From: Tobias Brunner Date: Fri, 25 Jan 2013 19:17:41 +0000 (+0100) Subject: Documented new options in strongswan.conf(5) man page X-Git-Tag: 5.0.2~1 X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=c186b3940ad5cda4eff9871d4bc2ba6876478a97;hp=58fd1f3eef532566fc9718ac470bf6d72eb92625 Documented new options in strongswan.conf(5) man page --- diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index 3f4e638..2fafed6 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -1,4 +1,4 @@ -.TH STRONGSWAN.CONF 5 "2012-05-01" "@IPSEC_VERSION@" "strongSwan" +.TH STRONGSWAN.CONF 5 "2013-01-25" "@IPSEC_VERSION@" "strongSwan" .SH NAME strongswan.conf \- strongSwan configuration file .SH DESCRIPTION @@ -182,6 +182,10 @@ openly transmitted hash of the PSK) .BR charon.ignore_routing_tables A space-separated list of routing tables to be excluded from route lookups .TP +.BR charon.ikesa_limit " [0]" +Maximum number of IKE_SAs that can be established at the same time before new +connection attempts are blocked +.TP .BR charon.ikesa_table_segments " [1]" Number of exclusively locked segments in the hash table .TP @@ -744,6 +748,9 @@ ENGINE ID to use in the OpenSSL plugin .BR libstrongswan.plugins.pkcs11.modules List of available PKCS#11 modules .TP +.BR libstrongswan.plugins.pkcs11.load_certs " [yes]" +Whether to load certificates from tokens +.TP .BR libstrongswan.plugins.pkcs11.reload_certs " [no]" Reload certificates from all tokens if charon receives a SIGHUP .TP @@ -827,6 +834,9 @@ URI pointing to attestation remediation instructions .BR libimcv.plugins.imc-os.push_info " [yes]" Send operating system info without being prompted .TP +.BR libimcv.plugins.imv-os.database +Database URI for the database that stores operating system information +.TP .BR libimcv.plugins.imv-os.remediation_uri URI pointing to operating system remediation instructions .TP @@ -939,6 +949,10 @@ Session timeout for mediation service .TP .BR openac.load Plugins to load in ipsec openac tool +.SS pacman section +.TP +.BR pacman.database +Database URI for the database that stores the package information .SS pki section .TP .BR pki.load @@ -1281,6 +1295,17 @@ Never enable the load-testing plugin on productive systems. It provides preconfigured credentials and allows an attacker to authenticate as any user. .SS Options .TP +.BR charon.plugins.load-tester.addrs +Subsection that contains key/value pairs with address pools (in CIDR notation) +to use for a specific network interface e.g. eth0 = 10.10.0.0/16 +.TP +.BR charon.plugins.load-tester.addrs_prefix " [16]" +Network prefix length to use when installing dynamic addresses. If set to -1 the +full address is used (i.e. 32 or 128) +.TP +.BR charon.plugins.load-tester.ca_dir +Directory to load (intermediate) CA certificates from +.TP .BR charon.plugins.load-tester.child_rekey " [600]" Seconds to start CHILD_SA rekeying after setup .TP @@ -1290,6 +1315,9 @@ Delay between initiatons for each thread .BR charon.plugins.load-tester.delete_after_established " [no]" Delete an IKE_SA as soon as it has been established .TP +.BR charon.plugins.load-tester.digest " [sha1]" +Digest algorithm used when issuing certificates +.TP .BR charon.plugins.load-tester.dpd_delay " [0]" DPD delay to use in load test .TP @@ -1311,6 +1339,9 @@ Seconds to start IKE_SA rekeying after setup .BR charon.plugins.load-tester.init_limit " [0]" Global limit of concurrently established SAs during load test .TP +.BR charon.plugins.load-tester.initiator " [0.0.0.0]" +Address to initiate from +.TP .BR charon.plugins.load-tester.initiators " [0]" Number of concurrent initiator threads to use in load test .TP @@ -1320,8 +1351,24 @@ Authentication method(s) the intiator uses .BR charon.plugins.load-tester.initiator_id Initiator ID used in load test .TP +.BR charon.plugins.load-tester.initiator_match +Initiator ID to to match against as responder +.TP +.BR charon.plugins.load-tester.initiator_tsi +Traffic selector on initiator side, as proposed by initiator +.TP +.BR charon.plugins.load-tester.initiator_tsr +Traffic selector on responder side, as proposed by initiator +.TP .BR charon.plugins.load-tester.iterations " [1]" -Number of IKE_SAs to initate by each initiator in load test +Number of IKE_SAs to initiate by each initiator in load test +.TP +.BR charon.plugins.load-tester.issuer_cert +Path to the issuer certificate (if not configured a hard-coded value is used) +.TP +.BR charon.plugins.load-tester.issuer_key +Path to private key that is used to issue certificates (if not configured a +hard-coded value is used) .TP .BR charon.plugins.load-tester.pool Provide INTERNAL_IPV4_ADDRs from a named pool @@ -1332,7 +1379,7 @@ Preshared key to use in load test .BR charon.plugins.load-tester.proposal " [aes128-sha1-modp768]" IKE proposal to use in load test .TP -.BR charon.plugins.load-tester.remote " [127.0.0.1]" +.BR charon.plugins.load-tester.responder " [127.0.0.1]" Address to initiation connections to .TP .BR charon.plugins.load-tester.responder_auth " [pubkey]" @@ -1341,11 +1388,21 @@ Authentication method(s) the responder uses .BR charon.plugins.load-tester.responder_id Responder ID used in load test .TP +.BR charon.plugins.load-tester.responder_tsi " [initiator_tsi]" +Traffic selector on initiator side, as narrowed by responder +.TP +.BR charon.plugins.load-tester.responder_tsr " [initiator_tsr]" +Traffic selector on responder side, as narrowed by responder +.TP .BR charon.plugins.load-tester.request_virtual_ip " [no]" Request an INTERNAL_IPV4_ADDR from the server .TP .BR charon.plugins.load-tester.shutdown_when_complete " [no]" Shutdown the daemon after all IKE_SAs have been established +.TP +.BR charon.plugins.load-tester.version " [0]" +IKE version to use (0 means use IKEv2 as initiator and accept any version as +responder) .SS Configuration details For public key authentication, the responder uses the .B \(dqCN=srv, OU=load-test, O=strongSwan\(dq