The specified section must exist, must follow the current one, and must have the same section type. The value is a section name the parameters of that section are appended to this section, as if they had been written as part of it. There is currently one parameter that is available in any type of section: Numeric values are specified to be either an “integer” (a sequence of digits) or a “decimal number” (sequence of digits optionally followed by `.' and another sequence of digits). A value may contain white space only if the entire value is enclosed in double quotes ( ") a value cannot itself contain a double quote, nor may it be continued across more than one line. it is roughly equivalent to omitting the parameter line entirely. Unless otherwise explicitly specified, no parameter name may appear more than once in a section.Īn empty value stands for the system default value (if any) of the parameter, i.e. Parameter names follow the same syntax as section names, and are specific to a section type. There can be white space on either side of the =. (note the mandatory preceding white space). Lines within the section are generally of the form There may be only one section of a given type with a given name. (Names must start with a letter and may contain only letters, digits, periods, underscores, and hyphens.) All subsequent non-empty lines that begin with white space are part of the section comments within a section must begin with white space too. Where type indicates what type of section follows, and name is an arbitrary name that distinguishes the section from others of the same type. For compatibility with openswan, specify:Ī section begins with a line of the form: The first significant line of the file may specify a version of this specification for backwards compatibility with freeswan and openswan. a connection description) into several distinct sections. Note also the also and alsoflip parameters (described below) which permit splitting a single logical section (e.g. This permits such connection descriptions to be changed, copied to the other security gateways involved, etc., without having to constantly extract them from the configuration file and then insert them back into it. The intention of the include facility is mostly to permit keeping information on connections, or sets of connections, separate from the main configuration file. Only a single filename may be supplied, and it may not contain white space, but it may include shell wildcards (see sh(1)) for example: If the file name is not a full pathname, it is considered to be relative to the directory that contains the including file. White space followed by # followed by anything to the end of the line is a comment and is ignored, as are empty lines that are not within a section.Ī line that contains include and a file name, separated by white space, is replaced by the contents of that file, preceded and followed by empty lines. nf is a text file, consisting of one or more sections. This means that technically, the nf file is optional, but a few warnings might show up when this file is missing. Configurations can be added using this configuration file or by using ipsec whack directly. (The major exception is secrets for authentication see crets(5).) Its contents are not security-sensitive. The nf file specifies most configuration and control information for the Libreswan IPsec subsystem. nf - IPsec configuration and connections DESCRIPTION
0 Comments
Leave a Reply. |