pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / strongswan-swanctl / swanctl-params.nix
at 25.11-pre 64 kB view raw
1# See: https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf 2# 3# When strongSwan is upgraded please update the parameters in this file. You can 4# see which parameters should be deleted, changed or added by diffing 5# swanctl.opt: 6# 7# git clone https://github.com/strongswan/strongswan.git 8# cd strongswan 9# git diff 5.7.2..5.8.0 src/swanctl/swanctl.opt 10 11lib: 12with (import ./param-constructors.nix lib); 13 14let 15 certParams = { 16 file = mkOptionalStrParam '' 17 Absolute path to the certificate to load. Passed as-is to the daemon, so 18 it must be readable by it. 19 20 Configure either this or {option}`handle`, but not both, in one section. 21 ''; 22 23 handle = mkOptionalHexParam '' 24 Hex-encoded CKA_ID or handle of the certificate on a token or TPM, 25 respectively. 26 27 Configure either this or {option}`file`, but not both, in one section. 28 ''; 29 30 slot = mkOptionalIntParam '' 31 Optional slot number of the token that stores the certificate. 32 ''; 33 34 module = mkOptionalStrParam '' 35 Optional PKCS#11 module name. 36 ''; 37 }; 38in 39{ 40 authorities = 41 mkAttrsOfParams 42 ( 43 { 44 45 cacert = mkOptionalStrParam '' 46 The certificates may use a relative path from the swanctl 47 `x509ca` directory or an absolute path. 48 49 Configure one of {option}`cacert`, 50 {option}`file`, or 51 {option}`handle` per section. 52 ''; 53 54 cert_uri_base = mkOptionalStrParam '' 55 Defines the base URI for the Hash and URL feature supported by 56 IKEv2. Instead of exchanging complete certificates, IKEv2 allows one to 57 send an URI that resolves to the DER encoded certificate. The certificate 58 URIs are built by appending the SHA1 hash of the DER encoded certificates 59 to this base URI. 60 ''; 61 62 crl_uris = mkCommaSepListParam [ ] '' 63 List of CRL distribution points (ldap, http, or file URI). 64 ''; 65 66 ocsp_uris = mkCommaSepListParam [ ] '' 67 List of OCSP URIs. 68 ''; 69 70 } 71 // certParams 72 ) 73 '' 74 Section defining complementary attributes of certification authorities, each 75 in its own subsection with an arbitrary yet unique name 76 ''; 77 78 connections = 79 mkAttrsOfParams 80 { 81 82 version = mkIntParam 0 '' 83 IKE major version to use for connection. 84 85 - 1 uses IKEv1 aka ISAKMP, 86 - 2 uses IKEv2. 87 - A connection using the default of 0 accepts both IKEv1 and IKEv2 as 88 responder, and initiates the connection actively with IKEv2. 89 ''; 90 91 local_addrs = mkCommaSepListParam [ ] '' 92 Local address(es) to use for IKE communication. Takes 93 single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges. 94 95 As initiator, the first non-range/non-subnet is used to initiate the 96 connection from. As responder, the local destination address must match at 97 least to one of the specified addresses, subnets or ranges. 98 99 If FQDNs are assigned they are resolved every time a configuration lookup 100 is done. If DNS resolution times out, the lookup is delayed for that time. 101 ''; 102 103 remote_addrs = mkCommaSepListParam [ ] '' 104 Remote address(es) to use for IKE communication. Takes 105 single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges. 106 107 As initiator, the first non-range/non-subnet is used to initiate the 108 connection to. As responder, the initiator source address must match at 109 least to one of the specified addresses, subnets or ranges. 110 111 If FQDNs are assigned they are resolved every time a configuration lookup 112 is done. If DNS resolution times out, the lookup is delayed for that time. 113 To initiate a connection, at least one specific address or DNS name must 114 be specified. 115 ''; 116 117 local_port = mkIntParam 500 '' 118 Local UDP port for IKE communication. By default the port of the socket 119 backend is used, which is usually `500`. If port 120 `500` is used, automatic IKE port floating to port 121 `4500` is used to work around NAT issues. 122 123 Using a non-default local IKE port requires support from the socket 124 backend in use (socket-dynamic). 125 ''; 126 127 remote_port = mkIntParam 500 '' 128 Remote UDP port for IKE communication. If the default of port 129 `500` is used, automatic IKE port floating to port 130 `4500` is used to work around NAT issues. 131 ''; 132 133 proposals = mkCommaSepListParam [ "default" ] '' 134 A proposal is a set of algorithms. For non-AEAD algorithms, this includes 135 for IKE an encryption algorithm, an integrity algorithm, a pseudo random 136 function and a Diffie-Hellman group. For AEAD algorithms, instead of 137 encryption and integrity algorithms, a combined algorithm is used. 138 139 In IKEv2, multiple algorithms of the same kind can be specified in a 140 single proposal, from which one gets selected. In IKEv1, only one 141 algorithm per kind is allowed per proposal, more algorithms get implicitly 142 stripped. Use multiple proposals to offer different algorithms 143 combinations in IKEv1. 144 145 Algorithm keywords get separated using dashes. Multiple proposals may be 146 specified in a list. The special value `default` forms a 147 default proposal of supported algorithms considered safe, and is usually a 148 good choice for interoperability. 149 ''; 150 151 vips = mkCommaSepListParam [ ] '' 152 List of virtual IPs to request in IKEv2 configuration payloads or IKEv1 153 Mode Config. The wildcard addresses `0.0.0.0` and 154 `::` request an arbitrary address, specific addresses may 155 be defined. The responder may return a different address, though, or none 156 at all. 157 ''; 158 159 aggressive = mkYesNoParam no '' 160 Enables Aggressive Mode instead of Main Mode with Identity 161 Protection. Aggressive Mode is considered less secure, because the ID and 162 HASH payloads are exchanged unprotected. This allows a passive attacker to 163 snoop peer identities, and even worse, start dictionary attacks on the 164 Preshared Key. 165 ''; 166 167 pull = mkYesNoParam yes '' 168 If the default of yes is used, Mode Config works in pull mode, where the 169 initiator actively requests a virtual IP. With no, push mode is used, 170 where the responder pushes down a virtual IP to the initiating peer. 171 172 Push mode is currently supported for IKEv1, but not in IKEv2. It is used 173 by a few implementations only, pull mode is recommended. 174 ''; 175 176 dscp = mkStrParam "000000" '' 177 Differentiated Services Field Codepoint to set on outgoing IKE packets for 178 this connection. The value is a six digit binary encoded string specifying 179 the Codepoint to set, as defined in RFC 2474. 180 ''; 181 182 encap = mkYesNoParam no '' 183 To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the 184 NAT detection payloads. This makes the peer believe that NAT takes place 185 on the path, forcing it to encapsulate ESP packets in UDP. 186 187 Usually this is not required, but it can help to work around connectivity 188 issues with too restrictive intermediary firewalls. 189 ''; 190 191 mobike = mkYesNoParam yes '' 192 Enables MOBIKE on IKEv2 connections. MOBIKE is enabled by default on IKEv2 193 connections, and allows mobility of clients and multi-homing on servers by 194 migrating active IPsec tunnels. 195 196 Usually keeping MOBIKE enabled is unproblematic, as it is not used if the 197 peer does not indicate support for it. However, due to the design of 198 MOBIKE, IKEv2 always floats to port 4500 starting from the second 199 exchange. Some implementations don't like this behavior, hence it can be 200 disabled. 201 ''; 202 203 dpd_delay = mkDurationParam "0s" '' 204 Interval to check the liveness of a peer actively using IKEv2 205 INFORMATIONAL exchanges or IKEv1 R_U_THERE messages. Active DPD checking 206 is only enforced if no IKE or ESP/AH packet has been received for the 207 configured DPD delay. 208 ''; 209 210 dpd_timeout = mkDurationParam "0s" '' 211 Charon by default uses the normal retransmission mechanism and timeouts to 212 check the liveness of a peer, as all messages are used for liveness 213 checking. For compatibility reasons, with IKEv1 a custom interval may be 214 specified; this option has no effect on connections using IKEv2. 215 ''; 216 217 fragmentation = mkEnumParam [ "yes" "accept" "force" "no" ] "yes" '' 218 Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2 219 fragmentation). Acceptable values are `yes` (the default 220 since 5.5.1), `accept` (since versions:5.5.3), 221 `force` and `no`. 222 223 - If set to `yes`, and the peer 224 supports it, oversized IKE messages will be sent in fragments. 225 - If set to 226 `accept`, support for fragmentation is announced to the peer but the daemon 227 does not send its own messages in fragments. 228 - If set to `force` (only 229 supported for IKEv1) the initial IKE message will already be fragmented if 230 required. 231 - Finally, setting the option to `no` will disable announcing 232 support for this feature. 233 234 Note that fragmented IKE messages sent by a peer are always processed 235 irrespective of the value of this option (even when set to no). 236 ''; 237 238 childless = mkEnumParam [ "allow" "prefer" "force" "never" ] "allow" '' 239 Use childless IKE_SA initiation (_allow_, _prefer_, _force_ or _never_). 240 241 Use childless IKE_SA initiation (RFC 6023) for IKEv2, with the first 242 CHILD_SA created with a separate CREATE_CHILD_SA exchange (e.g. to use an 243 independent DH exchange for all CHILD_SAs). Acceptable values are `allow` 244 (the default), `prefer`, `force` and `never`. If set to `allow`, responders 245 will accept childless IKE_SAs (as indicated via notify in the IKE_SA_INIT 246 response) while initiators continue to create regular IKE_SAs with the first 247 CHILD_SA created during IKE_AUTH, unless the IKE_SA is initiated explicitly 248 without any children (which will fail if the responder does not support or 249 has disabled this extension). The effect of `prefer` is the same as `allow` 250 on responders, but as initiator a childless IKE_SA is initiated if the 251 responder supports it. If set to `force`, only childless initiation is 252 accepted in either role. Finally, setting the option to `never` disables 253 support for childless IKE_SAs as responder. 254 ''; 255 256 send_certreq = mkYesNoParam yes '' 257 Send certificate request payloads to offer trusted root CA certificates to 258 the peer. Certificate requests help the peer to choose an appropriate 259 certificate/private key for authentication and are enabled by default. 260 Disabling certificate requests can be useful if too many trusted root CA 261 certificates are installed, as each certificate request increases the size 262 of the initial IKE packets. 263 ''; 264 265 send_cert = mkEnumParam [ "always" "never" "ifasked" ] "ifasked" '' 266 Send certificate payloads when using certificate authentication. 267 268 - With the default of `ifasked` the daemon sends 269 certificate payloads only if certificate requests have been received. 270 - `never` disables sending of certificate payloads 271 altogether, 272 - `always` causes certificate payloads to be sent 273 unconditionally whenever certificate authentication is used. 274 ''; 275 276 ppk_id = mkOptionalStrParam '' 277 String identifying the Postquantum Preshared Key (PPK) to be used. 278 ''; 279 280 ppk_required = mkYesNoParam no '' 281 Whether a Postquantum Preshared Key (PPK) is required for this connection. 282 ''; 283 284 keyingtries = mkIntParam 1 '' 285 Number of retransmission sequences to perform during initial 286 connect. Instead of giving up initiation after the first retransmission 287 sequence with the default value of `1`, additional 288 sequences may be started according to the configured value. A value of 289 `0` initiates a new sequence until the connection 290 establishes or fails with a permanent error. 291 ''; 292 293 unique = mkEnumParam [ "no" "never" "keep" "replace" ] "no" '' 294 Connection uniqueness policy to enforce. To avoid multiple connections 295 from the same user, a uniqueness policy can be enforced. 296 297 - The value `never` does never enforce such a policy, even 298 if a peer included INITIAL_CONTACT notification messages, 299 - whereas `no` replaces existing connections for the same 300 identity if a new one has the INITIAL_CONTACT notify. 301 - `keep` rejects new connection attempts if the same user 302 already has an active connection, 303 - `replace` deletes any existing connection if a new one 304 for the same user gets established. 305 306 To compare connections for uniqueness, the remote IKE identity is used. If 307 EAP or XAuth authentication is involved, the EAP-Identity or XAuth 308 username is used to enforce the uniqueness policy instead. 309 310 On initiators this setting specifies whether an INITIAL_CONTACT notify is 311 sent during IKE_AUTH if no existing connection is found with the remote 312 peer (determined by the identities of the first authentication 313 round). Unless set to `never` the client will send a notify. 314 ''; 315 316 reauth_time = mkDurationParam "0s" '' 317 Time to schedule IKE reauthentication. IKE reauthentication recreates the 318 IKE/ISAKMP SA from scratch and re-evaluates the credentials. In asymmetric 319 configurations (with EAP or configuration payloads) it might not be 320 possible to actively reauthenticate as responder. The IKEv2 321 reauthentication lifetime negotiation can instruct the client to perform 322 reauthentication. 323 324 Reauthentication is disabled by default. Enabling it usually may lead to 325 small connection interruptions, as strongSwan uses a break-before-make 326 policy with IKEv2 to avoid any conflicts with associated tunnel resources. 327 ''; 328 329 rekey_time = mkDurationParam "4h" '' 330 IKE rekeying refreshes key material using a Diffie-Hellman exchange, but 331 does not re-check associated credentials. It is supported in IKEv2 only, 332 IKEv1 performs a reauthentication procedure instead. 333 334 With the default value IKE rekeying is scheduled every 4 hours, minus the 335 configured rand_time. If a reauth_time is configured, rekey_time defaults 336 to zero, disabling rekeying; explicitly set both to enforce rekeying and 337 reauthentication. 338 ''; 339 340 over_time = mkOptionalDurationParam '' 341 Hard IKE_SA lifetime if rekey/reauth does not complete, as time. To avoid 342 having an IKE/ISAKMP kept alive if IKE reauthentication or rekeying fails 343 perpetually, a maximum hard lifetime may be specified. If the IKE_SA fails 344 to rekey or reauthenticate within the specified time, the IKE_SA gets 345 closed. 346 347 In contrast to CHILD_SA rekeying, over_time is relative in time to the 348 rekey_time and reauth_time values, as it applies to both. 349 350 The default is 10% of the longer of {option}`rekey_time` and 351 {option}`reauth_time`. 352 ''; 353 354 rand_time = mkOptionalDurationParam '' 355 Time range from which to choose a random value to subtract from 356 rekey/reauth times. To avoid having both peers initiating the rekey/reauth 357 procedure simultaneously, a random time gets subtracted from the 358 rekey/reauth times. 359 360 The default is equal to the configured {option}`over_time`. 361 ''; 362 363 pools = mkCommaSepListParam [ ] '' 364 List of named IP pools to allocate virtual IP addresses 365 and other configuration attributes from. Each name references a pool by 366 name from either the pools section or an external pool. 367 ''; 368 369 if_id_in = mkStrParam "0" '' 370 XFRM interface ID set on inbound policies/SA, can be overridden by child 371 config, see there for details. 372 373 The special value `%unique` allocates a unique interface ID per IKE_SA, 374 which is inherited by all its CHILD_SAs (unless overridden there), beyond 375 that the value `%unique-dir` assigns a different unique interface ID for 376 each direction (in/out). 377 378 ''; 379 380 if_id_out = mkStrParam "0" '' 381 XFRM interface ID set on outbound policies/SA, can be overridden by child 382 config, see there for details. 383 384 The special value `%unique` allocates a unique interface ID per IKE_SA, 385 which is inherited by all its CHILD_SAs (unless overridden there), beyond 386 that the value `%unique-dir` assigns a different unique interface ID for 387 each direction (in/out). 388 ''; 389 390 mediation = mkYesNoParam no '' 391 Whether this connection is a mediation connection, that is, whether this 392 connection is used to mediate other connections using the IKEv2 Mediation 393 Extension. Mediation connections create no CHILD_SA. 394 ''; 395 396 mediated_by = mkOptionalStrParam '' 397 The name of the connection to mediate this connection through. If given, 398 the connection will be mediated through the named mediation 399 connection. The mediation connection must have mediation enabled. 400 ''; 401 402 mediation_peer = mkOptionalStrParam '' 403 Identity under which the peer is registered at the mediation server, that 404 is, the IKE identity the other end of this connection uses as its local 405 identity on its connection to the mediation server. This is the identity 406 we request the mediation server to mediate us with. Only relevant on 407 connections that set mediated_by. If it is not given, the remote IKE 408 identity of the first authentication round of this connection will be 409 used. 410 ''; 411 412 local = 413 mkPrefixedAttrsOfParams 414 { 415 416 round = mkIntParam 0 '' 417 Optional numeric identifier by which authentication rounds are 418 sorted. If not specified rounds are ordered by their position in the 419 config file/vici message. 420 ''; 421 422 certs = mkCommaSepListParam [ ] '' 423 List of certificate candidates to use for 424 authentication. The certificates may use a relative path from the 425 swanctl `x509` directory or an absolute path. 426 427 The certificate used for authentication is selected based on the 428 received certificate request payloads. If no appropriate CA can be 429 located, the first certificate is used. 430 ''; 431 432 cert = mkPostfixedAttrsOfParams certParams '' 433 Section for a certificate candidate to use for 434 authentication. Certificates in certs are transmitted as binary blobs, 435 these sections offer more flexibility. 436 ''; 437 438 pubkeys = mkCommaSepListParam [ ] '' 439 List of raw public key candidates to use for 440 authentication. The public keys may use a relative path from the swanctl 441 `pubkey` directory or an absolute path. 442 443 Even though multiple local public keys could be defined in principle, 444 only the first public key in the list is used for authentication. 445 ''; 446 447 auth = mkStrParam "pubkey" '' 448 Authentication to perform locally. 449 450 - The default `pubkey` uses public key authentication 451 using a private key associated to a usable certificate. 452 - `psk` uses pre-shared key authentication. 453 - The IKEv1 specific `xauth` is used for XAuth or Hybrid 454 authentication, 455 - while the IKEv2 specific `eap` keyword defines EAP 456 authentication. 457 - For `xauth`, a specific backend name may be appended, 458 separated by a dash. The appropriate `xauth` backend is 459 selected to perform the XAuth exchange. For traditional XAuth, the 460 `xauth` method is usually defined in the second 461 authentication round following an initial `pubkey` (or 462 `psk`) round. Using `xauth` in the 463 first round performs Hybrid Mode client authentication. 464 - For `eap`, a specific EAP method name may be appended, separated by a 465 dash. An EAP module implementing the appropriate method is selected to 466 perform the EAP conversation. 467 - Since 5.4.0, if both peers support RFC 7427 ("Signature Authentication 468 in IKEv2") specific hash algorithms to be used during IKEv2 469 authentication may be configured. To do so use `ike:` 470 followed by a trust chain signature scheme constraint (see description 471 of the {option}`remote` section's {option}`auth` 472 keyword). For example, with `ike:pubkey-sha384-sha256` 473 a public key signature scheme with either SHA-384 or SHA-256 would get 474 used for authentication, in that order and depending on the hash 475 algorithms supported by the peer. If no specific hash algorithms are 476 configured, the default is to prefer an algorithm that matches or 477 exceeds the strength of the signature key. If no constraints with 478 `ike:` prefix are configured any signature scheme 479 constraint (without `ike:` prefix) will also apply to 480 IKEv2 authentication, unless this is disabled in 481 `strongswan.conf`. To use RSASSA-PSS signatures use 482 `rsa/pss` instead of `pubkey` or 483 `rsa` as in e.g. 484 `ike:rsa/pss-sha256`. If `pubkey` or 485 `rsa` constraints are configured RSASSA-PSS signatures 486 will only be used if enabled in `strongswan.conf`(5). 487 ''; 488 489 id = mkOptionalStrParam '' 490 IKE identity to use for authentication round. When using certificate 491 authentication, the IKE identity must be contained in the certificate, 492 either as subject or as subjectAltName. 493 ''; 494 495 eap_id = mkOptionalStrParam '' 496 Client EAP-Identity to use in EAP-Identity exchange and the EAP method. 497 ''; 498 499 aaa_id = mkOptionalStrParam '' 500 Server side EAP-Identity to expect in the EAP method. Some EAP methods, 501 such as EAP-TLS, use an identity for the server to perform mutual 502 authentication. This identity may differ from the IKE identity, 503 especially when EAP authentication is delegated from the IKE responder 504 to an AAA backend. 505 506 For EAP-(T)TLS, this defines the identity for which the server must 507 provide a certificate in the TLS exchange. 508 ''; 509 510 xauth_id = mkOptionalStrParam '' 511 Client XAuth username used in the XAuth exchange. 512 ''; 513 514 } 515 '' 516 Section for a local authentication round. A local authentication round 517 defines the rules how authentication is performed for the local 518 peer. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple 519 Authentication or IKEv1 XAuth. 520 521 Each round is defined in a section having `local` as 522 prefix, and an optional unique suffix. To define a single authentication 523 round, the suffix may be omitted. 524 ''; 525 526 remote = 527 mkPrefixedAttrsOfParams 528 { 529 530 round = mkIntParam 0 '' 531 Optional numeric identifier by which authentication rounds are 532 sorted. If not specified rounds are ordered by their position in the 533 config file/vici message. 534 ''; 535 536 id = mkStrParam "%any" '' 537 IKE identity to expect for authentication round. When using certificate 538 authentication, the IKE identity must be contained in the certificate, 539 either as subject or as subjectAltName. 540 ''; 541 542 eap_id = mkOptionalStrParam '' 543 Identity to use as peer identity during EAP authentication. If set to 544 `%any` the EAP-Identity method will be used to ask the 545 client for an EAP identity. 546 ''; 547 548 groups = mkCommaSepListParam [ ] '' 549 Authorization group memberships to require. The peer 550 must prove membership to at least one of the specified groups. Group 551 membership can be certified by different means, for example by 552 appropriate Attribute Certificates or by an AAA backend involved in the 553 authentication. 554 ''; 555 556 cert_policy = mkCommaSepListParam [ ] '' 557 List of certificate policy OIDs the peer's certificate 558 must have. OIDs are specified using the numerical dotted representation. 559 ''; 560 561 certs = mkCommaSepListParam [ ] '' 562 List of certificates to accept for authentication. The certificates may 563 use a relative path from the swanctl `x509` directory 564 or an absolute path. 565 ''; 566 567 cert = mkPostfixedAttrsOfParams certParams '' 568 Section for a certificate candidate to use for 569 authentication. Certificates in certs are transmitted as binary blobs, 570 these sections offer more flexibility. 571 ''; 572 573 ca_id = mkOptionalStrParam '' 574 Identity in CA certificate to accept for authentication. The specified 575 identity must be contained in one (intermediate) CA of the remote peer 576 trustchain, either as subject or as subjectAltName. This has the same 577 effect as specifying `cacerts` to force clients under 578 a CA to specific connections; it does not require the CA certificate 579 to be available locally, and can be received from the peer during the 580 IKE exchange. 581 ''; 582 583 cacerts = mkCommaSepListParam [ ] '' 584 List of CA certificates to accept for 585 authentication. The certificates may use a relative path from the 586 swanctl `x509ca` directory or an absolute path. 587 ''; 588 589 cacert = mkPostfixedAttrsOfParams certParams '' 590 Section for a CA certificate to accept for authentication. Certificates 591 in cacerts are transmitted as binary blobs, these sections offer more 592 flexibility. 593 ''; 594 595 pubkeys = mkCommaSepListParam [ ] '' 596 List of raw public keys to accept for 597 authentication. The public keys may use a relative path from the swanctl 598 `pubkey` directory or an absolute path. 599 ''; 600 601 revocation = mkEnumParam [ "strict" "ifuri" "relaxed" ] "relaxed" '' 602 Certificate revocation policy for CRL or OCSP revocation. 603 604 - A `strict` revocation policy fails if no revocation information is 605 available, i.e. the certificate is not known to be unrevoked. 606 - `ifuri` fails only if a CRL/OCSP URI is available, but certificate 607 revocation checking fails, i.e. there should be revocation information 608 available, but it could not be obtained. 609 - The default revocation policy `relaxed` fails only if a certificate is 610 revoked, i.e. it is explicitly known that it is bad. 611 ''; 612 613 auth = mkStrParam "pubkey" '' 614 Authentication to expect from remote. See the {option}`local` 615 section's {option}`auth` keyword description about the details of 616 supported mechanisms. 617 618 Since 5.4.0, to require a trustchain public key strength for the remote 619 side, specify the key type followed by the minimum strength in bits (for 620 example `ecdsa-384` or 621 `rsa-2048-ecdsa-256`). To limit the acceptable set of 622 hashing algorithms for trustchain validation, append hash algorithms to 623 pubkey or a key strength definition (for example 624 `pubkey-sha256-sha512`, 625 `rsa-2048-sha256-sha384-sha512` or 626 `rsa-2048-sha256-ecdsa-256-sha256-sha384`). 627 Unless disabled in `strongswan.conf`, or explicit IKEv2 628 signature constraints are configured (refer to the description of the 629 {option}`local` section's {option}`auth` keyword for 630 details), such key types and hash algorithms are also applied as 631 constraints against IKEv2 signature authentication schemes used by the 632 remote side. To require RSASSA-PSS signatures use 633 `rsa/pss` instead of `pubkey` or 634 `rsa` as in e.g. `rsa/pss-sha256`. If 635 `pubkey` or `rsa` constraints are 636 configured RSASSA-PSS signatures will only be accepted if enabled in 637 `strongswan.conf`(5). 638 639 To specify trust chain constraints for EAP-(T)TLS, append a colon to the 640 EAP method, followed by the key type/size and hash algorithm as 641 discussed above (e.g. `eap-tls:ecdsa-384-sha384`). 642 ''; 643 644 } 645 '' 646 Section for a remote authentication round. A remote authentication round 647 defines the constraints how the peers must authenticate to use this 648 connection. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple 649 Authentication or IKEv1 XAuth. 650 651 Each round is defined in a section having `remote` as 652 prefix, and an optional unique suffix. To define a single authentication 653 round, the suffix may be omitted. 654 ''; 655 656 children = 657 mkAttrsOfParams 658 { 659 ah_proposals = mkCommaSepListParam [ ] '' 660 AH proposals to offer for the CHILD_SA. A proposal is a set of 661 algorithms. For AH, this includes an integrity algorithm and an optional 662 Diffie-Hellman group. If a DH group is specified, CHILD_SA/Quick Mode 663 rekeying and initial negotiation uses a separate Diffie-Hellman exchange 664 using the specified group (refer to esp_proposals for details). 665 666 In IKEv2, multiple algorithms of the same kind can be specified in a 667 single proposal, from which one gets selected. In IKEv1, only one 668 algorithm per kind is allowed per proposal, more algorithms get 669 implicitly stripped. Use multiple proposals to offer different algorithms 670 combinations in IKEv1. 671 672 Algorithm keywords get separated using dashes. Multiple proposals may be 673 specified in a list. The special value `default` forms 674 a default proposal of supported algorithms considered safe, and is 675 usually a good choice for interoperability. By default no AH proposals 676 are included, instead ESP is proposed. 677 ''; 678 679 esp_proposals = mkCommaSepListParam [ "default" ] '' 680 ESP proposals to offer for the CHILD_SA. A proposal is a set of 681 algorithms. For ESP non-AEAD proposals, this includes an integrity 682 algorithm, an encryption algorithm, an optional Diffie-Hellman group and 683 an optional Extended Sequence Number Mode indicator. For AEAD proposals, 684 a combined mode algorithm is used instead of the separate 685 encryption/integrity algorithms. 686 687 If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial 688 negotiation use a separate Diffie-Hellman exchange using the specified 689 group. However, for IKEv2, the keys of the CHILD_SA created implicitly 690 with the IKE_SA will always be derived from the IKE_SA's key material. So 691 any DH group specified here will only apply when the CHILD_SA is later 692 rekeyed or is created with a separate CREATE_CHILD_SA exchange. A 693 proposal mismatch might, therefore, not immediately be noticed when the 694 SA is established, but may later cause rekeying to fail. 695 696 Extended Sequence Number support may be indicated with the 697 `esn` and `noesn` values, both may be 698 included to indicate support for both modes. If omitted, 699 `noesn` is assumed. 700 701 In IKEv2, multiple algorithms of the same kind can be specified in a 702 single proposal, from which one gets selected. In IKEv1, only one 703 algorithm per kind is allowed per proposal, more algorithms get 704 implicitly stripped. Use multiple proposals to offer different algorithms 705 combinations in IKEv1. 706 707 Algorithm keywords get separated using dashes. Multiple proposals may be 708 specified as a list. The special value `default` forms 709 a default proposal of supported algorithms considered safe, and is 710 usually a good choice for interoperability. If no algorithms are 711 specified for AH nor ESP, the default set of algorithms for ESP is 712 included. 713 ''; 714 715 sha256_96 = mkYesNoParam no '' 716 HMAC-SHA-256 is used with 128-bit truncation with IPsec. For 717 compatibility with implementations that incorrectly use 96-bit truncation 718 this option may be enabled to configure the shorter truncation length in 719 the kernel. This is not negotiated, so this only works with peers that 720 use the incorrect truncation length (or have this option enabled). 721 ''; 722 723 local_ts = mkCommaSepListParam [ "dynamic" ] '' 724 List of local traffic selectors to include in CHILD_SA. Each selector is 725 a CIDR subnet definition, followed by an optional proto/port 726 selector. The special value `dynamic` may be used 727 instead of a subnet definition, which gets replaced by the tunnel outer 728 address or the virtual IP, if negotiated. This is the default. 729 730 A protocol/port selector is surrounded by opening and closing square 731 brackets. Between these brackets, a numeric or getservent(3) protocol 732 name may be specified. After the optional protocol restriction, an 733 optional port restriction may be specified, separated by a slash. The 734 port restriction may be numeric, a getservent(3) service name, or the 735 special value `opaque` for RFC 4301 OPAQUE 736 selectors. Port ranges may be specified as well, none of the kernel 737 backends currently support port ranges, though. 738 739 When IKEv1 is used only the first selector is interpreted, except if the 740 Cisco Unity extension plugin is used. This is due to a limitation of the 741 IKEv1 protocol, which only allows a single pair of selectors per 742 CHILD_SA. So to tunnel traffic matched by several pairs of selectors when 743 using IKEv1 several children (CHILD_SAs) have to be defined that cover 744 the selectors. The IKE daemon uses traffic selector narrowing for IKEv1, 745 the same way it is standardized and implemented for IKEv2. However, this 746 may lead to problems with other implementations. To avoid that, configure 747 identical selectors in such scenarios. 748 ''; 749 750 remote_ts = mkCommaSepListParam [ "dynamic" ] '' 751 List of remote selectors to include in CHILD_SA. See 752 {option}`local_ts` for a description of the selector syntax. 753 ''; 754 755 rekey_time = mkDurationParam "1h" '' 756 Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key 757 material, optionally using a Diffie-Hellman exchange if a group is 758 specified in the proposal. To avoid rekey collisions initiated by both 759 ends simultaneously, a value in the range of {option}`rand_time` 760 gets subtracted to form the effective soft lifetime. 761 762 By default CHILD_SA rekeying is scheduled every hour, minus 763 {option}`rand_time`. 764 ''; 765 766 life_time = mkOptionalDurationParam '' 767 Maximum lifetime before CHILD_SA gets closed. Usually this hard lifetime 768 is never reached, because the CHILD_SA gets rekeyed before. If that fails 769 for whatever reason, this limit closes the CHILD_SA. The default is 10% 770 more than the {option}`rekey_time`. 771 ''; 772 773 rand_time = mkOptionalDurationParam '' 774 Time range from which to choose a random value to subtract from 775 {option}`rekey_time`. The default is the difference between 776 {option}`life_time` and {option}`rekey_time`. 777 ''; 778 779 rekey_bytes = mkIntParam 0 '' 780 Number of bytes processed before initiating CHILD_SA rekeying. CHILD_SA 781 rekeying refreshes key material, optionally using a Diffie-Hellman 782 exchange if a group is specified in the proposal. 783 784 To avoid rekey collisions initiated by both ends simultaneously, a value 785 in the range of {option}`rand_bytes` gets subtracted to form the 786 effective soft volume limit. 787 788 Volume based CHILD_SA rekeying is disabled by default. 789 ''; 790 791 life_bytes = mkOptionalIntParam '' 792 Maximum bytes processed before CHILD_SA gets closed. Usually this hard 793 volume limit is never reached, because the CHILD_SA gets rekeyed 794 before. If that fails for whatever reason, this limit closes the 795 CHILD_SA. The default is 10% more than {option}`rekey_bytes`. 796 ''; 797 798 rand_bytes = mkOptionalIntParam '' 799 Byte range from which to choose a random value to subtract from 800 {option}`rekey_bytes`. The default is the difference between 801 {option}`life_bytes` and {option}`rekey_bytes`. 802 ''; 803 804 rekey_packets = mkIntParam 0 '' 805 Number of packets processed before initiating CHILD_SA rekeying. CHILD_SA 806 rekeying refreshes key material, optionally using a Diffie-Hellman 807 exchange if a group is specified in the proposal. 808 809 To avoid rekey collisions initiated by both ends simultaneously, a value 810 in the range of {option}`rand_packets` gets subtracted to form 811 the effective soft packet count limit. 812 813 Packet count based CHILD_SA rekeying is disabled by default. 814 ''; 815 816 life_packets = mkOptionalIntParam '' 817 Maximum number of packets processed before CHILD_SA gets closed. Usually 818 this hard packets limit is never reached, because the CHILD_SA gets 819 rekeyed before. If that fails for whatever reason, this limit closes the 820 CHILD_SA. 821 822 The default is 10% more than {option}`rekey_bytes`. 823 ''; 824 825 rand_packets = mkOptionalIntParam '' 826 Packet range from which to choose a random value to subtract from 827 {option}`rekey_packets`. The default is the difference between 828 {option}`life_packets` and {option}`rekey_packets`. 829 ''; 830 831 updown = mkOptionalStrParam '' 832 Updown script to invoke on CHILD_SA up and down events. 833 ''; 834 835 hostaccess = mkYesNoParam no '' 836 Hostaccess variable to pass to `updown` script. 837 ''; 838 839 mode = 840 mkEnumParam 841 [ 842 "tunnel" 843 "transport" 844 "transport_proxy" 845 "beet" 846 "pass" 847 "drop" 848 ] 849 "tunnel" 850 '' 851 IPsec Mode to establish CHILD_SA with. 852 853 - `tunnel` negotiates the CHILD_SA in IPsec Tunnel Mode, 854 - whereas `transport` uses IPsec Transport Mode. 855 - `transport_proxy` signifying the special Mobile IPv6 856 Transport Proxy Mode. 857 - `beet` is the Bound End to End Tunnel mixture mode, 858 working with fixed inner addresses without the need to include them in 859 each packet. 860 - Both `transport` and `beet` modes are 861 subject to mode negotiation; `tunnel` mode is 862 negotiated if the preferred mode is not available. 863 - `pass` and `drop` are used to install 864 shunt policies which explicitly bypass the defined traffic from IPsec 865 processing or drop it, respectively. 866 ''; 867 868 policies = mkYesNoParam yes '' 869 Whether to install IPsec policies or not. Disabling this can be useful in 870 some scenarios e.g. MIPv6, where policies are not managed by the IKE 871 daemon. Since 5.3.3. 872 ''; 873 874 policies_fwd_out = mkYesNoParam no '' 875 Whether to install outbound FWD IPsec policies or not. Enabling this is 876 required in case there is a drop policy that would match and block 877 forwarded traffic for this CHILD_SA. Since 5.5.1. 878 ''; 879 880 dpd_action = mkEnumParam [ "clear" "trap" "restart" ] "clear" '' 881 Action to perform for this CHILD_SA on DPD timeout. The default clear 882 closes the CHILD_SA and does not take further action. trap installs a 883 trap policy, which will catch matching traffic and tries to re-negotiate 884 the tunnel on-demand. restart immediately tries to re-negotiate the 885 CHILD_SA under a fresh IKE_SA. 886 ''; 887 888 ipcomp = mkYesNoParam no '' 889 Enable IPComp compression before encryption. If enabled, IKE tries to 890 negotiate IPComp compression to compress ESP payload data prior to 891 encryption. 892 ''; 893 894 inactivity = mkDurationParam "0s" '' 895 Timeout before closing CHILD_SA after inactivity. If no traffic has been 896 processed in either direction for the configured timeout, the CHILD_SA 897 gets closed due to inactivity. The default value of 0 disables inactivity 898 checks. 899 ''; 900 901 reqid = mkIntParam 0 '' 902 Fixed reqid to use for this CHILD_SA. This might be helpful in some 903 scenarios, but works only if each CHILD_SA configuration is instantiated 904 not more than once. The default of 0 uses dynamic reqids, allocated 905 incrementally. 906 ''; 907 908 priority = mkIntParam 0 '' 909 Optional fixed priority for IPsec policies. This could be useful to 910 install high-priority drop policies. The default of 0 uses dynamically 911 calculated priorities based on the size of the traffic selectors. 912 ''; 913 914 interface = mkOptionalStrParam '' 915 Optional interface name to restrict outbound IPsec policies. 916 ''; 917 918 mark_in = mkStrParam "0/0x00000000" '' 919 Netfilter mark and mask for input traffic. On Linux, Netfilter may 920 require marks on each packet to match an SA/policy having that option 921 set. This allows installing duplicate policies and enables Netfilter 922 rules to select specific SAs/policies for incoming traffic. Note that 923 inbound marks are only set on policies, by default, unless 924 {option}`mark_in_sa` is enabled. The special value 925 `%unique` sets a unique mark on each CHILD_SA instance, 926 beyond that the value `%unique-dir` assigns a different 927 unique mark for each 928 929 An additional mask may be appended to the mark, separated by 930 `/`. The default mask if omitted is 931 `0xffffffff`. 932 ''; 933 934 mark_in_sa = mkYesNoParam no '' 935 Whether to set {option}`mark_in` on the inbound SA. By default, 936 the inbound mark is only set on the inbound policy. The tuple destination 937 address, protocol and SPI is unique and the mark is not required to find 938 the correct SA, allowing to mark traffic after decryption instead (where 939 more specific selectors may be used) to match different policies. Marking 940 packets before decryption is still possible, even if no mark is set on 941 the SA. 942 ''; 943 944 mark_out = mkStrParam "0/0x00000000" '' 945 Netfilter mark and mask for output traffic. On Linux, Netfilter may 946 require marks on each packet to match a policy/SA having that option 947 set. This allows installing duplicate policies and enables Netfilter 948 rules to select specific policies/SAs for outgoing traffic. The special 949 value `%unique` sets a unique mark on each CHILD_SA 950 instance, beyond that the value `%unique-dir` assigns a 951 different unique mark for each CHILD_SA direction (in/out). 952 953 An additional mask may be appended to the mark, separated by 954 `/`. The default mask if omitted is 955 `0xffffffff`. 956 ''; 957 958 set_mark_in = mkStrParam "0/0x00000000" '' 959 Netfilter mark applied to packets after the inbound IPsec SA processed 960 them. This way it's not necessary to mark packets via Netfilter before 961 decryption or right afterwards to match policies or process them 962 differently (e.g. via policy routing). 963 964 An additional mask may be appended to the mark, separated by 965 `/`. The default mask if omitted is 0xffffffff. The 966 special value `%same` uses the value (but not the mask) 967 from {option}`mark_in` as mark value, which can be fixed, 968 `%unique` or `%unique-dir`. 969 970 Setting marks in XFRM input requires Linux 4.19 or higher. 971 ''; 972 973 set_mark_out = mkStrParam "0/0x00000000" '' 974 Netfilter mark applied to packets after the outbound IPsec SA processed 975 them. This allows processing ESP packets differently than the original 976 traffic (e.g. via policy routing). 977 978 An additional mask may be appended to the mark, separated by 979 `/`. The default mask if omitted is 0xffffffff. The 980 special value `%same` uses the value (but not the mask) 981 from {option}`mark_out` as mark value, which can be fixed, 982 `%unique_` or `%unique-dir`. 983 984 Setting marks in XFRM output is supported since Linux 4.14. Setting a 985 mask requires at least Linux 4.19. 986 ''; 987 988 if_id_in = mkStrParam "0" '' 989 XFRM interface ID set on inbound policies/SA. This allows installing 990 duplicate policies/SAs and associates them with an interface with the 991 same ID. The special value `%unique` sets a unique 992 interface ID on each CHILD_SA instance, beyond that the value 993 `%unique-dir` assigns a different unique interface ID 994 for each CHILD_SA direction (in/out). 995 ''; 996 997 if_id_out = mkStrParam "0" '' 998 XFRM interface ID set on outbound policies/SA. This allows installing 999 duplicate policies/SAs and associates them with an interface with the 1000 same ID. The special value `%unique` sets a unique 1001 interface ID on each CHILD_SA instance, beyond that the value 1002 `%unique-dir` assigns a different unique interface ID 1003 for each CHILD_SA direction (in/out). 1004 1005 The daemon will not install routes for CHILD_SAs that have this option set. 1006 ''; 1007 1008 tfc_padding = mkParamOfType (with lib.types; either int (enum [ "mtu" ])) 0 '' 1009 Pads ESP packets with additional data to have a consistent ESP packet 1010 size for improved Traffic Flow Confidentiality. The padding defines the 1011 minimum size of all ESP packets sent. The default value of 1012 `0` disables TFC padding, the special value 1013 `mtu` adds TFC padding to create a packet size equal to 1014 the Path Maximum Transfer Unit. 1015 ''; 1016 1017 replay_window = mkIntParam 32 '' 1018 IPsec replay window to configure for this CHILD_SA. Larger values than 1019 the default of `32` are supported using the Netlink 1020 backend only, a value of `0` disables IPsec replay 1021 protection. 1022 ''; 1023 1024 hw_offload = mkEnumParam [ "yes" "no" "auto" "crypto" "packet" ] "no" '' 1025 Enable hardware offload for this CHILD_SA, if supported by the IPsec 1026 implementation. The values `crypto` or `packet` enforce crypto or full 1027 packet offloading and the installation will fail if the selected mode is not 1028 supported by either kernel or device. On Linux, `packet` also offloads 1029 policies, including trap policies. The value `auto` enables full packet 1030 or crypto offloading, if either is supported, but the installation does not 1031 fail otherwise. 1032 ''; 1033 1034 copy_df = mkYesNoParam yes '' 1035 Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This 1036 effectively disables Path MTU discovery (PMTUD). Controlling this 1037 behavior is not supported by all kernel interfaces. 1038 ''; 1039 1040 copy_ecn = mkYesNoParam yes '' 1041 Whether to copy the ECN (Explicit Congestion Notification) header field 1042 to/from the outer IP header in tunnel mode. Controlling this behavior is 1043 not supported by all kernel interfaces. 1044 ''; 1045 1046 copy_dscp = mkEnumParam [ "out" "in" "yes" "no" ] "out" '' 1047 Whether to copy the DSCP (Differentiated Services Field Codepoint) 1048 header field to/from the outer IP header in tunnel mode. The value 1049 `out` only copies the field from the inner to the outer 1050 header, the value `in` does the opposite and only 1051 copies the field from the outer to the inner header when decapsulating, 1052 the value `yes` copies the field in both directions, 1053 and the value `no` disables copying the field 1054 altogether. Setting this to `yes` or 1055 `in` could allow an attacker to adversely affect other 1056 traffic at the receiver, which is why the default is 1057 `out`. Controlling this behavior is not supported by 1058 all kernel interfaces. 1059 ''; 1060 1061 start_action = mkEnumParam [ "none" "trap" "start" "trap|start" ] "none" '' 1062 Action to perform after loading the configuration. 1063 1064 - The default of `none` loads the connection only, which 1065 then can be manually initiated or used as a responder configuration. 1066 - The value `trap` installs a trap policy, which triggers 1067 the tunnel as soon as matching traffic has been detected. 1068 - The value `start` initiates the connection actively. 1069 - Since version 5.9.6 two modes above can be combined with `trap|start`, 1070 to immediately initiate a connection for which trap policies have been installed. 1071 1072 When unloading or replacing a CHILD_SA configuration having a 1073 {option}`start_action` different from `none`, 1074 the inverse action is performed. Configurations with 1075 `start` get closed, while such with 1076 `trap` get uninstalled. 1077 ''; 1078 1079 close_action = mkEnumParam [ "none" "trap" "start" ] "none" '' 1080 Action to perform after a CHILD_SA gets closed by the peer. 1081 1082 - The default of `none` does not take any action, 1083 - `trap` installs a trap policy for the CHILD_SA. 1084 - `start` tries to re-create the CHILD_SA. 1085 1086 {option}`close_action` does not provide any guarantee that the 1087 CHILD_SA is kept alive. It acts on explicit close messages only, but not 1088 on negotiation failures. Use trap policies to reliably re-create failed 1089 CHILD_SAs. 1090 ''; 1091 1092 } 1093 '' 1094 CHILD_SA configuration sub-section. Each connection definition may have 1095 one or more sections in its {option}`children` subsection. The 1096 section name defines the name of the CHILD_SA configuration, which must be 1097 unique within the connection (denoted \<child\> below). 1098 ''; 1099 } 1100 '' 1101 Section defining IKE connection configurations, each in its own subsection 1102 with an arbitrary yet unique name 1103 ''; 1104 1105 secrets = 1106 let 1107 mkEapXauthParams = 1108 mkPrefixedAttrsOfParams 1109 { 1110 secret = mkOptionalStrParam '' 1111 Value of the EAP/XAuth secret. It may either be an ASCII string, a hex 1112 encoded string if it has a 0x prefix or a Base64 encoded string if it 1113 has a 0s prefix in its value. 1114 ''; 1115 1116 id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") '' 1117 Identity the EAP/XAuth secret belongs to. Multiple unique identities may 1118 be specified, each having an `id` prefix, if a secret 1119 is shared between multiple users. 1120 ''; 1121 1122 } 1123 '' 1124 EAP secret section for a specific secret. Each EAP secret is defined in a 1125 unique section having the `eap` prefix. EAP secrets are 1126 used for XAuth authentication as well. 1127 ''; 1128 1129 in 1130 { 1131 1132 eap = mkEapXauthParams; 1133 xauth = mkEapXauthParams; 1134 1135 ntlm = 1136 mkPrefixedAttrsOfParams 1137 { 1138 secret = mkOptionalStrParam '' 1139 Value of the NTLM secret, which is the NT Hash of the actual secret, 1140 that is, MD4(UTF-16LE(secret)). The resulting 16-byte value may either 1141 be given as a hex encoded string with a 0x prefix or as a Base64 encoded 1142 string with a 0s prefix. 1143 ''; 1144 1145 id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") '' 1146 Identity the NTLM secret belongs to. Multiple unique identities may be 1147 specified, each having an id prefix, if a secret is shared between 1148 multiple users. 1149 ''; 1150 } 1151 '' 1152 NTLM secret section for a specific secret. Each NTLM secret is defined in 1153 a unique section having the `ntlm` prefix. NTLM secrets 1154 may only be used for EAP-MSCHAPv2 authentication. 1155 ''; 1156 1157 ike = 1158 mkPrefixedAttrsOfParams 1159 { 1160 secret = mkOptionalStrParam '' 1161 Value of the IKE preshared secret. It may either be an ASCII string, a 1162 hex encoded string if it has a 0x prefix or a Base64 encoded string if 1163 it has a 0s prefix in its value. 1164 ''; 1165 1166 id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") '' 1167 IKE identity the IKE preshared secret belongs to. Multiple unique 1168 identities may be specified, each having an `id` 1169 prefix, if a secret is shared between multiple peers. 1170 ''; 1171 } 1172 '' 1173 IKE preshared secret section for a specific secret. Each IKE PSK is 1174 defined in a unique section having the `ike` prefix. 1175 ''; 1176 1177 ppk = 1178 mkPrefixedAttrsOfParams 1179 { 1180 secret = mkOptionalStrParam '' 1181 Value of the PPK. It may either be an ASCII string, a hex encoded string 1182 if it has a `0x` prefix or a Base64 encoded string if 1183 it has a `0s` prefix in its value. Should have at least 1184 256 bits of entropy for 128-bit security. 1185 ''; 1186 1187 id = mkPrefixedAttrsOfParam (mkOptionalStrParam "") '' 1188 PPK identity the PPK belongs to. Multiple unique identities may be 1189 specified, each having an `id` prefix, if a secret is 1190 shared between multiple peers. 1191 ''; 1192 } 1193 '' 1194 Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is 1195 defined in a unique section having the `ppk` prefix. 1196 ''; 1197 1198 private = 1199 mkPrefixedAttrsOfParams 1200 { 1201 file = mkOptionalStrParam '' 1202 File name in the private folder for which this passphrase should be used. 1203 ''; 1204 1205 secret = mkOptionalStrParam '' 1206 Value of decryption passphrase for private key. 1207 ''; 1208 } 1209 '' 1210 Private key decryption passphrase for a key in the 1211 `private` folder. 1212 ''; 1213 1214 rsa = 1215 mkPrefixedAttrsOfParams 1216 { 1217 file = mkOptionalStrParam '' 1218 File name in the `rsa` folder for which this passphrase 1219 should be used. 1220 ''; 1221 secret = mkOptionalStrParam '' 1222 Value of decryption passphrase for RSA key. 1223 ''; 1224 } 1225 '' 1226 Private key decryption passphrase for a key in the `rsa` 1227 folder. 1228 ''; 1229 1230 ecdsa = 1231 mkPrefixedAttrsOfParams 1232 { 1233 file = mkOptionalStrParam '' 1234 File name in the `ecdsa` folder for which this 1235 passphrase should be used. 1236 ''; 1237 secret = mkOptionalStrParam '' 1238 Value of decryption passphrase for ECDSA key. 1239 ''; 1240 } 1241 '' 1242 Private key decryption passphrase for a key in the 1243 `ecdsa` folder. 1244 ''; 1245 1246 pkcs8 = 1247 mkPrefixedAttrsOfParams 1248 { 1249 file = mkOptionalStrParam '' 1250 File name in the `pkcs8` folder for which this 1251 passphrase should be used. 1252 ''; 1253 secret = mkOptionalStrParam '' 1254 Value of decryption passphrase for PKCS#8 key. 1255 ''; 1256 } 1257 '' 1258 Private key decryption passphrase for a key in the 1259 `pkcs8` folder. 1260 ''; 1261 1262 pkcs12 = 1263 mkPrefixedAttrsOfParams 1264 { 1265 file = mkOptionalStrParam '' 1266 File name in the `pkcs12` folder for which this 1267 passphrase should be used. 1268 ''; 1269 secret = mkOptionalStrParam '' 1270 Value of decryption passphrase for PKCS#12 container. 1271 ''; 1272 } 1273 '' 1274 PKCS#12 decryption passphrase for a container in the 1275 `pkcs12` folder. 1276 ''; 1277 1278 token = mkPrefixedAttrsOfParams { 1279 handle = mkOptionalHexParam '' 1280 Hex-encoded CKA_ID or handle of the private key on the token or TPM, 1281 respectively. 1282 ''; 1283 1284 slot = mkOptionalIntParam '' 1285 Optional slot number to access the token. 1286 ''; 1287 1288 module = mkOptionalStrParam '' 1289 Optional PKCS#11 module name to access the token. 1290 ''; 1291 1292 pin = mkOptionalStrParam '' 1293 Optional PIN required to access the key on the token. If none is 1294 provided the user is prompted during an interactive 1295 `--load-creds` call. 1296 ''; 1297 } "Definition for a private key that's stored on a token/smartcard/TPM."; 1298 1299 }; 1300 1301 pools = 1302 mkAttrsOfParams 1303 { 1304 addrs = mkOptionalStrParam '' 1305 Subnet or range defining addresses allocated in pool. Accepts a single 1306 CIDR subnet defining the pool to allocate addresses from or an address 1307 range (\<from\>-\<to\>). Pools must be unique and non-overlapping. 1308 ''; 1309 1310 dns = mkCommaSepListParam [ ] "Address or CIDR subnets"; 1311 nbns = mkCommaSepListParam [ ] "Address or CIDR subnets"; 1312 dhcp = mkCommaSepListParam [ ] "Address or CIDR subnets"; 1313 netmask = mkCommaSepListParam [ ] "Address or CIDR subnets"; 1314 server = mkCommaSepListParam [ ] "Address or CIDR subnets"; 1315 subnet = mkCommaSepListParam [ ] "Address or CIDR subnets"; 1316 split_include = mkCommaSepListParam [ ] "Address or CIDR subnets"; 1317 split_exclude = mkCommaSepListParam [ ] "Address or CIDR subnets"; 1318 } 1319 '' 1320 Section defining named pools. Named pools may be referenced by connections 1321 with the pools option to assign virtual IPs and other configuration 1322 attributes. Each pool must have a unique name (denoted \<name\> below). 1323 ''; 1324}