nat-remote = <yes, if remote endpoint is behind a NAT>
nat-fake = <yes, if NAT situation has been faked as responder>
nat-any = <yes, if any endpoint is behind a NAT (also if faked)>
+ if-id-in = <hex encoded default inbound XFRM interface ID>
+ if-id-out = <hex encoded default outbound XFRM interface ID>
encr-alg = <IKE encryption algorithm string>
encr-keysize = <key size for encr-alg, if applicable>
integ-alg = <IKE integrity algorithm string>
uint64_t over_time;
uint64_t rand_time;
uint8_t dscp;
+ uint32_t if_id_in;
+ uint32_t if_id_out;
#ifdef ME
bool mediation;
char *mediated_by;
DBG2(DBG_CFG, " over_time = %llu", data->over_time);
DBG2(DBG_CFG, " rand_time = %llu", data->rand_time);
DBG2(DBG_CFG, " proposals = %#P", data->proposals);
+ DBG2(DBG_CFG, " if_id_in = %u", data->if_id_in);
+ DBG2(DBG_CFG, " if_id_out = %u", data->if_id_out);
#ifdef ME
DBG2(DBG_CFG, " mediation = %u", data->mediation);
if (data->mediated_by)
{ "rand_time", parse_time, &peer->rand_time },
{ "ppk_id", parse_peer_id, &peer->ppk_id },
{ "ppk_required", parse_bool, &peer->ppk_required },
+ { "if_id_in", parse_if_id, &peer->if_id_in },
+ { "if_id_out", parse_if_id, &peer->if_id_out },
#ifdef ME
{ "mediation", parse_bool, &peer->mediation },
{ "mediated_by", parse_string, &peer->mediated_by },
.dpd_timeout = peer.dpd_timeout,
.ppk_id = peer.ppk_id ? peer.ppk_id->clone(peer.ppk_id) : NULL,
.ppk_required = peer.ppk_required,
+ .if_id_in = peer.if_id_in,
+ .if_id_out = peer.if_id_out,
};
#ifdef ME
cfg.mediation = peer.mediation;
ike_sa_id_t *id;
identification_t *eap;
proposal_t *proposal;
+ uint32_t if_id;
uint16_t alg, ks;
host_t *host;
add_condition(b, ike_sa, "nat-fake", COND_NAT_FAKE);
add_condition(b, ike_sa, "nat-any", COND_NAT_ANY);
+ if_id = ike_sa->get_if_id(ike_sa, TRUE);
+ if (if_id)
+ {
+ b->add_kv(b, "if-id-in", "%.8x", if_id);
+ }
+ if_id = ike_sa->get_if_id(ike_sa, FALSE);
+ if (if_id)
+ {
+ b->add_kv(b, "if-id-out", "%.8x", if_id);
+ }
+
proposal = ike_sa->get_proposal(ike_sa);
if (proposal)
{
other configuration attributes from. Each name references a pool by name
from either the **pools** section or an external pool.
+connections.<conn>.if_id_in = 0
+ Default inbound XFRM interface ID for children.
+
+ XFRM interface ID set on inbound policies/SA, can be overridden by child
+ config, see there for details.
+
+connections.<conn>.if_id_out = 0
+ Default outbound XFRM interface ID for children.
+
+ XFRM interface ID set on outbound policies/SA, can be overridden by child
+ cofnig, see there for details.
+
connections.<conn>.mediation = no
Whether this connection is a mediation connection.