charon { # load_modular = yes # plugins { # include strongswan.d/charon/*.conf # } start-scripts { creds = swanctl --load-creds conns = swanctl --load-conns pools = swanctl --load-pools } filelog { charon { path = /var/log/charon.log # add a timestamp prefix time_format = %b %e %T # prepend connection name, simplifies grepping ike_name = yes # overwrite existing files append = no # increase default loglevel for all daemon subsystems default = 1 tls = 2 ike = 2 # flush each line to disk flush_line = yes } stderr { # default = 1 # more detailed loglevel for a specific subsystem, overriding the # default loglevel. # applications other than daemons app = -1 # Low-level encoding/decoding (ASN.1, X.509 etc.) asn = -1 # Configuration management and plugins cfg = -1 # CHILD_SA/IPsec SA chd = -1 # Main daemon setup/cleanup/signal handling dmn = -1 # Packet encoding/decoding encryption/decryption operations enc = -1 # libipsec library messages esp = -1 # IKE_SA/ISAKMP SA ike = -1 # Integrity Measurement Collector imc = -1 # Integrity Measurement Verifier imv = -1 # Jobs queuing/processing and thread pool management job = -1 # IPsec/Networking kernel interface knl = -1 # libstrongswan library messages lib = -1 # IKE_SA manager, handling synchronization for IKE_SA access mgr = -1 # IKE network communication net = -1 # Platform Trust Service pts = -1 # libtls library messages tls = 2 # Trusted Network Connect tnc = -1 } # and two loggers using syslog syslog { # prefix for each log message identifier = charon-custom # use default settings to log to the LOG_DAEMON facility daemon { } # very minimalistic IKE auditing logs to LOG_AUTHPRIV auth { default = -1 ike = 0 } } } eap-dynamic { prefer_user = yes preferred = md5, tls } send_vendor_id = yes prefer_configured_proposals = no fragment_size = 1480 max_packet = 30000 # install_routes = no # install_virtual_ip = yes # install_virtual_ip_on = vti1 # interfaces_use = vti0 # interfaces_ignore = vmbr0 }