recommended.
174 '';
176 dscp = mkStrParam "000000" ''
177 Differentiated Services Field Codepoint to set on outgoing IKE packets for
178 this connection. The value is a six digit binary encoded string specifying
179 the Codepoint to set, as defined in RFC 2474.
180 '';
182 encap = mkYesNoParam no ''
183 To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
184 NAT detection payloads. This makes the peer believe that NAT takes place
185 on the path, forcing it to encapsulate ESP packets in UDP.
187 Usually this is not required, but it can help to work around connectivity
188 issues with too restrictive intermediary firewalls.
189 '';
191 mobike = mkYesNoParam yes ''
192 Enables MOBIKE on IKEv2 connections. MOBIKE is enabled by default on IKEv2
193 connections, and allows mobility of clients and multi-homing on servers by
194 migrating active IPsec tunnels.
196 Usually keeping MOBIKE enabled is unproblematic, as it is not used if the
197 peer does not indicate support for it. However, due to the design of
198 MOBIKE, IKEv2 always floats to port 4500 starting from the second
199 exchange. Some implementations don't like this behavior, hence it can be
200 disabled.
201 '';
203 dpd_delay = mkDurationParam "0s" ''
204 Interval to check the liveness of a peer actively using IKEv2
205 INFORMATIONAL exchanges or IKEv1 R_U_THERE messages. Active DPD checking
206 is only enforced if no IKE or ESP/AH packet has been received for the
207 configured DPD delay.
208 '';
210 dpd_timeout = mkDurationParam "0s" ''
211 Charon by default uses the normal retransmission mechanism and timeouts to
212 check the liveness of a peer, as all messages are used for liveness
213 checking. For compatibility reasons, with IKEv1 a custom interval may be
214 specified; this option has no effect on connections using IKEv2.
215 '';
217 fragmentation = mkEnumParam [ "yes" "accept" "force" "no" ] "yes" ''
218 Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
219 fragmentation). Acceptable values are `yes` (the default
220 since 5.5.1), `accept` (since versions:5.5.3),
221 `force` and `no`.
223 - If set to `yes`, and the peer
224 supports it, oversized IKE messages will be sent in fragments.
225 - If set to
226 `accept`, support for fragmentation is announced to the peer but the daemon
227 does not send its own messages in fragments.
228 - If set to `force` (only
229 supported for IKEv1) the initial IKE message will already be fragmented if
230 required.
231 - Finally, setting the option to `no` will disable announcing
232 support for this feature.
234 Note that fragmented IKE messages sent by a peer are always processed
235 irrespective of the value of this option (even when set to no).
236 '';
238 childless = mkEnumParam [ "allow" "prefer" "force" "never" ] "allow" ''
239 Use childless IKE_SA initiation (_allow_, _prefer_, _force_ or _never_).
241 Use childless IKE_SA initiation (RFC 6023) for IKEv2, with the first
242 CHILD_SA created with a separate CREATE_CHILD_SA exchange (e.g. to use an
243 independent DH exchange for all CHILD_SAs). Acceptable values are `allow`
244 (the default), `prefer`, `force` and `never`. If set to `allow`, responders
245 will accept childless IKE_SAs (as indicated via notify in the IKE_SA_INIT
246 response) while initiators continue to create regular IKE_SAs with the first
247 CHILD_SA created during IKE_AUTH, unless the IKE_SA is initiated explicitly
248 without any children (which will fail if the responder does not support or
249 has disabled this extension). The effect of `prefer` is the same as `allow`
250 on responders, but as initiator a childless IKE_SA is initiated if the
251 responder supports it. If set to `force`, only childless initiation is
252 accepted in either role. Finally, setting the option to `never` disables
253 support for childless IKE_SAs as responder.
254 '';
256 send_certreq = mkYesNoParam yes ''
257 Send certificate request payloads to offer trusted root CA certificates to
258 the peer. Certificate requests help the peer to choose an appropriate
259 certificate/private key for authentication and are enabled by default.
260 Disabling certificate requests can be useful if too many trusted root CA
261 certificates are installed, as each certificate request increases the size
262 of the initial IKE packets.
263 '';
265 send_cert = mkEnumParam [ "always" "never" "ifasked" ] "ifasked" ''
266 Send certificate payloads when using certificate authentication.
268 - With the default of `ifasked` the daemon sends
269 certificate payloads only if certificate requests have been received.
270 - `never` disables sending of certificate payloads
271 altogether,
272 - `always` causes certificate payloads to be sent
273 unconditionally whenever certificate authentication is used.
274 '';
276 ppk_id = mkOptionalStrParam ''
277 String identifying the Postquantum Preshared Key (PPK) to be used.
278 '';
280 ppk_required = mkYesNoParam no ''
281 Whether a Postquantum Preshared Key (PPK) is required for this connection.
282 '';
284 keyingtries = mkIntParam 1 ''
285 Number of retransmission sequences to perform during initial
286 connect. Instead of giving up initiation after the first retransmission
287 sequence with the default value of `1`, additional
288 sequences may be started according to the configured value. A value of
289 `0` initiates a new sequence until the connection
290 establishes or fails with a permanent error.
291 '';
293 unique = mkEnumParam [ "no" "never" "keep" "replace" ] "no" ''
294 Connection uniqueness policy to enforce. To avoid multiple connections
295 from the same user, a uniqueness policy can be enforced.
297 - The value `never` does never enforce such a policy, even
298 if a peer included INITIAL_CONTACT notification messages,
299 - whereas `no` replaces existing connections for the same
300 identity if a new one has the INITIAL_CONTACT notify.
301 - `keep` rejects new connection attempts if the same user
302 already has an active connection,
303 - `replace` deletes any existing connection if a new one
304 for the same user gets established.
306 To compare connections for uniqueness, the remote IKE identity is used. If
307 EAP or XAuth authentication is involved, the EAP-Identity or XAuth
308 username is used to enforce the uniqueness policy instead.
310 On initiators this setting specifies whether an INITIAL_CONTACT notify is
311 sent during IKE_AUTH if no existing connection is found with the remote
312 peer (determined by the identities of the first authentication
313 round). Unless set to `never` the client will send a notify.
314 '';
316 reauth_time = mkDurationParam "0s" ''
317 Time to schedule IKE reauthentication. IKE reauthentication recreates the
318 IKE/ISAKMP SA from scratch and re-evaluates the credentials. In asymmetric
319 configurations (with EAP or configuration payloads) it might not be
320 possible to actively reauthenticate as responder. The IKEv2
321 reauthentication lifetime negotiation can instruct the client to perform
322 reauthentication.
324 Reauthentication is disabled by default. Enabling it usually may lead to
325 small connection interruptions, as strongSwan uses a break-before-make
326 policy with IKEv2 to avoid any conflicts with associated tunnel resources.
327 '';
329 rekey_time = mkDurationParam "4h" ''
330 IKE rekeying refreshes key material using a Diffie-Hellman exchange, but
331 does not re-check associated credentials. It is supported in IKEv2 only,
332 IKEv1 performs a reauthentication procedure instead.
334 With the default value IKE rekeying is scheduled every 4 hours, minus the
335 configured rand_time. If a reauth_time is configured, rekey_time defaults
336 to zero, disabling rekeying; explicitly set both to enforce rekeying and
337 reauthentication.
338 '';
340 over_time = mkOptionalDurationParam ''
341 Hard IKE_SA lifetime if rekey/reauth does not complete, as time. To avoid
342 having an IKE/ISAKMP kept alive if IKE reauthentication or rekeying fails
343 perpetually, a maximum hard lifetime may be specified. If the IKE_SA fails
344 to rekey or reauthenticate within the specified time, the IKE_SA gets
345 closed.
347 In contrast to CHILD_SA rekeying, over_time is relative in time to the
348 rekey_time and reauth_time values, as it applies to both.
350 The default is 10% of the longer of {option}`rekey_time` and
351 {option}`reauth_time`.
352 '';
354 rand_time = mkOptionalDurationParam ''
355 Time range from which to choose a random value to subtract from
356 rekey/reauth times. To avoid having both peers initiating the rekey/reauth
357 procedure simultaneously, a random time gets subtracted from the
358 rekey/reauth times.
360 The default is equal to the configured {option}`over_time`.
361 '';
363 pools = mkCommaSepListParam [ ] ''
364 List of named IP pools to allocate virtual IP addresses
365 and other configuration attributes from. Each name references a pool by
366 name from either the pools section or an external pool.
367 '';
369 if_id_in = mkStrParam "0" ''
370 XFRM interface ID set on inbound policies/SA, can be overridden by child
371 config, see there for details.
373 The special value `%unique` allocates a unique interface ID per IKE_SA,
374 which is inherited by all its CHILD_SAs (unless overridden there), beyond
375 that the value `%unique-dir` assigns a different unique interface ID for
376 each direction (in/out).
378 '';
380 if_id_out = mkStrParam "0" ''
381 XFRM interface ID set on outbound policies/SA, can be overridden by child
382 config, see there for details.
384 The special value `%unique` allocates a unique interface ID per IKE_SA,
385 which is inherited by all its CHILD_SAs (unless overridden there), beyond
386 that the value `%unique-dir` assigns a different unique interface ID for
387 each direction (in/out).
388 '';
390 mediation = mkYesNoParam no ''
391 Whether this connection is a mediation connection, that is, whether this
392 connection is used to mediate other connections using the IKEv2 Mediation
393 Extension. Mediation connections create no CHILD_SA.
394 '';
396 mediated_by = mkOptionalStrParam ''
397 The name of the connection to mediate this connection through. If given,
398 the connection will be mediated through the named mediation
399 connection. The mediation connection must have mediation enabled.
400 '';
402 mediation_peer = mkOptionalStrParam ''
403 Identity under which the peer is registered at the mediation server, that
404 is, the IKE identity the other end of this connection uses as its local
405 identity on its connection to the mediation server. This is the identity
406 we request the mediation server to mediate us with. Only relevant on
407 connections that set mediated_by. If it is not given, the remote IKE
408 identity of the first authentication round of this connection will be
409 used.
410 '';
412 local =
413 mkPrefixedAttrsOfParams
414 {
416 round = mkIntParam 0 ''
417 Optional numeric identifier by which authentication rounds are
418 sorted. If not specified rounds are ordered by their position in the
419 config file/vici message.
420 '';
422 certs = mkCommaSepListParam [ ] ''
423 List of certificate candidates to use for
424 authentication. The certificates may use a relative path from the
425 swanctl `x509` directory or an absolute path.
427 The certificate used for authentication is selected based on the
428 received certificate request payloads. If no appropriate CA can be
429 located, the first certificate is used.
430 '';
432 cert = mkPostfixedAttrsOfParams certParams ''
433 Section for a certificate candidate to use for
434 authentication. Certificates in certs are transmitted as binary blobs,
435 these sections offer more flexibility.
436 '';
438 pubkeys = mkCommaSepListParam [ ] ''
439 List of raw public key candidates to use for
440 authentication. The public keys may use a relative path from the swanctl
441 `pubkey` directory or an absolute path.
443 Even though multiple local public keys could be defined in principle,
444 only the first public key in the list is used for authentication.
445 '';
447 auth = mkStrParam "pubkey" ''
448 Authentication to perform locally.
450 - The default `pubkey` uses public key authentication
451 using a private key associated to a usable certificate.
452 - `psk` uses pre-shared key authentication.
453 - The IKEv1 specific `xauth` is used for XAuth or Hybrid
454 authentication,
455 - while the IKEv2 specific `eap` keyword defines EAP
456 authentication.
457 - For `xauth`, a specific backend name may be appended,
458 separated by a dash. The appropriate `xauth` backend is
459 selected to perform the XAuth exchange. For traditional XAuth, the
460 `xauth` method is usually defined in the second
461 authentication round following an initial `pubkey` (or
462 `psk`) round. Using `xauth` in the
463 first round performs Hybrid Mode client authentication.
464 - For `eap`, a specific EAP method name may be appended, separated by a
465 dash. An EAP module implementing the appropriate method is selected to
466 perform the EAP conversation.
467 - Since 5.4.0, if both peers support RFC 7427 ("Signature Authentication
468 in IKEv2") specific hash algorithms to be used during IKEv2
469 authentication may be configured. To do so use `ike:`
470 followed by a trust chain signature scheme constraint (see description
471 of the {option}`remote` section's {option}`auth`
472 keyword). For example, with `ike:pubkey-sha384-sha256`
473 a public key signature scheme with either SHA-384 or SHA-256 would get
474 used for authentication, in that order and depending on the hash
475 algorithms supported by the peer. If no specific hash algorithms are
476 configured, the default is to prefer an algorithm that matches or
477 exceeds the strength of the signature key. If no constraints with
478 `ike:` prefix are configured any signature scheme
479 constraint (without `ike:` prefix) will also apply to
480 IKEv2 authentication, unless this is disabled in
481 `strongswan.conf`. To use RSASSA-PSS signatures use
482 `rsa/pss` instead of `pubkey` or
483 `rsa` as in e.g.
484 `ike:rsa/pss-sha256`. If `pubkey` or
485 `rsa` constraints are configured RSASSA-PSS signatures
486 will only be used if enabled in `strongswan.conf`(5).
487 '';
489 id = mkOptionalStrParam ''
490 IKE identity to use for authentication round. When using certificate
491 authentication, the IKE identity must be contained in the certificate,
492 either as subject or as subjectAltName.
493 '';
495 eap_id = mkOptionalStrParam ''
496 Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
497 '';
499 aaa_id = mkOptionalStrParam ''
500 Server side EAP-Identity to expect in the EAP method. Some EAP methods,
501 such as EAP-TLS, use an identity for the server to perform mutual
502 authentication. This identity may differ from the IKE identity,
503 especially when EAP authentication is delegated from the IKE responder
504 to an AAA backend.
506 For EAP-(T)TLS, this defines the identity for which the server must
507 provide a certificate in the TLS exchange.
508 '';
510 xauth_id = mkOptionalStrParam ''
511 Client XAuth username used in the XAuth exchange.
512 '';
514 }
515 ''
516 Section for a local authentication round. A local authentication round
517 defines the rules how authentication is performed for the local
518 peer. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple
519 Authentication or IKEv1 XAuth.
521 Each round is defined in a section having `local` as
522 prefix, and an optional unique suffix. To define a single authentication
523 round, the suffix may be omitted.
524 '';
526 remote =
527 mkPrefixedAttrsOfParams
528 {
530 round = mkIntParam 0 ''
531 Optional numeric identifier by which authentication rounds are
532 sorted. If not specified rounds are ordered by their position in the
533 config file/vici message.
534 '';
536 id = mkStrParam "%any" ''
537 IKE identity to expect for authentication round. When using certificate
538 authentication, the IKE identity must be contained in the certificate,
539 either as subject or as subjectAltName.
540 '';
542 eap_id = mkOptionalStrParam ''
543 Identity to use as peer identity during EAP authentication. If set to
544 `%any` the EAP-Identity method will be used to ask the
545 client for an EAP identity.
546 '';
548 groups = mkCommaSepListParam [ ] ''
549 Authorization group memberships to require. The peer
550 must prove membership to at least one of the specified groups. Group
551 membership can be certified by different means, for example by
552 appropriate Attribute Certificates or by an AAA backend involved in the
553 authentication.
554 '';
556 cert_policy = mkCommaSepListParam [ ] ''
557 List of certificate policy OIDs the peer's certificate
558 must have. OIDs are specified using the numerical dotted representation.
559 '';
561 certs = mkCommaSepListParam [ ] ''
562 List of certificates to accept for authentication. The certificates may
563 use a relative path from the swanctl `x509` directory
564 or an absolute path.
565 '';
567 cert = mkPostfixedAttrsOfParams certParams ''
568 Section for a certificate candidate to use for
569 authentication. Certificates in certs are transmitted as binary blobs,
570 these sections offer more flexibility.
571 '';
573 ca_id = mkOptionalStrParam ''
574 Identity in CA certificate to accept for authentication. The specified
575 identity must be contained in one (intermediate) CA of the remote peer
576 trustchain, either as subject or as subjectAltName. This has the same
577 effect as specifying `cacerts` to force clients under
578 a CA to specific connections; it does not require the CA certificate
579 to be available locally, and can be received from the peer during the
580 IKE exchange.
581 '';
583 cacerts = mkCommaSepListParam [ ] ''
584 List of CA certificates to accept for
585 authentication. The certificates may use a relative path from the
586 swanctl `x509ca` directory or an absolute path.
587 '';
589 cacert = mkPostfixedAttrsOfParams certParams ''
590 Section for a CA certificate to accept for authentication. Certificates
591 in cacerts are transmitted as binary blobs, these sections offer more
592 flexibility.
593 '';
595 pubkeys = mkCommaSepListParam [ ] ''
596 List of raw public keys to accept for
597 authentication. The public keys may use a relative path from the swanctl
598 `pubkey` directory or an absolute path.
599 '';
601 revocation = mkEnumParam [ "strict" "ifuri" "relaxed" ] "relaxed" ''
602 Certificate revocation policy for CRL or OCSP revocation.
604 - A `strict` revocation policy fails if no revocation information is
605 available, i.e. the certificate is not known to be unrevoked.
606 - `ifuri` fails only if a CRL/OCSP URI is available, but certificate
607 revocation checking fails, i.e. there should be revocation information
608 available, but it could not be obtained.
609 - The default revocation policy `relaxed` fails only if a certificate is
610 revoked, i.e. it is explicitly known that it is bad.
611 '';
613 auth = mkStrParam "pubkey" ''
614 Authentication to expect from remote. See the {option}`local`
615 section's {option}`auth` keyword description about the details of
616 supported mechanisms.
618 Since 5.4.0, to require a trustchain public key strength for the remote
619 side, specify the key type followed by the minimum strength in bits (for
620 example `ecdsa-384` or
621 `rsa-2048-ecdsa-256`). To limit the acceptable set of
622 hashing algorithms for trustchain validation, append hash algorithms to
623 pubkey or a key strength definition (for example
624 `pubkey-sha256-sha512`,
625 `rsa-2048-sha256-sha384-sha512` or
626 `rsa-2048-sha256-ecdsa-256-sha256-sha384`).
627 Unless disabled in `strongswan.conf`, or explicit IKEv2
628 signature constraints are configured (refer to the description of the
629 {option}`local` section's {option}`auth` keyword for
630 details), such key types and hash algorithms are also applied as
631 constraints against IKEv2 signature authentication schemes used by the
632 remote side. To require RSASSA-PSS signatures use
633 `rsa/pss` instead of `pubkey` or
634 `rsa` as in e.g. `rsa/pss-sha256`. If
635 `pubkey` or `rsa` constraints are
636 configured RSASSA-PSS signatures will only be accepted if enabled in
637 `strongswan.conf`(5).
639 To specify trust chain constraints for EAP-(T)TLS, append a colon to the
640 EAP method, followed by the key type/size and hash algorithm as
641 discussed above (e.g. `eap-tls:ecdsa-384-sha384`).
642 '';
644 }
645 ''
646 Section for a remote authentication round. A remote authentication round
647 defines the constraints how the peers must authenticate to use this
648 connection. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple
649 Authentication or IKEv1 XAuth.
651 Each round is defined in a section having `remote` as
652 prefix, and an optional unique suffix. To define a single authentication
653 round, the suffix may be omitted.
654 '';
656 children =
657 mkAttrsOfParams
658 {
659 ah_proposals = mkCommaSepListParam [ ] ''
660 AH proposals to offer for the CHILD_SA. A proposal is a set of
661 algorithms. For AH, this includes an integrity algorithm and an optional
662 Diffie-Hellman group. If a DH group is specified, CHILD_SA/Quick Mode
663 rekeying and initial negotiation uses a separate Diffie-Hellman exchange
664 using the specified group (refer to esp_proposals for details).
666 In IKEv2, multiple algorithms of the same kind can be specified in a
667 single proposal, from which one gets selected. In IKEv1, only one
668 algorithm per kind is allowed per proposal, more algorithms get
669 implicitly stripped. Use multiple proposals to offer different algorithms
670 combinations in IKEv1.
672 Algorithm keywords get separated using dashes. Multiple proposals may be
673 specified in a list. The special value `default` forms
674 a default proposal of supported algorithms considered safe, and is
675 usually a good choice for interoperability. By default no AH proposals
676 are included, instead ESP is proposed.
677 '';
679 esp_proposals = mkCommaSepListParam [ "default" ] ''
680 ESP proposals to offer for the CHILD_SA. A proposal is a set of
681 algorithms. For ESP non-AEAD proposals, this includes an integrity
682 algorithm, an encryption algorithm, an optional Diffie-Hellman group and
683 an optional Extended Sequence Number Mode indicator. For AEAD proposals,
684 a combined mode algorithm is used instead of the separate
685 encryption/integrity algorithms.
687 If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial
688 negotiation use a separate Diffie-Hellman exchange using the specified
689 group. However, for IKEv2, the keys of the CHILD_SA created implicitly
690 with the IKE_SA will always be derived from the IKE_SA's key material. So
691 any DH group specified here will only apply when the CHILD_SA is later
692 rekeyed or is created with a separate CREATE_CHILD_SA exchange. A
693 proposal mismatch might, therefore, not immediately be noticed when the
694 SA is established, but may later cause rekeying to fail.
696 Extended Sequence Number support may be indicated with the
697 `esn` and `noesn` values, both may be
698 included to indicate support for both modes. If omitted,
699 `noesn` is assumed.
701 In IKEv2, multiple algorithms of the same kind can be specified in a
702 single proposal, from which one gets selected. In IKEv1, only one
703 algorithm per kind is allowed per proposal, more algorithms get
704 implicitly stripped. Use multiple proposals to offer different algorithms
705 combinations in IKEv1.
707 Algorithm keywords get separated using dashes. Multiple proposals may be
708 specified as a list. The special value `default` forms
709 a default proposal of supported algorithms considered safe, and is
710 usually a good choice for interoperability. If no algorithms are
711 specified for AH nor ESP, the default set of algorithms for ESP is
712 included.
713 '';
715 sha256_96 = mkYesNoParam no ''
716 HMAC-SHA-256 is used with 128-bit truncation with IPsec. For
717 compatibility with implementations that incorrectly use 96-bit truncation
718 this option may be enabled to configure the shorter truncation length in
719 the kernel. This is not negotiated, so this only works with peers that
720 use the incorrect truncation length (or have this option enabled).
721 '';
723 local_ts = mkCommaSepListParam [ "dynamic" ] ''
724 List of local traffic selectors to include in CHILD_SA. Each selector is
725 a CIDR subnet definition, followed by an optional proto/port
726 selector. The special value `dynamic` may be used
727 instead of a subnet definition, which gets replaced by the tunnel outer
728 address or the virtual IP, if negotiated. This is the default.
730 A protocol/port selector is surrounded by opening and closing square
731 brackets. Between these brackets, a numeric or getservent(3) protocol
732 name may be specified. After the optional protocol restriction, an
733 optional port restriction may be specified, separated by a slash. The
734 port restriction may be numeric, a getservent(3) service name, or the
735 special value `opaque` for RFC 4301 OPAQUE
736 selectors. Port ranges may be specified as well, none of the kernel
737 backends currently support port ranges, though.
739 When IKEv1 is used only the first selector is interpreted, except if the
740 Cisco Unity extension plugin is used. This is due to a limitation of the
741 IKEv1 protocol, which only allows a single pair of selectors per
742 CHILD_SA. So to tunnel traffic matched by several pairs of selectors when
743 using IKEv1 several children (CHILD_SAs) have to be defined that cover
744 the selectors. The IKE daemon uses traffic selector narrowing for IKEv1,
745 the same way it is standardized and implemented for IKEv2. However, this
746 may lead to problems with other implementations. To avoid that, configure
747 identical selectors in such scenarios.
748 '';
750 remote_ts = mkCommaSepListParam [ "dynamic" ] ''
751 List of remote selectors to include in CHILD_SA. See
752 {option}`local_ts` for a description of the selector syntax.
753 '';
755 rekey_time = mkDurationParam "1h" ''
756 Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key
757 material, optionally using a Diffie-Hellman exchange if a group is
758 specified in the proposal. To avoid rekey collisions initiated by both
759 ends simultaneously, a value in the range of {option}`rand_time`
760 gets subtracted to form the effective soft lifetime.
762 By default CHILD_SA rekeying is scheduled every hour, minus
763 {option}`rand_time`.
764 '';
766 life_time = mkOptionalDurationParam ''
767 Maximum lifetime before CHILD_SA gets closed. Usually this hard lifetime
768 is never reached, because the CHILD_SA gets rekeyed before. If that fails
769 for whatever reason, this limit closes the CHILD_SA. The default is 10%
770 more than the {option}`rekey_time`.
771 '';
773 rand_time = mkOptionalDurationParam ''
774 Time range from which to choose a random value to subtract from
775 {option}`rekey_time`. The default is the difference between
776 {option}`life_time` and {option}`rekey_time`.
777 '';
779 rekey_bytes = mkIntParam 0 ''
780 Number of bytes processed before initiating CHILD_SA rekeying. CHILD_SA
781 rekeying refreshes key material, optionally using a Diffie-Hellman
782 exchange if a group is specified in the proposal.
784 To avoid rekey collisions initiated by both ends simultaneously, a value
785 in the range of {option}`rand_bytes` gets subtracted to form the
786 effective soft volume limit.
788 Volume based CHILD_SA rekeying is disabled by default.
789 '';
791 life_bytes = mkOptionalIntParam ''
792 Maximum bytes processed before CHILD_SA gets closed. Usually this hard
793 volume limit is never reached, because the CHILD_SA gets rekeyed
794 before. If that fails for whatever reason, this limit closes the
795 CHILD_SA. The default is 10% more than {option}`rekey_bytes`.
796 '';
798 rand_bytes = mkOptionalIntParam ''
799 Byte range from which to choose a random value to subtract from
800 {option}`rekey_bytes`. The default is the difference between
801 {option}`life_bytes` and {option}`rekey_bytes`.
802 '';
804 rekey_packets = mkIntParam 0 ''
805 Number of packets processed before initiating CHILD_SA rekeying. CHILD_SA
806 rekeying refreshes key material, optionally using a Diffie-Hellman
807 exchange if a group is specified in the proposal.
809 To avoid rekey collisions initiated by both ends simultaneously, a value
810 in the range of {option}`rand_packets` gets subtracted to form
811 the effective soft packet count limit.
813 Packet count based CHILD_SA rekeying is disabled by default.
814 '';
816 life_packets = mkOptionalIntParam ''
817 Maximum number of packets processed before CHILD_SA gets closed. Usually
818 this hard packets limit is never reached, because the CHILD_SA gets
819 rekeyed before. If that fails for whatever reason, this limit closes the
820 CHILD_SA.
822 The default is 10% more than {option}`rekey_bytes`.
823 '';
825 rand_packets = mkOptionalIntParam ''
826 Packet range from which to choose a random value to subtract from
827 {option}`rekey_packets`. The default is the difference between
828 {option}`life_packets` and {option}`rekey_packets`.
829 '';
831 updown = mkOptionalStrParam ''
832 Updown script to invoke on CHILD_SA up and down events.
833 '';
835 hostaccess = mkYesNoParam no ''
836 Hostaccess variable to pass to `updown` script.
837 '';
839 mode =
840 mkEnumParam
841 [
842 "tunnel"
843 "transport"
844 "transport_proxy"
845 "beet"
846 "pass"
847 "drop"
848 ]
849 "tunnel"
850 ''
851 IPsec Mode to establish CHILD_SA with.
853 - `tunnel` negotiates the CHILD_SA in IPsec Tunnel Mode,
854 - whereas `transport` uses IPsec Transport Mode.
855 - `transport_proxy` signifying the special Mobile IPv6
856 Transport Proxy Mode.
857 - `beet` is the Bound End to End Tunnel mixture mode,
858 working with fixed inner addresses without the need to include them in
859 each packet.
860 - Both `transport` and `beet` modes are
861 subject to mode negotiation; `tunnel` mode is
862 negotiated if the preferred mode is not available.
863 - `pass` and `drop` are used to install
864 shunt policies which explicitly bypass the defined traffic from IPsec
865 processing or drop it, respectively.
866 '';
868 policies = mkYesNoParam yes ''
869 Whether to install IPsec policies or not. Disabling this can be useful in
870 some scenarios e.g. MIPv6, where policies are not managed by the IKE
871 daemon. Since 5.3.3.
872 '';
874 policies_fwd_out = mkYesNoParam no ''
875 Whether to install outbound FWD IPsec policies or not. Enabling this is
876 required in case there is a drop policy that would match and block
877 forwarded traffic for this CHILD_SA. Since 5.5.1.
878 '';
880 dpd_action = mkEnumParam [ "clear" "trap" "restart" ] "clear" ''
881 Action to perform for this CHILD_SA on DPD timeout. The default clear
882 closes the CHILD_SA and does not take further action. trap installs a
883 trap policy, which will catch matching traffic and tries to re-negotiate
884 the tunnel on-demand. restart immediately tries to re-negotiate the
885 CHILD_SA under a fresh IKE_SA.
886 '';
888 ipcomp = mkYesNoParam no ''
889 Enable IPComp compression before encryption. If enabled, IKE tries to
890 negotiate IPComp compression to compress ESP payload data prior to
891 encryption.
892 '';
894 inactivity = mkDurationParam "0s" ''
895 Timeout before closing CHILD_SA after inactivity. If no traffic has been
896 processed in either direction for the configured timeout, the CHILD_SA
897 gets closed due to inactivity. The default value of 0 disables inactivity
898 checks.
899 '';
901 reqid = mkIntParam 0 ''
902 Fixed reqid to use for this CHILD_SA. This might be helpful in some
903 scenarios, but works only if each CHILD_SA configuration is instantiated
904 not more than once. The default of 0 uses dynamic reqids, allocated
905 incrementally.
906 '';
908 priority = mkIntParam 0 ''
909 Optional fixed priority for IPsec policies. This could be useful to
910 install high-priority drop policies. The default of 0 uses dynamically
911 calculated priorities based on the size of the traffic selectors.
912 '';
914 interface = mkOptionalStrParam ''
915 Optional interface name to restrict outbound IPsec policies.
916 '';
918 mark_in = mkStrParam "0/0x00000000" ''
919 Netfilter mark and mask for input traffic. On Linux, Netfilter may
920 require marks on each packet to match an SA/policy having that option
921 set. This allows installing duplicate policies and enables Netfilter
922 rules to select specific SAs/policies for incoming traffic. Note that
923 inbound marks are only set on policies, by default, unless
924 {option}`mark_in_sa` is enabled. The special value
925 `%unique` sets a unique mark on each CHILD_SA instance,
926 beyond that the value `%unique-dir` assigns a different
927 unique mark for each
929 An additional mask may be appended to the mark, separated by
930 `/`. The default mask if omitted is
931 `0xffffffff`.
932 '';
934 mark_in_sa = mkYesNoParam no ''
935 Whether to set {option}`mark_in` on the inbound SA. By default,
936 the inbound mark is only set on the inbound policy. The tuple destination
937 address, protocol and SPI is unique and the mark is not required to find
938 the correct SA, allowing to mark traffic after decryption instead (where
939 more specific selectors may be used) to match different policies. Marking
940 packets before decryption is still possible, even if no mark is set on
941 the SA.
942 '';
944 mark_out = mkStrParam "0/0x00000000" ''
945 Netfilter mark and mask for output traffic. On Linux, Netfilter may
946 require marks on each packet to match a policy/SA having that option
947 set. This allows installing duplicate policies and enables Netfilter
948 rules to select specific policies/SAs for outgoing traffic. The special
949 value `%unique` sets a unique mark on each CHILD_SA
950 instance, beyond that the value `%unique-dir` assigns a
951 different unique mark for each CHILD_SA direction (in/out).
953 An additional mask may be appended to the mark, separated by
954 `/`. The default mask if omitted is
955 `0xffffffff`.
956 '';
958 set_mark_in = mkStrParam "0/0x00000000" ''
959 Netfilter mark applied to packets after the inbound IPsec SA processed
960 them. This way it's not necessary to mark packets via Netfilter before
961 decryption or right afterwards to match policies or process them
962 differently (e.g. via policy routing).
964 An additional mask may be appended to the mark, separated by
965 `/`. The default mask if omitted is 0xffffffff. The
966 special value `%same` uses the value (but not the mask)
967 from {option}`mark_in` as mark value, which can be fixed,
968 `%unique` or `%unique-dir`.
970 Setting marks in XFRM input requires Linux 4.19 or higher.
971 '';
973 set_mark_out = mkStrParam "0/0x00000000" ''
974 Netfilter mark applied to packets after the outbound IPsec SA processed
975 them. This allows processing ESP packets differently than the original
976 traffic (e.g. via policy routing).
978 An additional mask may be appended to the mark, separated by
979 `/`. The default mask if omitted is 0xffffffff. The
980 special value `%same` uses the value (but not the mask)
981 from {option}`mark_out` as mark value, which can be fixed,
982 `%unique_` or `%unique-dir`.
984 Setting marks in XFRM output is supported since Linux 4.14. Setting a
985 mask requires at least Linux 4.19.
986 '';
988 if_id_in = mkStrParam "0" ''
989 XFRM interface ID set on inbound policies/SA. This allows installing
990 duplicate policies/SAs and associates them with an interface with the
991 same ID. The special value `%unique` sets a unique
992 interface ID on each CHILD_SA instance, beyond that the value
993 `%unique-dir` assigns a different unique interface ID
994 for each CHILD_SA direction (in/out).
995 '';
997 if_id_out = mkStrParam "0" ''
998 XFRM interface ID set on outbound policies/SA. This allows installing
999 duplicate policies/SAs and associates them with an interface with the
1000 same ID. The special value `%unique` sets a unique
1001 interface ID on each CHILD_SA instance, beyond that the value
1002 `%unique-dir` assigns a different unique interface ID
1003 for each CHILD_SA direction (in/out).
1005 The daemon will not install routes for CHILD_SAs that have this option set.
1006 '';
1008 tfc_padding = mkParamOfType (with lib.types; either int (enum [ "mtu" ])) 0 ''
1009 Pads ESP packets with additional data to have a consistent ESP packet
1010 size for improved Traffic Flow Confidentiality. The padding defines the
1011 minimum size of all ESP packets sent. The default value of
1012 `0` disables TFC padding, the special value
1013 `mtu` adds TFC padding to create a packet size equal to
1014 the Path Maximum Transfer Unit.
1015 '';
1017 replay_window = mkIntParam 32 ''
1018 IPsec replay window to configure for this CHILD_SA. Larger values than
1019 the default of `32` are supported using the Netlink
1020 backend only, a value of `0` disables IPsec replay
1021 protection.
1022 '';
1024 hw_offload = mkEnumParam [ "yes" "no" "auto" "crypto" "packet" ] "no" ''
1025 Enable hardware offload for this CHILD_SA, if supported by the IPsec
1026 implementation. The values `crypto` or `packet` enforce crypto or full
1027 packet offloading and the installation will fail if the selected mode is not
1028 supported by either kernel or device. On Linux, `packet` also offloads
1029 policies, including trap policies. The value `auto` enables full packet
1030 or crypto offloading, if either is supported, but the installation does not
1031 fail otherwise.
1032 '';
1034 copy_df = mkYesNoParam yes ''
1035 Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This
1036 effectively disables Path MTU discovery (PMTUD). Controlling this
1037 behavior is not supported by all kernel interfaces.
1038 '';
1040 copy_ecn = mkYesNoParam yes ''
1041 Whether to copy the ECN (Explicit Congestion Notification) header field
1042 to/from the outer IP header in tunnel mode. Controlling this behavior is
1043 not supported by all kernel interfaces.
1044 '';
1046 copy_dscp = mkEnumParam [ "out" "in" "yes" "no" ] "out" ''
1047 Whether to copy the DSCP (Differentiated Services Field Codepoint)
1048 header field to/from the outer IP header in tunnel mode. The value
1049 `out` only copies the field from the inner to the outer
1050 header, the value `in` does the opposite and only
1051 copies the field from the outer to the inner header when decapsulating,
1052 the value `yes` copies the field in both directions,
1053 and the value `no` disables copying the field
1054 altogether. Setting this to `yes` or
1055 `in` could allow an attacker to adversely affect other
1056 traffic at the receiver, which is why the default is
1057 `out`. Controlling this behavior is not supported by
1058 all kernel interfaces.
1059 '';
1061 start_action = mkEnumParam [ "none" "trap" "start" "trap|start" ] "none" ''
1062 Action to perform after loading the configuration.
1064 - The default of `none` loads the connection only, which
1065 then can be manually initiated or used as a responder configuration.
1066 - The value `trap` installs a trap policy, which triggers
1067 the tunnel as soon as matching traffic has been detected.
1068 - The value `start` initiates the connection actively.
1069 - Since version 5.9.6 two modes above can be combined with `trap|start`,
1070 to immediately initiate a connection for which trap policies have been installed.
1072 When unloading or replacing a CHILD_SA configuration having a
1073 {option}`start_action` different from `none`,
1074 the inverse action is performed. Configurations with
1075 `start` get closed, while such with
1076 `trap` get uninstalled.
1077 '';
1079 close_action = mkEnumParam [ "none" "trap" "start" ] "none" ''
1080 Action to perform after a CHILD_SA gets closed by the peer.
1082 - The default of `none` does not take any action,
1083 - `trap` installs a trap policy for the CHILD_SA.
1084 - `start` tries to re-create the CHILD_SA.
1086 {option}`close_action` does not provide any guarantee that the
1087 CHILD_SA is kept alive. It acts on explicit close messages only, but not
1088 on negotiation failures. Use trap policies to reliably re-create failed
1089 CHILD_SAs.
1090 '';
1092 }
1093 ''
1094 CHILD_SA configuration sub-section. Each connection definition may have
1095 one or more sections in its {option}`children` subsection. The
1096 section name defines the name of the CHILD_SA configuration, which must be
1097 unique within the connection (denoted \<child\> below).
1098 '';
1099 }
1100 ''
1101 Section defining IKE connection configurations, each in its own subsection
1102 with an arbitrary yet unique name
1103 '';
1105 secrets =
1106 let
1107 mkEapXauthParams =
1108 mkPrefixedAttrsOfParams
1109 {
1110 secret = mkOptionalStrParam ''
1111 Value of the EAP/XAuth secret. It may either be an ASCII string, a hex
1112 encoded string if it has a 0x prefix or a Base64 encoded string if it
1113 has a 0s prefix in its value.
1114 '';
1116 id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") ''
1117 Identity the EAP/XAuth secret belongs to. Multiple unique identities may
1118 be specified, each having an `id` prefix, if a secret
1119 is shared between multiple users.
1120 '';
1122 }
1123 ''
1124 EAP secret section for a specific secret. Each EAP secret is defined in a
1125 unique section having the `eap` prefix. EAP secrets are
1126 used for XAuth authentication as well.
1127 '';
1129 in
1130 {
1132 eap = mkEapXauthParams;
1133 xauth = mkEapXauthParams;
1135 ntlm =
1136 mkPrefixedAttrsOfParams
1137 {
1138 secret = mkOptionalStrParam ''
1139 Value of the NTLM secret, which is the NT Hash of the actual secret,
1140 that is, MD4(UTF-16LE(secret)). The resulting 16-byte value may either
1141 be given as a hex encoded string with a 0x prefix or as a Base64 encoded
1142 string with a 0s prefix.
1143 '';
1145 id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") ''
1146 Identity the NTLM secret belongs to. Multiple unique identities may be
1147 specified, each having an id prefix, if a secret is shared between
1148 multiple users.
1149 '';
1150 }
1151 ''
1152 NTLM secret section for a specific secret. Each NTLM secret is defined in
1153 a unique section having the `ntlm` prefix. NTLM secrets
1154 may only be used for EAP-MSCHAPv2 authentication.
1155 '';
1157 ike =
1158 mkPrefixedAttrsOfParams
1159 {
1160 secret = mkOptionalStrParam ''
1161 Value of the IKE preshared secret. It may either be an ASCII string, a
1162 hex encoded string if it has a 0x prefix or a Base64 encoded string if
1163 it has a 0s prefix in its value.
1164 '';
1166 id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") ''
1167 IKE identity the IKE preshared secret belongs to. Multiple unique
1168 identities may be specified, each having an `id`
1169 prefix, if a secret is shared between multiple peers.
1170 '';
1171 }
1172 ''
1173 IKE preshared secret section for a specific secret. Each IKE PSK is
1174 defined in a unique section having the `ike` prefix.
1175 '';
1177 ppk =
1178 mkPrefixedAttrsOfParams
1179 {
1180 secret = mkOptionalStrParam ''
1181 Value of the PPK. It may either be an ASCII string, a hex encoded string
1182 if it has a `0x` prefix or a Base64 encoded string if
1183 it has a `0s` prefix in its value. Should have at least
1184 256 bits of entropy for 128-bit security.
1185 '';
1187 id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") ''
1188 PPK identity the PPK belongs to. Multiple unique identities may be
1189 specified, each having an `id` prefix, if a secret is
1190 shared between multiple peers.
1191 '';
1192 }
1193 ''
1194 Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
1195 defined in a unique section having the `ppk` prefix.
1196 '';
1198 private =
1199 mkPrefixedAttrsOfParams
1200 {
1201 file = mkOptionalStrParam ''
1202 File name in the private folder for which this passphrase should be used.
1203 '';
1205 secret = mkOptionalStrParam ''
1206 Value of decryption passphrase for private key.
1207 '';
1208 }
1209 ''
1210 Private key decryption passphrase for a key in the
1211 `private` folder.
1212 '';
1214 rsa =
1215 mkPrefixedAttrsOfParams
1216 {
1217 file = mkOptionalStrParam ''
1218 File name in the `rsa` folder for which this passphrase
1219 should be used.
1220 '';
1221 secret = mkOptionalStrParam ''
1222 Value of decryption passphrase for RSA key.
1223 '';
1224 }
1225 ''
1226 Private key decryption passphrase for a key in the `rsa`
1227 folder.
1228 '';
1230 ecdsa =
1231 mkPrefixedAttrsOfParams
1232 {
1233 file = mkOptionalStrParam ''
1234 File name in the `ecdsa` folder for which this
1235 passphrase should be used.
1236 '';
1237 secret = mkOptionalStrParam ''
1238 Value of decryption passphrase for ECDSA key.
1239 '';
1240 }
1241 ''
1242 Private key decryption passphrase for a key in the
1243 `ecdsa` folder.
1244 '';
1246 pkcs8 =
1247 mkPrefixedAttrsOfParams
1248 {
1249 file = mkOptionalStrParam ''
1250 File name in the `pkcs8` folder for which this
1251 passphrase should be used.
1252 '';
1253 secret = mkOptionalStrParam ''
1254 Value of decryption passphrase for PKCS#8 key.
1255 '';
1256 }
1257 ''
1258 Private key decryption passphrase for a key in the
1259 `pkcs8` folder.
1260 '';
1262 pkcs12 =
1263 mkPrefixedAttrsOfParams
1264 {
1265 file = mkOptionalStrParam ''
1266 File name in the `pkcs12` folder for which this
1267 passphrase should be used.
1268 '';
1269 secret = mkOptionalStrParam ''
1270 Value of decryption passphrase for PKCS#12 container.
1271 '';
1272 }
1273 ''
1274 PKCS#12 decryption passphrase for a container in the
1275 `pkcs12` folder.
1276 '';
1278 token = mkPrefixedAttrsOfParams {
1279 handle = mkOptionalHexParam ''
1280 Hex-encoded CKA_ID or handle of the private key on the token or TPM,
1281 respectively.
1282 '';
1284 slot = mkOptionalIntParam ''
1285 Optional slot number to access the token.
1286 '';
1288 module = mkOptionalStrParam ''
1289 Optional PKCS#11 module name to access the token.
1290 '';
1292 pin = mkOptionalStrParam ''
1293 Optional PIN required to access the key on the token. If none is
1294 provided the user is prompted during an interactive
1295 `--load-creds` call.
1296 '';
1297 } "Definition for a private key that's stored on a token/smartcard/TPM.";
1299 };
1301 pools =
1302 mkAttrsOfParams
1303 {
1304 addrs = mkOptionalStrParam ''
1305 Subnet or range defining addresses allocated in pool. Accepts a single
1306 CIDR subnet defining the pool to allocate addresses from or an address
1307 range (\<from\>-\<to\>). Pools must be unique and non-overlapping.
1308 '';
1310 dns = mkCommaSepListParam [ ] "Address or CIDR subnets";
1311 nbns = mkCommaSepListParam [ ] "Address or CIDR subnets";
1312 dhcp = mkCommaSepListParam [ ] "Address or CIDR subnets";
1313 netmask = mkCommaSepListParam [ ] "Address or CIDR subnets";
1314 server = mkCommaSepListParam [ ] "Address or CIDR subnets";
1315 subnet = mkCommaSepListParam [ ] "Address or CIDR subnets";
1316 split_include = mkCommaSepListParam [ ] "Address or CIDR subnets";
1317 split_exclude = mkCommaSepListParam [ ] "Address or CIDR subnets";
1318 }
1319 ''
1320 Section defining named pools. Named pools may be referenced by connections
1321 with the pools option to assign virtual IPs and other configuration
1322 attributes. Each pool must have a unique name (denoted \<name\> below).
1323 '';
1324 }