swanctl: List local and remote addresses in list-conns
[strongswan.git] / src / swanctl / swanctl.conf
1 connections {
2
3 #       # an IKE configuration named conn1
4 #       conn1 {
5 #               # IKE version to use
6 #               version = 2
7 #               # list of acceptable local addresses/subnets
8 #               local_addrs = 0.0.0.0
9 #               # peer address, additional addresses/subnets as responder
10 #               remote_addrs = 192.168.5.1
11 #               # local UPD port for IKE
12 #               local_port = 500
13 #               # remote UDP port for IKE
14 #               remote_port = 500
15 #               # Proposals for IKE, "default" is the default proposal
16 #               proposals = aes128gcm16-prfsha256-modp2048, default
17 #               # virtual IPs to request, such as 0.0.0.0 or ::
18 #               vips =
19 #               # IKEv1 aggressive mode
20 #               aggressive = no
21 #               # use of pull/push in IKEv1 mode config
22 #               pull = yes
23 #               # enforce UDP encapsulation by faking NAT-D payloads
24 #               encap = no
25 #               # enable IKEv2 MOBIKE
26 #               mobike = yes
27 #               # interval of liveness checks
28 #               dpd_delay = 10s
29 #               # timeout for DPD checks (IKEV1 only)
30 #               dpd_timeout = 30s
31 #               # use IKEv1 UDP packet fragmentation
32 #               fragmentation = force
33 #               # send certificate requests
34 #               send_certreq = yes
35 #               # send certificate payloads
36 #               send_cert = ifasked
37 #               # number of retransmission sequences to do before givin up
38 #               keyingtries = 0
39 #               # uniquness policy, never|no|keep|replace|
40 #               unique = no
41 #               # time to schedule IKE reauthentication
42 #               reauth_time = 3h
43 #               # time to schedule IKE rekeying
44 #               rekey_time = 2h
45 #               # hard IKE_SA lifetime if rekey/reauth does not complete
46 #               over_time = 10m
47 #               # range of random time to subtract from rekey/rauth times
48 #               rand_time = 10m
49 #
50 #               # local authentication, first round
51 #               local {
52 #                       # additional certificates to load
53 #                       certs = a.pem, xy.der
54 #                       # authentication to perform locally
55 #                       auth = pubkey
56 #                       # IKE identity for local
57 #                       id = win@strongswan.org
58 #                       # Client EAP-Identity to use
59 #                       eap_id = moon
60 #                       # Server side EAP identity to use, EAP-TTLS etc.
61 #                       aaa_identity = srv
62 #                       # IKEv1 XAuth username
63 #                       xauth_id = moon
64 #               }
65 #               # remote authentication, first round
66 #               remote {
67 #                       # IKE identity for peer
68 #                       id = %any
69 #                       # list of acceptable peer certificates
70 #                       certs = client.pem
71 #                       # list of acceptable CA certificates
72 #                       cacert = ca.der
73 #                       # revocation policy, strict|ifuri
74 #                       revocation = ifuri
75 #                       # authentication to expect from remote
76 #                       auth = pubkey
77 #               }
78 #               children {
79 #                       # First CHILD_SA configuration
80 #                       child1 {
81 #                               # AH proposals to offer
82 #                               ah_proposals = default
83 #                               # ESP proposals to offer
84 #                               esp_proposals = aes128gcm16-modp2048, default
85 #                               # local subnets to tunnel
86 #                               local_ts = 192.168.3.0/24
87 #                               # remote subnets to tunnel
88 #                               remote_ts = 192.168.1.0/24
89 #                               # updown script to invoke
90 #                               updown = path-to-script
91 #                               # hostaccess variable to pass to updown
92 #                               hostaccess = yes
93 #                               # IPsec mode, tunnel|transport|pass|drop
94 #                               mode = tunnel
95 #                               # action to perform on DPD timeout
96 #                               dpd_action = restart
97 #                               # enable IPComp
98 #                               ipcomp = no
99 #                               # inactivity timeout before closing CHILD_SA
100 #                               inactivity = 2m
101 #                               # fixed reqid to use for this CHILD_SA
102 #                               reqid = 5
103 #                               # Netfilter mark for input traffic
104 #                               mark_in = 1
105 #                               # Netfilter mark for output traffic
106 #                               mark_out = 5/0xffffffff
107 #                               # Traffic Flow Confidentiality padding
108 #                               tfc_padding = 1500
109 #                       }
110 #               }
111 #       }
112
113 }
114
115 secrets {
116         eap {
117 #               tester = testpassword
118         }
119         ike {
120 #               sun.strongswan.org = 0x12345678901234
121         }
122 }