···
proposals = mkCommaSepListParam [ "default" ] ''
134
-
A proposal is a set of algorithms. For non-AEAD algorithms, this includes
135
-
for IKE an encryption algorithm, an integrity algorithm, a pseudo random
136
-
function and a Diffie-Hellman group. For AEAD algorithms, instead of
137
-
encryption and integrity algorithms, a combined algorithm is used.
134
+
A proposal is a set of algorithms. For non-AEAD IKE proposals, this includes
135
+
an encryption algorithm, an integrity algorithm, a pseudo-random function
136
+
and a key exchange method. For AEAD proposals, instead of encryption and
137
+
integrity algorithms, a combined mode algorithm is used.
139
-
In IKEv2, multiple algorithms of the same kind can be specified in a
140
-
single proposal, from which one gets selected. In IKEv1, only one
141
-
algorithm per kind is allowed per proposal, more algorithms get implicitly
142
-
stripped. Use multiple proposals to offer different algorithms
143
-
combinations in IKEv1.
139
+
With peers that support multiple IKEv2 key exchanges (RFC 9370), up to seven
140
+
additional key exchanges may be negotiated. They can be configured by
141
+
prefixing the algorithm keyword with **keX_** (where X is a number between
145
-
Algorithm keywords get separated using dashes. Multiple proposals may be
146
-
specified in a list. The special value `default` forms a
147
-
default proposal of supported algorithms considered safe, and is usually a
148
-
good choice for interoperability.
144
+
For IKEv2, multiple algorithms of the same kind can be specified in a single
145
+
proposal, from which one gets selected. For IKEv1, only one algorithm per
146
+
kind is allowed per proposal, more algorithms get implicitly stripped. Use
147
+
multiple proposals to offer different algorithm combinations with IKEv1.
149
+
Algorithm keywords get separated using dashes. The special value _default_
150
+
forms a default proposal of supported algorithms considered safe, and is
151
+
usually a good choice for interoperability.
vips = mkCommaSepListParam [ ] ''
···
Use childless IKE_SA initiation (RFC 6023) for IKEv2, with the first
CHILD_SA created with a separate CREATE_CHILD_SA exchange (e.g. to use an
243
-
independent DH exchange for all CHILD_SAs). Acceptable values are `allow`
244
-
(the default), `prefer`, `force` and `never`. If set to `allow`, responders
246
+
independent key exchange for all CHILD_SAs). Acceptable values are _allow_
247
+
(the default), _prefer_, _force_ and _never_. If set to _allow_, responders
will accept childless IKE_SAs (as indicated via notify in the IKE_SA_INIT
response) while initiators continue to create regular IKE_SAs with the first
CHILD_SA created during IKE_AUTH, unless the IKE_SA is initiated explicitly
without any children (which will fail if the responder does not support or
249
-
has disabled this extension). The effect of `prefer` is the same as `allow`
252
+
has disabled this extension). The effect of _prefer_ is the same as _allow_
on responders, but as initiator a childless IKE_SA is initiated if the
251
-
responder supports it. If set to `force`, only childless initiation is
252
-
accepted in either role. Finally, setting the option to `never` disables
254
+
responder supports it. If set to _force_, only childless initiation is
255
+
accepted in either role. Finally, setting the option to _never_ disables
support for childless IKE_SAs as responder.
···
reauthentication lifetime negotiation can instruct the client to perform
324
-
Reauthentication is disabled by default. Enabling it usually may lead to
325
-
small connection interruptions, as strongSwan uses a break-before-make
326
-
policy with IKEv2 to avoid any conflicts with associated tunnel resources.
327
+
Reauthentication is disabled by default. Enabling it can usually result in
328
+
short connection interruptions, even when using make-before-break
329
+
reauthentication, which is now the default. However, they are significantly
330
+
shorter than when using the legacy break-before-make approach.
rekey_time = mkDurationParam "4h" ''
···
ah_proposals = mkCommaSepListParam [ ] ''
660
-
AH proposals to offer for the CHILD_SA. A proposal is a set of
661
-
algorithms. For AH, this includes an integrity algorithm and an optional
662
-
Diffie-Hellman group. If a DH group is specified, CHILD_SA/Quick Mode
663
-
rekeying and initial negotiation uses a separate Diffie-Hellman exchange
664
-
using the specified group (refer to esp_proposals for details).
664
+
AH proposals to offer for the CHILD_SA. A proposal is a set of algorithms.
665
+
For AH, this includes an integrity algorithm and an optional key exchange
666
+
method. If a KE method is specified, CHILD_SA/Quick Mode rekeying and
667
+
initial negotiation uses a separate key exchange using the negotiated method
668
+
(refer to _esp_proposals_ for details).
666
-
In IKEv2, multiple algorithms of the same kind can be specified in a
667
-
single proposal, from which one gets selected. In IKEv1, only one
668
-
algorithm per kind is allowed per proposal, more algorithms get
669
-
implicitly stripped. Use multiple proposals to offer different algorithms
670
-
combinations in IKEv1.
670
+
With peers that support multiple IKEv2 key exchanges (RFC 9370), up to seven
671
+
additional key exchanges may be negotiated. They can be configured by
672
+
prefixing the algorithm keyword with **keX_** (where X is a number between
675
+
For IKEv2, multiple algorithms of the same kind can be specified in a single
676
+
proposal, from which one gets selected. For IKEv1, only one algorithm per
677
+
kind is allowed per proposal, more algorithms get implicitly stripped. Use
678
+
multiple proposals to offer different algorithm combinations with IKEv1.
672
-
Algorithm keywords get separated using dashes. Multiple proposals may be
673
-
specified in a list. The special value `default` forms
674
-
a default proposal of supported algorithms considered safe, and is
680
+
Algorithm keywords get separated using dashes. The special value _default_
681
+
forms a default proposal of supported algorithms considered safe, and is
usually a good choice for interoperability. By default no AH proposals
are included, instead ESP is proposed.
esp_proposals = mkCommaSepListParam [ "default" ] ''
680
-
ESP proposals to offer for the CHILD_SA. A proposal is a set of
681
-
algorithms. For ESP non-AEAD proposals, this includes an integrity
682
-
algorithm, an encryption algorithm, an optional Diffie-Hellman group and
683
-
an optional Extended Sequence Number Mode indicator. For AEAD proposals,
684
-
a combined mode algorithm is used instead of the separate
685
-
encryption/integrity algorithms.
687
+
ESP proposals to offer for the CHILD_SA. A proposal is a set of algorithms.
688
+
For non-AEAD ESP proposals, this includes an integrity algorithm, an
689
+
encryption algorithm, an optional key exchange method and an optional
690
+
Extended Sequence Number Mode indicator. For AEAD proposals, a combined
691
+
mode algorithm is used instead of the separate encryption/integrity
687
-
If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial
688
-
negotiation use a separate Diffie-Hellman exchange using the specified
689
-
group. However, for IKEv2, the keys of the CHILD_SA created implicitly
690
-
with the IKE_SA will always be derived from the IKE_SA's key material. So
691
-
any DH group specified here will only apply when the CHILD_SA is later
692
-
rekeyed or is created with a separate CREATE_CHILD_SA exchange. A
693
-
proposal mismatch might, therefore, not immediately be noticed when the
694
-
SA is established, but may later cause rekeying to fail.
694
+
If a key exchange method is specified, CHILD_SA/Quick Mode rekeying and
695
+
initial negotiation use a separate key exchange using the specified method.
696
+
However, for IKEv2, the keys of the CHILD_SA created implicitly with the
697
+
IKE_SA will always be derived from the IKE_SA's key material. So any key
698
+
exchange method specified here will only apply when the CHILD_SA is later
699
+
rekeyed or is created with a separate CREATE_CHILD_SA exchange. A proposal
700
+
mismatch might, therefore, not immediately be noticed when the SA is
701
+
established, but may later cause rekeying to fail.
696
-
Extended Sequence Number support may be indicated with the
697
-
`esn` and `noesn` values, both may be
698
-
included to indicate support for both modes. If omitted,
699
-
`noesn` is assumed.
703
+
With peers that support multiple IKEv2 key exchanges (RFC 9370), up to seven
704
+
additional key exchanges may be negotiated. They can be configured by
705
+
prefixing the algorithm keyword with **keX_** (where X is a number between
701
-
In IKEv2, multiple algorithms of the same kind can be specified in a
702
-
single proposal, from which one gets selected. In IKEv1, only one
703
-
algorithm per kind is allowed per proposal, more algorithms get
704
-
implicitly stripped. Use multiple proposals to offer different algorithms
705
-
combinations in IKEv1.
708
+
Extended Sequence Number support may be indicated with the _esn_ and _noesn_
709
+
values, both may be included to indicate support for both modes. If omitted,
710
+
_noesn_ is assumed.
707
-
Algorithm keywords get separated using dashes. Multiple proposals may be
708
-
specified as a list. The special value `default` forms
709
-
a default proposal of supported algorithms considered safe, and is
710
-
usually a good choice for interoperability. If no algorithms are
711
-
specified for AH nor ESP, the default set of algorithms for ESP is
712
+
For IKEv2, multiple algorithms of the same kind can be specified in a single
713
+
proposal, from which one gets selected. For IKEv1, only one algorithm per
714
+
kind is allowed per proposal, more algorithms get implicitly stripped. Use
715
+
multiple proposals to offer different algorithm combinations with IKEv1.
717
+
Algorithm keywords get separated using dashes. The special value _default_
718
+
forms a default proposal of supported algorithms considered safe, and is
719
+
usually a good choice for interoperability. If no algorithms are specified
720
+
for AH nor ESP, the _default_ set of algorithms for ESP is included.
sha256_96 = mkYesNoParam no ''
···
local_ts = mkCommaSepListParam [ "dynamic" ] ''
724
-
List of local traffic selectors to include in CHILD_SA. Each selector is
725
-
a CIDR subnet definition, followed by an optional proto/port
726
-
selector. The special value `dynamic` may be used
727
-
instead of a subnet definition, which gets replaced by the tunnel outer
728
-
address or the virtual IP, if negotiated. This is the default.
732
+
List of local traffic selectors to include in CHILD_SA.
733
+
Each selector is a CIDR subnet definition, followed by an optional
734
+
proto/port selector. The special value _dynamic_ may be used instead of a
735
+
subnet definition, which gets replaced by the tunnel outer address or the
736
+
virtual IP, if negotiated. This is the default.
A protocol/port selector is surrounded by opening and closing square
731
-
brackets. Between these brackets, a numeric or getservent(3) protocol
732
-
name may be specified. After the optional protocol restriction, an
733
-
optional port restriction may be specified, separated by a slash. The
734
-
port restriction may be numeric, a getservent(3) service name, or the
735
-
special value `opaque` for RFC 4301 OPAQUE
736
-
selectors. Port ranges may be specified as well, none of the kernel
737
-
backends currently support port ranges, though.
739
+
brackets. Between these brackets, a numeric or **getservent**(3) protocol
740
+
name may be specified. After the optional protocol restriction, an optional
741
+
port restriction may be specified, separated by a slash. The port
742
+
restriction may be numeric, a **getservent**(3) service name, or the special
743
+
value _opaque_ for RFC 4301 OPAQUE selectors. Port ranges may be specified
744
+
as well, none of the kernel backends currently support port ranges, though.
745
+
If the protocol is _icmp_ or _ipv6-icmp_, the port is interpreted as ICMP
746
+
message type if it is less than 256 or as type and code if it is greater or
747
+
equal to 256, with the type in the most significant 8 bits and the code in
748
+
the least significant 8 bits.
739
-
When IKEv1 is used only the first selector is interpreted, except if the
740
-
Cisco Unity extension plugin is used. This is due to a limitation of the
741
-
IKEv1 protocol, which only allows a single pair of selectors per
742
-
CHILD_SA. So to tunnel traffic matched by several pairs of selectors when
743
-
using IKEv1 several children (CHILD_SAs) have to be defined that cover
744
-
the selectors. The IKE daemon uses traffic selector narrowing for IKEv1,
745
-
the same way it is standardized and implemented for IKEv2. However, this
746
-
may lead to problems with other implementations. To avoid that, configure
747
-
identical selectors in such scenarios.
750
+
When IKEv1 is used only the first selector is interpreted, except if
751
+
the Cisco Unity extension plugin is used. This is due to a limitation of the
752
+
IKEv1 protocol, which only allows a single pair of selectors per CHILD_SA.
753
+
So to tunnel traffic matched by several pairs of selectors when using IKEv1
754
+
several children (CHILD_SAs) have to be defined that cover the selectors.
756
+
The IKE daemon uses traffic selector narrowing for IKEv1, the same way it is
757
+
standardized and implemented for IKEv2. However, this may lead to problems
758
+
with other implementations. To avoid that, configure identical selectors in
remote_ts = mkCommaSepListParam [ "dynamic" ] ''
···
{option}`local_ts` for a description of the selector syntax.
755
-
rekey_time = mkDurationParam "1h" ''
767
+
rekey_time = mkOptionalDurationParam ''
Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key
material, optionally using a Diffie-Hellman exchange if a group is
758
-
specified in the proposal. To avoid rekey collisions initiated by both
759
-
ends simultaneously, a value in the range of {option}`rand_time`
760
-
gets subtracted to form the effective soft lifetime.
770
+
specified in the proposal.
762
-
By default CHILD_SA rekeying is scheduled every hour, minus
772
+
To avoid rekey collisions initiated by both ends simultaneously, a value
773
+
in the range of {option}`rand_time` gets subtracted to form the effective soft
776
+
If {option}`life_time` is explicitly configured, {option}`rekey_time` defaults to 10%
777
+
less than that, otherwise, CHILD_SA rekeying is scheduled every hour, minus
···
{option}`life_time` and {option}`rekey_time`.
779
-
rekey_bytes = mkIntParam 0 ''
794
+
rekey_bytes = mkOptionalIntParam ''
795
+
Number of bytes processed before initiating CHILD_SA rekeying.
Number of bytes processed before initiating CHILD_SA rekeying. CHILD_SA
781
-
rekeying refreshes key material, optionally using a Diffie-Hellman
782
-
exchange if a group is specified in the proposal.
798
+
rekeying refreshes key material, optionally using a Diffie-Hellman exchange
799
+
if a group is specified in the proposal.
To avoid rekey collisions initiated by both ends simultaneously, a value
785
-
in the range of {option}`rand_bytes` gets subtracted to form the
786
-
effective soft volume limit.
802
+
in the range of {option}`rand_bytes` gets subtracted to form the effective soft
788
-
Volume based CHILD_SA rekeying is disabled by default.
805
+
Volume based CHILD_SA rekeying is disabled by default. If {option}`life_bytes`
806
+
is explicitly configured, {option}`rekey_bytes` defaults to 10% less than that.
life_bytes = mkOptionalIntParam ''
···
{option}`life_bytes` and {option}`rekey_bytes`.
804
-
rekey_packets = mkIntParam 0 ''
822
+
rekey_packets = mkOptionalIntParam ''
823
+
Number of packets processed before initiating CHILD_SA rekeying.
Number of packets processed before initiating CHILD_SA rekeying. CHILD_SA
806
-
rekeying refreshes key material, optionally using a Diffie-Hellman
807
-
exchange if a group is specified in the proposal.
826
+
rekeying refreshes key material, optionally using a Diffie-Hellman exchange
827
+
if a group is specified in the proposal.
To avoid rekey collisions initiated by both ends simultaneously, a value
810
-
in the range of {option}`rand_packets` gets subtracted to form
811
-
the effective soft packet count limit.
830
+
in the range of {option}`rand_packets` gets subtracted to form the effective soft
831
+
packet count limit.
813
-
Packet count based CHILD_SA rekeying is disabled by default.
833
+
Packet count based CHILD_SA rekeying is disabled by default. If
834
+
{option}`life_packets` is explicitly configured, {option}`rekey_packets` defaults to
835
+
10% less than that.
life_packets = mkOptionalIntParam ''
···
the default of `32` are supported using the Netlink
backend only, a value of `0` disables IPsec replay
1046
+
per_cpu_sas = mkEnumParam [ "yes" "no" "encap" ] "no" ''
1047
+
Enable per-CPU CHILD_SAs. Requires `trap` in `start_action`.
1048
+
The value `encap` enables a special type of UDP encapsulation
1049
+
(requires enabling `encap` for the connection if there is no NAT),
1050
+
where a random source port is used for each outbound per-CPU SA
1051
+
(the destination port for all of them remains 4500). This allows
1052
+
using the port for RSS if the SPI can’t be used. Note that this type
1053
+
of behavior is not standardized and not negotiated. So regardless
1054
+
of whether the option is enabled, inbound per-CPU SAs
1055
+
with UDP-encapsulation always have the source port set to 0
1056
+
as the peer’s random port is unknown if it has this option enabled.
hw_offload = mkEnumParam [ "yes" "no" "auto" "crypto" "packet" ] "no" ''
···
addrs = mkOptionalStrParam ''
1305
-
Subnet or range defining addresses allocated in pool. Accepts a single
1306
-
CIDR subnet defining the pool to allocate addresses from or an address
1307
-
range (\<from\>-\<to\>). Pools must be unique and non-overlapping.
1340
+
Addresses allocated in pool.
1342
+
Subnet or range defining addresses allocated in pool. Accepts a single CIDR
1343
+
subnet defining the pool to allocate addresses from or an address range
1344
+
(<from>-<to>). If the address in CIDR notation is not the network ID of the
1345
+
subnet (e.g. 10.1.0.5/24 instead of 10.1.0.0/24), addresses below it won't
1346
+
be allocated to clients (they could e.g. be assigned manually to internal
1347
+
hosts like the VPN server itself). Pools must be unique and non-overlapping
dns = mkCommaSepListParam [ ] "Address or CIDR subnets";
pyrox.dev