ipsec.conf.5

来自「ipsec vpn」· 5 代码 · 共 1,431 行 · 第 1/3 页

for either, and
.B never
if negotiation is never to be attempted or accepted (useful for shunt-only conns).
Digital signatures are superior in every way to shared secrets.
.TP
.B leftid
how
the left participant
should be identified for authentication;
defaults to
.BR left .
Can be an IP address (in any
.IR ipsec_ttoaddr (3)
syntax)
or a fully-qualified domain name preceded by
.B @
(which is used as a literal string and not resolved).
The magic value
.B %myid
stands for the current setting of \fImyid\fP.
This is set in \fBconfig setup\fP or by \fIipsec_whack\fP(8)), or, if not set,
it is the IP address in \fB%defaultroute\fP (if that is supported by a TXT record in its reverse domain), or otherwise
it is the system's hostname (if that is supported by a TXT record in its forward domain), or otherwise it is undefined.
.TP
.B leftrsasigkey
the left participant's
public key for RSA signature authentication,
in RFC 2537 format using
.IR ipsec_ttodata (3)
encoding.
The magic value
.B %none
means the same as not specifying a value (useful to override a default).
The value
.B %dnsondemand
(the default)
means the key is to be fetched from DNS at the time it is needed.
The value
.B %dnsonload
means the key is to be fetched from DNS at the time
the connection description is read from
.IR ipsec.conf ;
currently this will be treated as
.B %none
if
.B right=%any
or
.BR right=%opportunistic .
The value
.B %dns
is currently treated as
.B %dnsonload
but will change to
.B %dnsondemand
in the future.
The identity used for the left participant
must be a specific host, not
.B %any
or another magic value.
The value 
.B %cert
will load the information required from a certificate defined in
.B %leftcert
and automatically define leftid for you.
.B Caution:
if two connection descriptions
specify different public keys for the same
.BR leftid ,
confusion and madness will ensue.
.TP
.B leftrsasigkey2
if present, a second public key.
Either key can authenticate the signature, allowing for key rollover.
.TP
.BR leftcert
If you are using 
.B leftrsasigkey=%cert
this defines the certificate you would like to use. It should point to a X.509
encoded certificate file. If you do not specify a full pathname, by default it
will look in /etc/ipsec.d/certs.
.TP
.BR leftsendcert
This option configures when Openswan will send X.509 certificates to the remote
host. Acceptable values are 
.B yes|always
(signifying that we should always send a certificate),
.B ifasked
(signifying that we should send a certificate if the remote end asks for it), and
.B no|never
(signifying that we will never send a X.509 certificate).
The default for this option is 
.B ifasked
which may break compatibility with other vendor's IPSec implementations, such as
Cisco and SafeNet. If you find that you are getting errors about no ID/Key found,
you likely need to set this to
.B always.
.TP
.B aggrmode
Use aggressive mode ISAKMP negotiation. The default is
main mode. Aggressive mode is less secure than main mode as it reveals
your identity to an eavesdropper, but is needed to support road warriors
using PSK keys or to interoperate with other buggy implementations insisting
on using aggressive mode.
.TP
.B xauth
Use XAUTH / Mode Config for this connection.  This uses PAM for authentication
currently, and it not well documented.  Use the source :)  Acceptable values are
.B yes
or 
.B no
(the default).
.TP
.B dpddelay
Set the delay (in seconds) between Dead Peer Dectection
(RFC 3706) keepalives (R_U_THERE, R_U_THERE_ACK)
that are sent for this connection (default
.B 30
seconds).  If dpdtimeout is set, but not dpddelay, dpddelay will be set
to the default.
.TP
.B dpdtimeout 
Set the length of time (in seconds) we will idle without hearing either an
R_U_THERE poll from our peer, or an R_U_THERE_ACK reply.  After this period
has elapsed with no response and no traffic, we will declare the peer dead,
and remove the SA (default
.B 120
seconds).  If dpddelay is set, but not dpdtimeout, dpdtimeout will be set
to the default.
.TP
.B dpdaction
When a DPD enabled peer is declared dead, what action should be taken.
.B hold (default) means the eroute will be put into %hold status, while   
.B clear means the eroute and SA with both be cleared.  dpdaction=clear is 
really only usefull on the server of a Road Warrior config.
.TP
.B pfs
whether Perfect Forward Secrecy of keys is desired on the connection's
keying channel
(with PFS, penetration of the key-exchange protocol
does not compromise keys negotiated earlier);
acceptable values are
.B yes
(the default)
and
.BR no .
.TP
.B keylife
how long a particular instance of a connection
(a set of encryption/authentication keys for user packets) should last,
from successful negotiation to expiry;
acceptable values are an integer optionally followed by
.BR s
(a time in seconds)
or a decimal number followed by
.BR m ,
.BR h ,
or
.B d
(a time
in minutes, hours, or days respectively)
(default
.BR 8.0h ,
maximum
.BR 24h ).
Normally, the connection is renegotiated (via the keying channel)
before it expires.
The two ends need not exactly agree on
.BR keylife ,
although if they do not,
there will be some clutter of superseded connections on the end
which thinks the lifetime is longer.
.TP
.B rekey
whether a connection should be renegotiated when it is about to expire;
acceptable values are
.B yes
(the default)
and
.BR no .
The two ends need not agree,
but while a value of
.B no
prevents Pluto from requesting renegotiation,
it does not prevent responding to renegotiation requested from the other end,
so
.B no
will be largely ineffective unless both ends agree on it.
.TP
.B rekeymargin
how long before connection expiry or keying-channel expiry
should attempts to
negotiate a replacement
begin; acceptable values as for
.B keylife
(default
.BR 9m ).
Relevant only locally, other end need not agree on it.
.TP
.B rekeyfuzz
maximum percentage by which
.B rekeymargin
should be randomly increased to randomize rekeying intervals
(important for hosts with many connections);
acceptable values are an integer,
which may exceed 100,
followed by a `%'
(default set by
.IR ipsec_pluto (8),
currently
.BR 100% ).
The value of
.BR rekeymargin ,
after this random increase,
must not exceed
.BR keylife .
The value
.B 0%
will suppress time randomization.
Relevant only locally, other end need not agree on it.
.TP
.B keyingtries
how many attempts (a whole number or \fB%forever\fP) should be made to
negotiate a connection, or a replacement for one, before giving up
(default
.BR %forever ).
The value \fB%forever\fP
means ``never give up'' (obsolete: this can be written \fB0\fP).
Relevant only locally, other end need not agree on it.
.TP
.B ikelifetime
how long the keying channel of a connection (buzzphrase:  ``ISAKMP SA'')
should last before being renegotiated;
acceptable values as for
.B keylife
(default set by
.IR ipsec_pluto (8),
currently
.BR 1h ,
maximum
.BR 8h ).
The two-ends-disagree case is similar to that of
.BR keylife .
.TP
.B compress
whether IPComp compression of content is proposed on the connection
(link-level compression does not work on encrypted data,
so to be effective, compression must be done \fIbefore\fR encryption);
acceptable values are
.B yes
and
.B no
(the default).
The two ends need not agree.
A value of
.B yes
causes IPsec to propose both compressed and uncompressed,
and prefer compressed.
A value of
.B no
prevents IPsec from proposing compression;
a proposal to compress will still be accepted.
.TP
.B disablearrivalcheck
whether KLIPS's normal tunnel-exit check
(that a packet emerging from a tunnel has plausible addresses in its header)
should be disabled;
acceptable values are
.B yes
and
.B no
(the default).
Tunnel-exit checks improve security and do not break any normal configuration.
Relevant only locally, other end need not agree on it.
.TP
.B failureshunt
what to do with packets when negotiation fails.
The default is
.BR none :
no shunt;
.BR passthrough ,
.BR drop ,
and
.B reject
have the obvious meanings.
.SS "CONN PARAMETERS:  MANUAL KEYING"
The following parameters are relevant only to manual keying,
and are ignored in automatic keying.
Unless otherwise noted,
for a connection to work,
in general it is necessary for the two ends to agree exactly
on the values of these parameters.
A manually-keyed
connection must specify at least one of AH or ESP.
.TP 14
.B spi
(this or
.B spibase
required for manual keying)
the SPI number to be used for the connection (see
.IR ipsec_manual (8));
must be of the form \fB0x\fIhex\fB\fR,
where
.I hex
is one or more hexadecimal digits
(note, it will generally be necessary to make
.I spi
at least
.B 0x100
to be acceptable to KLIPS,
and use of SPIs in the range
.BR 0x100 - 0xfff
is recommended)
.TP 14
.B spibase
(this or
.B spi
required for manual keying)
the base number for the SPIs to be used for the connection (see
.IR ipsec_manual (8));
must be of the form \fB0x\fIhex\fB0\fR,
where
.I hex
is one or more hexadecimal digits
(note, it will generally be necessary to make
.I spibase
at least
.B 0x100
for the resulting SPIs
to be acceptable to KLIPS,
and use of numbers in the range
.BR 0x100 - 0xff0
is recommended)
.TP
.B esp
ESP encryption/authentication algorithm to be used
for the connection, e.g.
.B 3des-md5-96
(must be suitable as a value of
.IR ipsec_spi (8)'s
.B \-\-esp
option);
default is not to use ESP
.TP
.B espenckey
ESP encryption key
(must be suitable as a value of
.IR ipsec_spi (8)'s
.B \-\-enckey
option)
(may be specified separately for each direction using
.B leftespenckey
(leftward SA)
and
.B rightespenckey
parameters)
.TP
.B espauthkey
ESP authentication key
(must be suitable as a value of
.IR ipsec_spi (8)'s
.B \-\-authkey
option)
(may be specified separately for each direction using
.B leftespauthkey
(leftward SA)
and
.B rightespauthkey
parameters)
.TP
.B espreplay_window
ESP replay-window setting,
an integer from
.B 0
(the
.IR ipsec_manual
default, which turns off replay protection) to
.BR 64 ;
relevant only if ESP authentication is being used
.TP
.B leftespspi
SPI to be used for the leftward ESP SA, overriding
automatic assignment using
.B spi
or
.BR spibase ;
typically a hexadecimal number beginning with
.B 0x
.TP
.B ah
AH authentication algorithm to be used
for the connection, e.g.
.B hmac-md5-96
(must be suitable as a value of
.IR ipsec_spi (8)'s
.B \-\-ah
option);
default is not to use AH
.TP
.B ahkey
(required if
.B ah
is present) AH authentication key
(must be suitable as a value of
.IR ipsec_spi (8)'s
.B \-\-authkey
option)
(may be specified separately for each direction using
.B leftahkey
(leftward SA)
and
.B rightahkey
parameters)
.TP
.B ahreplay_window
AH replay-window setting,
an integer from
.B 0
(the
.I ipsec_manual
default, which turns off replay protection) to
.B 64
.TP
.B leftahspi
SPI to be used for the leftward AH SA, overriding
automatic assignment using
.B spi
or
.BR spibase ;
typically a hexadecimal number beginning with
.B 0x
.SH "CONFIG SECTIONS"
At present, the only
.B config
section known to the IPsec software is the one named
.BR setup ,
which contains information used when the software is being started
(see
.IR ipsec_setup (8)).
Here's an example:
.PP
.ne 8
.nf
.ft B
.ta 1c
config setup
	interfaces="ipsec0=eth1 ipsec1=ppp0"
	klipsdebug=none
	plutodebug=all
	manualstart=
.ft
.fi
.PP
Parameters are optional unless marked ``(required)''.

The currently-accepted
.I parameter
names in a
.B config
.B setup
section are:

.TP 14
.B myid
the identity to be used for
.BR %myid .
.B %myid
is used in the implicit policy group conns and can be used as
an identity in explicit conns.
If unspecified,
.B %myid
is set to the IP address in \fB%defaultroute\fP (if that is supported by a TXT record in its reverse domain), or otherwise
the system's hostname (if that is supported by a TXT record in its forward domain), or otherwise it is undefined.
An explicit value generally starts with ``\fB@\fP''.

.TP
.B interfaces
virtual and physical interfaces for IPsec to use: