Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos: add the strongswan-swanctl service #27958

Merged
merged 8 commits into from Apr 21, 2018
Merged

nixos: add the strongswan-swanctl service #27958

merged 8 commits into from Apr 21, 2018

Conversation

basvandijk
Copy link
Member

@basvandijk basvandijk commented Aug 5, 2017
edited

The strongswan-swanctl systemd service starts charon-systemd. This implements a IKE daemon
very similar to charon, but it's specifically designed for use with systemd. It uses the
systemd libraries for a native integration.

Instead of using starter and an ipsec.conf based configuration (like in nixos/modules/services/networking/strongswan.nix), the daemon is directly
managed by systemd and configured with the swanctl configuration backend.

See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd

Note that the strongswan.conf and swantctl.conf configuration files are automatically
generated based on NixOS options under services.strongswan-swanctl.strongswan and
services.strongswan-swanctl.swanctl respectively.

Motivation for this change
Things done

Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers.

  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@mention-bot
Copy link

@basvandijk, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @bjornfor and @offlinehacker to be potential reviewers.

@NeQuissimus NeQuissimus requested a review from fpletz August 5, 2017 14:06
@basvandijk basvandijk force-pushed the strongswan-swanctl branch 4 times, most recently from 69aa725 to 0673603 Compare August 6, 2017 21:43
@basvandijk
Copy link
Member Author

Note that although I tested this on our company VPN I also started working on a NixOS test for this in:

https://github.com/LumiGuide/nixpkgs/blob/strongswan-swanctl-test/nixos/tests/strongswan-swanctl.nix

@basvandijk basvandijk force-pushed the strongswan-swanctl branch 2 times, most recently from 68ff3db to a985b55 Compare August 29, 2017 20:36
@basvandijk
Copy link
Member Author

With help from @aszlig the test I've been working on now succeeds so I've included it in this PR. This is now ready to be reviewed.

@fpletz fpletz added this to the 17.09 milestone Aug 30, 2017
fpletz
fpletz approved these changes Aug 30, 2017
View reviewed changes
Copy link
Member

@fpletz fpletz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks fine! Thanks a lot! I'm a bit unsure whether it is wise to add another 4k LOC and expose all those NixOS options.

@basvandijk
Copy link
Member Author

@fpletz that could be a valid concern. I can think of a few potential disadvantages:

  • NixOS configuration evaluation time. I can imagine that more modules and more options means longer evaluation times. This should be easy to test: time the evaluation of an empty NixOS configuration without the strongswan-swanctl module and one with the module.

  • Maintenance: more NixOS options means more work maintaining those options when a new strongSwan is released. Last week there was a new strongSwan release and I updated this PR with some new options. The way approached it was to take the diff of the conf directory (git diff 5.5.3..5.6.0 conf). This directory contains the option definitions and diffing it will show exactly which options to remove, change or add. While writing this I realize that the swanctl options are in a different directory (namely src/swanctl/swanctl.opt which I forgot to diff. What I will do for now is to add instructions in the .nix files how to update the options. I will also add the new swanctl options that I forgot to add. (Please give me a day to fix this). For the future we can reduce the maintenance work by generating the NixOS options from the options in the .opt file like I suggested in this TODO.

Are there other potential disadvantages of having lots of NixOS options?

The advantages to moving the strongSwan configuration from text files to NixOS options are, more type safety (things go wrong at evaluation-time rather then at strongSwan run-time) and better composability.

@basvandijk
Copy link
Member Author

I just noticed that the test doesn't always succeed. I described the failure on the strongSwan mailinglist but I will copy it below.

@aszlig since you were so helpful with the last issue do you have an idea what's going wrong?

I noticed that my test succeeds most of the time but I just observed a test run where carol keeps trying to ping alice but fails each time. The following line from the test log seems suspect:

carol# [ 4.538963] charon-systemd[716]: received NO_PROPOSAL_CHOSEN notify error

I haven't looked into this error yet but I suspect it's a concurrency issue. Note that all machines start up at the same time. I think if I first start moon, wait for the strongswan-swanctl.service to start
and then start carol it always succeeds. But I rather not introduce that sequentialism and I suspect that strongSwan should be able to handle not fully booted gateways and that I just forgot to configure
some option somewhere.

Any ideas why the test sometimes fails?

@basvandijk
Copy link
Member Author

I fixed the test by delaying the startup of carol after moon has started the strongswan-swanctl service.

@basvandijk
Copy link
Member Author

After some more discussion on the strongSwan list I simplified the test by starting all machines in parallel again and setting start_action=trap on both carol and moon. I haven't been able to reproduce the earlier NO_PROPOSAL_CHOSEN error after many test runs so I'm fairly confident it works reliably now.

@globin
Copy link
Member

globin commented Sep 1, 2017

Haven't had the time to review and don't know too much about strongswan, but I'd really prefer only having one module for it. If this means deprecating and removing the old one so be it, but having to maintain two is IMHO not what we want.

@basvandijk
Copy link
Member Author

basvandijk commented Sep 1, 2017
edited

@globin yes I think it makes sense to eventually deprecate the old current strongswan module in favor of this one.

However since both modules use very different implementations with their own configuration files (the old module uses the ipsec executable with an ipsec.conf based configuraton and the new module uses charon-systemd and swanctl with a swanctl.conf based configuration), requiring users to upgrade from old to new should not be taken lightly (I went to the process and it's not trivial).

So I propose the following process:

  1. Have both modules for 17.09.
  2. Deprecate the old in 18.03 (by issuing a warning when you enable it).
  3. Remove the old in 18.09 or possibly even later.

An alternative is to only deprecate the old when the strongSwan project decides to deprecate it. (Currently both ipsec and swanctl are fully supported).

@basvandijk basvandijk force-pushed the strongswan-swanctl branch 3 times, most recently from 131de2b to fc9b43f Compare September 2, 2017 13:45
@basvandijk
Copy link
Member Author

basvandijk commented Sep 2, 2017
edited

I've made three small changes to the PR:

  • All strongswan and swanctl options now default to null. Previously they defaulted to the default specified by strongSwan and if an option was set to the default it would not be rendered in the config file. I think it's better if options set by the user are always rendered in the config file regardless if they're set to the strongSwan default.

  • The strongSwan default is documented in the option description.

  • In the test I had set start_action=trap for moon. Thinking about this some more I realized this setting doesn't make sense for moon so I removed it. The test appears to be stable.

@eqyiel eqyiel mentioned this pull request Oct 3, 2017
Closed
@basvandijk
Copy link
Member Author

What would be needed to make progress on this PR?

@basvandijk
Copy link
Member Author

basvandijk commented Dec 24, 2017
edited

EDITED: reduced the number of options from 1152 to 756

For reference, note that the following 756 options are added by the strongswan-swanctl module proposed in this PR:

services.strongswan-swanctl.enable
services.strongswan-swanctl.package

services.strongswan-swanctl.strongswan.aikgen.load
services.strongswan-swanctl.strongswan.attest.database
services.strongswan-swanctl.strongswan.attest.load
services.strongswan-swanctl.strongswan.charon-nm.ca_dir
services.strongswan-swanctl.strongswan.charon-systemd.accept_unencrypted_mainmode_messages
services.strongswan-swanctl.strongswan.charon-systemd.block_threshold
services.strongswan-swanctl.strongswan.charon-systemd.cache_crls
services.strongswan-swanctl.strongswan.charon-systemd.cert_cache
services.strongswan-swanctl.strongswan.charon-systemd.cisco_unity
services.strongswan-swanctl.strongswan.charon-systemd.close_ike_on_child_failure
services.strongswan-swanctl.strongswan.charon-systemd.cookie_threshold
services.strongswan-swanctl.strongswan.charon-systemd.crypto_test.bench
services.strongswan-swanctl.strongswan.charon-systemd.crypto_test.bench_size
services.strongswan-swanctl.strongswan.charon-systemd.crypto_test.bench_time
services.strongswan-swanctl.strongswan.charon-systemd.crypto_test.on_add
services.strongswan-swanctl.strongswan.charon-systemd.crypto_test.on_create
services.strongswan-swanctl.strongswan.charon-systemd.crypto_test.required
services.strongswan-swanctl.strongswan.charon-systemd.crypto_test.rng_true
services.strongswan-swanctl.strongswan.charon-systemd.delete_rekeyed
services.strongswan-swanctl.strongswan.charon-systemd.delete_rekeyed_delay
services.strongswan-swanctl.strongswan.charon-systemd.dh_exponent_ansi_x9_42
services.strongswan-swanctl.strongswan.charon-systemd.dlopen_use_rtld_now
services.strongswan-swanctl.strongswan.charon-systemd.dns1
services.strongswan-swanctl.strongswan.charon-systemd.dns2
services.strongswan-swanctl.strongswan.charon-systemd.dos_protection
services.strongswan-swanctl.strongswan.charon-systemd.ecp_x_coordinate_only
services.strongswan-swanctl.strongswan.charon-systemd.filelog
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.app
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.append
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.asn
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.cfg
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.chd
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.default
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.dmn
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.enc
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.esp
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.flush_line
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.ike
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.ike_name
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.imc
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.imv
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.job
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.knl
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.lib
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.mgr
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.net
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.pts
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.time_add_ms
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.time_format
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.tls
services.strongswan-swanctl.strongswan.charon-systemd.filelog.<name>.tnc
services.strongswan-swanctl.strongswan.charon-systemd.flush_auth_cfg
services.strongswan-swanctl.strongswan.charon-systemd.follow_redirects
services.strongswan-swanctl.strongswan.charon-systemd.fragment_size
services.strongswan-swanctl.strongswan.charon-systemd.group
services.strongswan-swanctl.strongswan.charon-systemd.half_open_timeout
services.strongswan-swanctl.strongswan.charon-systemd.hash_and_url
services.strongswan-swanctl.strongswan.charon-systemd.host_resolver.max_threads
services.strongswan-swanctl.strongswan.charon-systemd.host_resolver.min_threads
services.strongswan-swanctl.strongswan.charon-systemd.i_dont_care_about_security_and_use_aggressive_mode_psk
services.strongswan-swanctl.strongswan.charon-systemd.ignore_acquire_ts
services.strongswan-swanctl.strongswan.charon-systemd.ignore_routing_tables
services.strongswan-swanctl.strongswan.charon-systemd.ikesa_limit
services.strongswan-swanctl.strongswan.charon-systemd.ikesa_table_segments
services.strongswan-swanctl.strongswan.charon-systemd.ikesa_table_size
services.strongswan-swanctl.strongswan.charon-systemd.imcv.assessment_result
services.strongswan-swanctl.strongswan.charon-systemd.imcv.database
services.strongswan-swanctl.strongswan.charon-systemd.imcv.os_info.default_password_enabled
services.strongswan-swanctl.strongswan.charon-systemd.imcv.os_info.name
services.strongswan-swanctl.strongswan.charon-systemd.imcv.os_info.version
services.strongswan-swanctl.strongswan.charon-systemd.imcv.policy_script
services.strongswan-swanctl.strongswan.charon-systemd.inactivity_close_ike
services.strongswan-swanctl.strongswan.charon-systemd.init_limit_half_open
services.strongswan-swanctl.strongswan.charon-systemd.init_limit_job_load
services.strongswan-swanctl.strongswan.charon-systemd.initiator_only
services.strongswan-swanctl.strongswan.charon-systemd.install_routes
services.strongswan-swanctl.strongswan.charon-systemd.install_virtual_ip
services.strongswan-swanctl.strongswan.charon-systemd.install_virtual_ip_on
services.strongswan-swanctl.strongswan.charon-systemd.integrity_test
services.strongswan-swanctl.strongswan.charon-systemd.interfaces_ignore
services.strongswan-swanctl.strongswan.charon-systemd.interfaces_use
services.strongswan-swanctl.strongswan.charon-systemd.journal.app
services.strongswan-swanctl.strongswan.charon-systemd.journal.asn
services.strongswan-swanctl.strongswan.charon-systemd.journal.cfg
services.strongswan-swanctl.strongswan.charon-systemd.journal.chd
services.strongswan-swanctl.strongswan.charon-systemd.journal.default
services.strongswan-swanctl.strongswan.charon-systemd.journal.dmn
services.strongswan-swanctl.strongswan.charon-systemd.journal.enc
services.strongswan-swanctl.strongswan.charon-systemd.journal.esp
services.strongswan-swanctl.strongswan.charon-systemd.journal.ike
services.strongswan-swanctl.strongswan.charon-systemd.journal.imc
services.strongswan-swanctl.strongswan.charon-systemd.journal.imv
services.strongswan-swanctl.strongswan.charon-systemd.journal.job
services.strongswan-swanctl.strongswan.charon-systemd.journal.knl
services.strongswan-swanctl.strongswan.charon-systemd.journal.lib
services.strongswan-swanctl.strongswan.charon-systemd.journal.mgr
services.strongswan-swanctl.strongswan.charon-systemd.journal.net
services.strongswan-swanctl.strongswan.charon-systemd.journal.pts
services.strongswan-swanctl.strongswan.charon-systemd.journal.tls
services.strongswan-swanctl.strongswan.charon-systemd.journal.tnc
services.strongswan-swanctl.strongswan.charon-systemd.keep_alive
services.strongswan-swanctl.strongswan.charon-systemd.leak_detective.detailed
services.strongswan-swanctl.strongswan.charon-systemd.leak_detective.usage_threshold
services.strongswan-swanctl.strongswan.charon-systemd.leak_detective.usage_threshold_count
services.strongswan-swanctl.strongswan.charon-systemd.load
services.strongswan-swanctl.strongswan.charon-systemd.load_modular
services.strongswan-swanctl.strongswan.charon-systemd.make_before_break
services.strongswan-swanctl.strongswan.charon-systemd.max_ikev1_exchanges
services.strongswan-swanctl.strongswan.charon-systemd.max_packet
services.strongswan-swanctl.strongswan.charon-systemd.multiple_authentication
services.strongswan-swanctl.strongswan.charon-systemd.nbns1
services.strongswan-swanctl.strongswan.charon-systemd.nbns2
services.strongswan-swanctl.strongswan.charon-systemd.plugins.addrblock.strict
services.strongswan-swanctl.strongswan.charon-systemd.plugins.android_log.loglevel
services.strongswan-swanctl.strongswan.charon-systemd.plugins.attr
services.strongswan-swanctl.strongswan.charon-systemd.plugins.attr-sql.crash_recovery
services.strongswan-swanctl.strongswan.charon-systemd.plugins.attr-sql.database
services.strongswan-swanctl.strongswan.charon-systemd.plugins.attr-sql.lease_history
services.strongswan-swanctl.strongswan.charon-systemd.plugins.bliss.use_bliss_b
services.strongswan-swanctl.strongswan.charon-systemd.plugins.bypass-lan.interfaces_ignore
services.strongswan-swanctl.strongswan.charon-systemd.plugins.bypass-lan.interfaces_use
services.strongswan-swanctl.strongswan.charon-systemd.plugins.certexpire.csv.cron
services.strongswan-swanctl.strongswan.charon-systemd.plugins.certexpire.csv.empty_string
services.strongswan-swanctl.strongswan.charon-systemd.plugins.certexpire.csv.fixed_fields
services.strongswan-swanctl.strongswan.charon-systemd.plugins.certexpire.csv.force
services.strongswan-swanctl.strongswan.charon-systemd.plugins.certexpire.csv.format
services.strongswan-swanctl.strongswan.charon-systemd.plugins.certexpire.csv.local
services.strongswan-swanctl.strongswan.charon-systemd.plugins.certexpire.csv.remote
services.strongswan-swanctl.strongswan.charon-systemd.plugins.certexpire.csv.separator
services.strongswan-swanctl.strongswan.charon-systemd.plugins.coupling.file
services.strongswan-swanctl.strongswan.charon-systemd.plugins.coupling.hash
services.strongswan-swanctl.strongswan.charon-systemd.plugins.coupling.max
services.strongswan-swanctl.strongswan.charon-systemd.plugins.curl.redir
services.strongswan-swanctl.strongswan.charon-systemd.plugins.dhcp.force_server_address
services.strongswan-swanctl.strongswan.charon-systemd.plugins.dhcp.identity_lease
services.strongswan-swanctl.strongswan.charon-systemd.plugins.dhcp.interface
services.strongswan-swanctl.strongswan.charon-systemd.plugins.dhcp.server
services.strongswan-swanctl.strongswan.charon-systemd.plugins.dnscert.enable
services.strongswan-swanctl.strongswan.charon-systemd.plugins.duplicheck.enable
services.strongswan-swanctl.strongswan.charon-systemd.plugins.duplicheck.socket
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-aka.request_identity
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-aka-3ggp2.seq_check
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-dynamic.prefer_user
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-dynamic.preferred
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-gtc.backend
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-peap.fragment_size
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-peap.include_length
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-peap.max_message_count
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-peap.phase2_method
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-peap.phase2_piggyback
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-peap.phase2_tnc
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-peap.request_peer_auth
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.accounting
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.accounting_close_on_timeout
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.accounting_interval
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.accounting_requires_vip
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.class_group
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.close_all_on_timeout
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.dae.enable
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.dae.listen
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.dae.port
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.dae.secret
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.eap_start
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.filter_id
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.forward.ike_to_radius
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.forward.radius_to_ike
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.id_prefix
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.nas_identifier
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.port
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.retransmit_base
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.retransmit_timeout
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.retransmit_tries
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.secret
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.server
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.servers
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.servers.<name>.acct_port
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.servers.<name>.address
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.servers.<name>.auth_port
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.servers.<name>.nas_identifier
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.servers.<name>.preference
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.servers.<name>.secret
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.servers.<name>.sockets
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.sockets
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.xauth
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.xauth.<name>.answer
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.xauth.<name>.nextpin
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.xauth.<name>.passcode
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-radius.xauth.<name>.password
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-sim.request_identity
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-simaka-sql.database
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-simaka-sql.remove_used
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-tls.fragment_size
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-tls.include_length
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-tls.max_message_count
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-tnc.max_message_count
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-tnc.protocol
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-ttls.fragment_size
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-ttls.include_length
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-ttls.max_message_count
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-ttls.phase2_method
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-ttls.phase2_piggyback
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-ttls.phase2_tnc
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-ttls.request_peer_auth
services.strongswan-swanctl.strongswan.charon-systemd.plugins.eap-ttls-phase2_tnc_method
services.strongswan-swanctl.strongswan.charon-systemd.plugins.error-notify.socket
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ext-auth.script
services.strongswan-swanctl.strongswan.charon-systemd.plugins.gcrypt.quick_random
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.autobalance
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.fifo_interface
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.heartbeat_delay
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.heartbeat_timeout
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.local
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.monitor
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.pools
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.remote
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.resync
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.secret
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ha.segment_count
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ipseckey.enable
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-libipsec.allow_peer_ts
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.buflen
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.force_receive_buffer_size
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.fwmark
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.mss
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.mtu
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.receive_buffer_size
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.roam_events
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.set_proto_port_transport_sa
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.spdh_thresh.ipv4.lbits
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.spdh_thresh.ipv4.rbits
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.spdh_thresh.ipv6.lbits
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.spdh_thresh.ipv6.rbits
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-netlink.xfrm_acq_expires
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-pfkey.events_buffer_size
services.strongswan-swanctl.strongswan.charon-systemd.plugins.kernel-pfroute.vip_wait
services.strongswan-swanctl.strongswan.charon-systemd.plugins.led.activity_led
services.strongswan-swanctl.strongswan.charon-systemd.plugins.led.blink_time
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.addrs
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.addrs_keep
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.addrs_prefix
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.ca_dir
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.child_rekey
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.crl
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.delay
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.delete_after_established
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.digest
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.dpd_delay
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.dynamic_port
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.eap_password
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.enable
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.esp
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.fake_kernel
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.ike_rekey
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.init_limit
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.initiator
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.initiator_auth
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.initiator_id
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.initiator_match
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.initiator_tsi
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.initiator_tsr
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.initiators
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.issuer_cert
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.issuer_key
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.iterations
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.mode
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.pool
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.preshared_key
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.proposal
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.request_virtual_ip
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.responder
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.responder_auth
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.responder_id
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.responder_tsi
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.responder_tsr
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.shutdown_when_complete
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.socket
services.strongswan-swanctl.strongswan.charon-systemd.plugins.load-tester.version
services.strongswan-swanctl.strongswan.charon-systemd.plugins.lookip.socket
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ntru.max_drbg_requests
services.strongswan-swanctl.strongswan.charon-systemd.plugins.ntru.parameter_set
services.strongswan-swanctl.strongswan.charon-systemd.plugins.openssl.engine_id
services.strongswan-swanctl.strongswan.charon-systemd.plugins.openssl.fips_mode
services.strongswan-swanctl.strongswan.charon-systemd.plugins.osx-attr.append
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.load_certs
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.modules
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.modules.<name>.load_certs
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.modules.<name>.os_locking
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.modules.<name>.path
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.reload_certs
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.use_dh
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.use_ecc
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.use_hasher
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.use_pubkey
services.strongswan-swanctl.strongswan.charon-systemd.plugins.pkcs11.use_rng
services.strongswan-swanctl.strongswan.charon-systemd.plugins.radattr.dir
services.strongswan-swanctl.strongswan.charon-systemd.plugins.radattr.message_id
services.strongswan-swanctl.strongswan.charon-systemd.plugins.random.random
services.strongswan-swanctl.strongswan.charon-systemd.plugins.random.strong_equals_true
services.strongswan-swanctl.strongswan.charon-systemd.plugins.random.urandom
services.strongswan-swanctl.strongswan.charon-systemd.plugins.resolve.file
services.strongswan-swanctl.strongswan.charon-systemd.plugins.resolve.resolvconf.iface_prefix
services.strongswan-swanctl.strongswan.charon-systemd.plugins.revocation.enable_crl
services.strongswan-swanctl.strongswan.charon-systemd.plugins.revocation.enable_ocsp
services.strongswan-swanctl.strongswan.charon-systemd.plugins.socket-default.fwmark
services.strongswan-swanctl.strongswan.charon-systemd.plugins.socket-default.set_source
services.strongswan-swanctl.strongswan.charon-systemd.plugins.socket-default.set_sourceif
services.strongswan-swanctl.strongswan.charon-systemd.plugins.socket-default.use_ipv4
services.strongswan-swanctl.strongswan.charon-systemd.plugins.socket-default.use_ipv6
services.strongswan-swanctl.strongswan.charon-systemd.plugins.sql.database
services.strongswan-swanctl.strongswan.charon-systemd.plugins.sql.loglevel
services.strongswan-swanctl.strongswan.charon-systemd.plugins.stroke.allow_swap
services.strongswan-swanctl.strongswan.charon-systemd.plugins.stroke.ignore_missing_ca_basic_constraint
services.strongswan-swanctl.strongswan.charon-systemd.plugins.stroke.max_concurrent
services.strongswan-swanctl.strongswan.charon-systemd.plugins.stroke.secrets_file
services.strongswan-swanctl.strongswan.charon-systemd.plugins.stroke.socket
services.strongswan-swanctl.strongswan.charon-systemd.plugins.stroke.timeout
services.strongswan-swanctl.strongswan.charon-systemd.plugins.systime-fix.interval
services.strongswan-swanctl.strongswan.charon-systemd.plugins.systime-fix.reauth
services.strongswan-swanctl.strongswan.charon-systemd.plugins.systime-fix.threshold
services.strongswan-swanctl.strongswan.charon-systemd.plugins.systime-fix.threshold_format
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-ifmap.client_cert
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-ifmap.client_key
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-ifmap.device_name
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-ifmap.renew_session_interval
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-ifmap.server_cert
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-ifmap.server_uri
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-ifmap.username_password
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-imc.dlcose
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-imc.preferred_language
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-imv.dlcose
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-imv.recommendation_policy
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-pdp.pt_tls.enable
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-pdp.pt_tls.port
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-pdp.radius.enable
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-pdp.radius.method
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-pdp.radius.port
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-pdp.radius.secret
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-pdp.server
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnc-pdp.timeout
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnccs-11.max_message_size
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnccs-20.max_batch_size
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnccs-20.max_message_size
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tnccs-20.mutual
services.strongswan-swanctl.strongswan.charon-systemd.plugins.tpm.use_rng
services.strongswan-swanctl.strongswan.charon-systemd.plugins.unbound.dlv_anchors
services.strongswan-swanctl.strongswan.charon-systemd.plugins.unbound.resolv_conf
services.strongswan-swanctl.strongswan.charon-systemd.plugins.unbound.trust_anchors
services.strongswan-swanctl.strongswan.charon-systemd.plugins.updown.dns_handler
services.strongswan-swanctl.strongswan.charon-systemd.plugins.vici.socket
services.strongswan-swanctl.strongswan.charon-systemd.plugins.whitelist.enable
services.strongswan-swanctl.strongswan.charon-systemd.plugins.whitelist.socket
services.strongswan-swanctl.strongswan.charon-systemd.plugins.xauth-eap.backend
services.strongswan-swanctl.strongswan.charon-systemd.plugins.xauth-pam.pam_service
services.strongswan-swanctl.strongswan.charon-systemd.plugins.xauth-pam.session
services.strongswan-swanctl.strongswan.charon-systemd.plugins.xauth-pam.trim_email
services.strongswan-swanctl.strongswan.charon-systemd.port
services.strongswan-swanctl.strongswan.charon-systemd.port_nat_t
services.strongswan-swanctl.strongswan.charon-systemd.prefer_best_path
services.strongswan-swanctl.strongswan.charon-systemd.prefer_configured_proposals
services.strongswan-swanctl.strongswan.charon-systemd.prefer_temporary_addrs
services.strongswan-swanctl.strongswan.charon-systemd.process_route
services.strongswan-swanctl.strongswan.charon-systemd.processor.priority_threads.critical
services.strongswan-swanctl.strongswan.charon-systemd.processor.priority_threads.high
services.strongswan-swanctl.strongswan.charon-systemd.processor.priority_threads.low
services.strongswan-swanctl.strongswan.charon-systemd.processor.priority_threads.medium
services.strongswan-swanctl.strongswan.charon-systemd.receive_delay
services.strongswan-swanctl.strongswan.charon-systemd.receive_delay_request
services.strongswan-swanctl.strongswan.charon-systemd.receive_delay_response
services.strongswan-swanctl.strongswan.charon-systemd.receive_delay_type
services.strongswan-swanctl.strongswan.charon-systemd.replay_window
services.strongswan-swanctl.strongswan.charon-systemd.retransmit_base
services.strongswan-swanctl.strongswan.charon-systemd.retransmit_jitter
services.strongswan-swanctl.strongswan.charon-systemd.retransmit_limit
services.strongswan-swanctl.strongswan.charon-systemd.retransmit_timeout
services.strongswan-swanctl.strongswan.charon-systemd.retransmit_tries
services.strongswan-swanctl.strongswan.charon-systemd.retry_initiate_interval
services.strongswan-swanctl.strongswan.charon-systemd.reuse_ikesa
services.strongswan-swanctl.strongswan.charon-systemd.routing_table
services.strongswan-swanctl.strongswan.charon-systemd.routing_table_prio
services.strongswan-swanctl.strongswan.charon-systemd.send_delay
services.strongswan-swanctl.strongswan.charon-systemd.send_delay_request
services.strongswan-swanctl.strongswan.charon-systemd.send_delay_response
services.strongswan-swanctl.strongswan.charon-systemd.send_delay_type
services.strongswan-swanctl.strongswan.charon-systemd.send_vendor_id
services.strongswan-swanctl.strongswan.charon-systemd.signature_authentication
services.strongswan-swanctl.strongswan.charon-systemd.signature_authentication_constraints
services.strongswan-swanctl.strongswan.charon-systemd.spi_max
services.strongswan-swanctl.strongswan.charon-systemd.spi_min
services.strongswan-swanctl.strongswan.charon-systemd.start-scripts
services.strongswan-swanctl.strongswan.charon-systemd.stop-scripts
services.strongswan-swanctl.strongswan.charon-systemd.syslog.app
services.strongswan-swanctl.strongswan.charon-systemd.syslog.asn
services.strongswan-swanctl.strongswan.charon-systemd.syslog.cfg
services.strongswan-swanctl.strongswan.charon-systemd.syslog.chd
services.strongswan-swanctl.strongswan.charon-systemd.syslog.default
services.strongswan-swanctl.strongswan.charon-systemd.syslog.dmn
services.strongswan-swanctl.strongswan.charon-systemd.syslog.enc
services.strongswan-swanctl.strongswan.charon-systemd.syslog.esp
services.strongswan-swanctl.strongswan.charon-systemd.syslog.identifier
services.strongswan-swanctl.strongswan.charon-systemd.syslog.ike
services.strongswan-swanctl.strongswan.charon-systemd.syslog.ike_name
services.strongswan-swanctl.strongswan.charon-systemd.syslog.imc
services.strongswan-swanctl.strongswan.charon-systemd.syslog.imv
services.strongswan-swanctl.strongswan.charon-systemd.syslog.job
services.strongswan-swanctl.strongswan.charon-systemd.syslog.knl
services.strongswan-swanctl.strongswan.charon-systemd.syslog.lib
services.strongswan-swanctl.strongswan.charon-systemd.syslog.mgr
services.strongswan-swanctl.strongswan.charon-systemd.syslog.net
services.strongswan-swanctl.strongswan.charon-systemd.syslog.pts
services.strongswan-swanctl.strongswan.charon-systemd.syslog.tls
services.strongswan-swanctl.strongswan.charon-systemd.syslog.tnc
services.strongswan-swanctl.strongswan.charon-systemd.threads
services.strongswan-swanctl.strongswan.charon-systemd.tls.cipher
services.strongswan-swanctl.strongswan.charon-systemd.tls.key_exchange
services.strongswan-swanctl.strongswan.charon-systemd.tls.mac
services.strongswan-swanctl.strongswan.charon-systemd.tls.suites
services.strongswan-swanctl.strongswan.charon-systemd.tnc.libtnccs.tnc_config
services.strongswan-swanctl.strongswan.charon-systemd.user
services.strongswan-swanctl.strongswan.charon-systemd.x509.enforce_critical
services.strongswan-swanctl.strongswan.imv_policy_manager.command_allow
services.strongswan-swanctl.strongswan.imv_policy_manager.command_block
services.strongswan-swanctl.strongswan.imv_policy_manager.database
services.strongswan-swanctl.strongswan.imv_policy_manager.load
services.strongswan-swanctl.strongswan.libimcv.debug_level
services.strongswan-swanctl.strongswan.libimcv.load
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-attestation.aik_blob
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-attestation.aik_cert
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-attestation.aik_handle
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-attestation.aik_pubkey
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-attestation.mandatory_dh_groups
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-attestation.nonce_len
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-attestation.pcr_info
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-attestation.use_quote2
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-attestation.use_version_info
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.push_info
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.attributes_natural_language
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.firmware
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.firmware.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.firmware.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.firmware.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.firmware.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.resident_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.resident_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.resident_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.resident_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.resident_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.user_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.user_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.user_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.user_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.control.user_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.attributes_natural_language
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.firmware
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.firmware.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.firmware.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.firmware.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.firmware.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.resident_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.resident_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.resident_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.resident_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.resident_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.user_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.user_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.user_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.user_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.finisher.user_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.attributes_natural_language
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.firmware
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.firmware.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.firmware.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.firmware.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.firmware.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.resident_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.resident_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.resident_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.resident_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.resident_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.user_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.user_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.user_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.user_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.interface.user_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.attributes_natural_language
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.firmware
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.firmware.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.firmware.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.firmware.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.firmware.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.resident_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.resident_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.resident_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.resident_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.resident_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.user_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.user_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.user_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.user_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.marker.user_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.attributes_natural_language
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.firmware
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.firmware.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.firmware.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.firmware.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.firmware.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.resident_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.resident_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.resident_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.resident_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.resident_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.user_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.user_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.user_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.user_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.scanner.user_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.attributes_natural_language
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.certification_state
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.configuration_state
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.firmware
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.firmware.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.firmware.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.firmware.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.firmware.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.machine_type_model
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.pstn_fax_enabled
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.resident_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.resident_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.resident_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.resident_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.resident_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.time_source
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.user_application
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.user_application.<name>.name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.user_application.<name>.patches
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.user_application.<name>.string_version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.user_application.<name>.version
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.user_application_enabled
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.user_application_persistence_enabled
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.vendor_name
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-hcd.subtypes.system.vendor_smi_code
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-os.device_cert
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-os.device_id
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-os.device_pubkey
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-os.push_info
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-scanner.push_info
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-swid.swid_directory
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-swid.swid_full
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-swid.swid_pretty
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-swima.eid_epoch
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-swima.swid_database
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-swima.swid_directory
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-swima.swid_full
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-swima.swid_pretty
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-test.additional_ids
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-test.command
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-test.dummy_size
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-test.retry
services.strongswan-swanctl.strongswan.libimcv.plugins.imc-test.retry_command
services.strongswan-swanctl.strongswan.libimcv.plugins.imv-attestation.cadir
services.strongswan-swanctl.strongswan.libimcv.plugins.imv-attestation.dh_group
services.strongswan-swanctl.strongswan.libimcv.plugins.imv-attestation.hash_algorithm
services.strongswan-swanctl.strongswan.libimcv.plugins.imv-attestation.min_nonce_len
services.strongswan-swanctl.strongswan.libimcv.plugins.imv-attestation.remediation_uri
services.strongswan-swanctl.strongswan.libimcv.plugins.imv-os.remediation_uri
services.strongswan-swanctl.strongswan.libimcv.plugins.imv-scanner.remediation_uri
services.strongswan-swanctl.strongswan.libimcv.plugins.imv-swima.rest_api.timeout
services.strongswan-swanctl.strongswan.libimcv.plugins.imv-swima.rest_api.uri
services.strongswan-swanctl.strongswan.libimcv.plugins.imv-test.rounds
services.strongswan-swanctl.strongswan.libimcv.stderr_quiet
services.strongswan-swanctl.strongswan.libimcv.swid_gen.command
services.strongswan-swanctl.strongswan.libimcv.swid_gen.tag_creator.name
services.strongswan-swanctl.strongswan.libimcv.swid_gen.tag_creator.regid
services.strongswan-swanctl.strongswan.manager.database
services.strongswan-swanctl.strongswan.manager.debug
services.strongswan-swanctl.strongswan.manager.load
services.strongswan-swanctl.strongswan.manager.socket
services.strongswan-swanctl.strongswan.manager.threads
services.strongswan-swanctl.strongswan.manager.timeout
services.strongswan-swanctl.strongswan.medcli.database
services.strongswan-swanctl.strongswan.medcli.dpd
services.strongswan-swanctl.strongswan.medcli.rekey
services.strongswan-swanctl.strongswan.medsrv.database
services.strongswan-swanctl.strongswan.medsrv.debug
services.strongswan-swanctl.strongswan.medsrv.dpd
services.strongswan-swanctl.strongswan.medsrv.load
services.strongswan-swanctl.strongswan.medsrv.password_length
services.strongswan-swanctl.strongswan.medsrv.rekey
services.strongswan-swanctl.strongswan.medsrv.socket
services.strongswan-swanctl.strongswan.medsrv.threads
services.strongswan-swanctl.strongswan.medsrv.timeout
services.strongswan-swanctl.strongswan.pacman.database
services.strongswan-swanctl.strongswan.pki.load
services.strongswan-swanctl.strongswan.pool.database
services.strongswan-swanctl.strongswan.pool.load
services.strongswan-swanctl.strongswan.pt-tls-client.load
services.strongswan-swanctl.strongswan.scepclient.load
services.strongswan-swanctl.strongswan.starter.config_file
services.strongswan-swanctl.strongswan.starter.load_warning
services.strongswan-swanctl.strongswan.sw-collector.database
services.strongswan-swanctl.strongswan.sw-collector.first_file
services.strongswan-swanctl.strongswan.sw-collector.first_time
services.strongswan-swanctl.strongswan.sw-collector.history
services.strongswan-swanctl.strongswan.sw-collector.load
services.strongswan-swanctl.strongswan.sw-collector.rest_api.timeout
services.strongswan-swanctl.strongswan.sw-collector.rest_api.uri
services.strongswan-swanctl.strongswan.swanctl.load
services.strongswan-swanctl.strongswan.swanctl.socket

services.strongswan-swanctl.swanctl.authorities
services.strongswan-swanctl.swanctl.authorities.<name>.cacert
services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base
services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris
services.strongswan-swanctl.swanctl.authorities.<name>.file
services.strongswan-swanctl.swanctl.authorities.<name>.handle
services.strongswan-swanctl.swanctl.authorities.<name>.module
services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris
services.strongswan-swanctl.swanctl.authorities.<name>.slot
services.strongswan-swanctl.swanctl.connections
services.strongswan-swanctl.swanctl.connections.<name>.aggressive
services.strongswan-swanctl.swanctl.connections.<name>.children
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_action
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_action
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.inactivity
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_bytes
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packets
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_time
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_out
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.priority
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_bytes
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_packets
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_time
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_bytes
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packets
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_time
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.replay_window
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.reqid
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.sha256_96
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.updown
services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay
services.strongswan-swanctl.swanctl.connections.<name>.dpd_timeout
services.strongswan-swanctl.swanctl.connections.<name>.dscp
services.strongswan-swanctl.swanctl.connections.<name>.encap
services.strongswan-swanctl.swanctl.connections.<name>.fragmentation
services.strongswan-swanctl.swanctl.connections.<name>.keyingtries
services.strongswan-swanctl.swanctl.connections.<name>.local
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.module
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.xauth_id
services.strongswan-swanctl.swanctl.connections.<name>.local_addrs
services.strongswan-swanctl.swanctl.connections.<name>.local_port
services.strongswan-swanctl.swanctl.connections.<name>.mediated_by
services.strongswan-swanctl.swanctl.connections.<name>.mediation
services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer
services.strongswan-swanctl.swanctl.connections.<name>.mobike
services.strongswan-swanctl.swanctl.connections.<name>.over_time
services.strongswan-swanctl.swanctl.connections.<name>.pools
services.strongswan-swanctl.swanctl.connections.<name>.proposals
services.strongswan-swanctl.swanctl.connections.<name>.pull
services.strongswan-swanctl.swanctl.connections.<name>.rand_time
services.strongswan-swanctl.swanctl.connections.<name>.reauth_time
services.strongswan-swanctl.swanctl.connections.<name>.rekey_time
services.strongswan-swanctl.swanctl.connections.<name>.remote
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.eap_id
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round
services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs
services.strongswan-swanctl.swanctl.connections.<name>.remote_port
services.strongswan-swanctl.swanctl.connections.<name>.send_cert
services.strongswan-swanctl.swanctl.connections.<name>.send_certreq
services.strongswan-swanctl.swanctl.connections.<name>.unique
services.strongswan-swanctl.swanctl.connections.<name>.version
services.strongswan-swanctl.swanctl.connections.<name>.vips
services.strongswan-swanctl.swanctl.pools
services.strongswan-swanctl.swanctl.pools.<name>.addrs
services.strongswan-swanctl.swanctl.pools.<name>.dhcp
services.strongswan-swanctl.swanctl.pools.<name>.dns
services.strongswan-swanctl.swanctl.pools.<name>.nbns
services.strongswan-swanctl.swanctl.pools.<name>.netmask
services.strongswan-swanctl.swanctl.pools.<name>.server
services.strongswan-swanctl.swanctl.pools.<name>.split_exclude
services.strongswan-swanctl.swanctl.pools.<name>.split_include
services.strongswan-swanctl.swanctl.pools.<name>.subnet
services.strongswan-swanctl.swanctl.secrets.eap
services.strongswan-swanctl.swanctl.secrets.eap.<name>.id
services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret
services.strongswan-swanctl.swanctl.secrets.ecdsa
services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.file
services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.secret
services.strongswan-swanctl.swanctl.secrets.ike
services.strongswan-swanctl.swanctl.secrets.ike.<name>.id
services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret
services.strongswan-swanctl.swanctl.secrets.ntlm
services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.id
services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.secret
services.strongswan-swanctl.swanctl.secrets.pkcs12
services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file
services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret
services.strongswan-swanctl.swanctl.secrets.pkcs8
services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.file
services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secret
services.strongswan-swanctl.swanctl.secrets.private
services.strongswan-swanctl.swanctl.secrets.private.<name>.file
services.strongswan-swanctl.swanctl.secrets.private.<name>.secret
services.strongswan-swanctl.swanctl.secrets.rsa
services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file
services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret
services.strongswan-swanctl.swanctl.secrets.token
services.strongswan-swanctl.swanctl.secrets.token.<name>.handle
services.strongswan-swanctl.swanctl.secrets.token.<name>.module
services.strongswan-swanctl.swanctl.secrets.token.<name>.pin
services.strongswan-swanctl.swanctl.secrets.token.<name>.slot
services.strongswan-swanctl.swanctl.secrets.xauth
services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id
services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secret

This list was compiled by executing:

grep -oP '<code class="option">\Kservices\.strongswan-swanctl\..*(?=</code></a>)' \
  $(nix-build nixos/release.nix -A manual --no-out-link)/share/doc/nixos/options.html \
  | sed 's|&lt;|<|g;s|&gt;|>|g'

@basvandijk
Copy link
Member Author

The last commit reduces the number of options by 396 (from 1152 to 756).

@teto teto mentioned this pull request Dec 25, 2017
Closed
@bgamari
Copy link
Contributor

bgamari commented Feb 26, 2018

Indeed it would be nice to see this merged.

bgamari
bgamari reviewed Feb 27, 2018
View reviewed changes
nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix Outdated
'';

private = mkPrefixedAttrsOfParams {
file = mkPrefixedAttrsOfParam (mkOptionalStrParam "") ''
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this just be a string?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, that should be a string indeed. I'll update it.

@bgamari
Copy link
Contributor

bgamari commented Feb 27, 2018

For the record I have rebased this with onto my cross-compilation work https://github.com/bgamari/nixpkgs/tree/strongswan-swanctl and have successfully used it.

@basvandijk
Copy link
Member Author

@bgamari thanks for trying this out! Last time I discussed this PR on the mailinglist I got some complaints that this PR introduced to many new options. So I proposed I compromise: drop the 607 strongswan.conf NixOS options but keep the swanctl options. What's your view on this?

bgamari
bgamari reviewed Feb 27, 2018
View reviewed changes
nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix Outdated
'';

ecdsa = mkPrefixedAttrsOfParams {
file = mkPrefixedAttrsOfParam (mkOptionalStrParam "") ''
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this and the other file options surrounding also should be plain strings.

@bgamari
Copy link
Contributor

bgamari commented Feb 27, 2018

I can see the value in having a more structured representation of configuration but I can also see how others might think that it unduly clutters the option namespace and documentation. Perhaps we can split up the options from the core change of moving from ipsec to swanctl so these can be discussed in isolation?

@basvandijk
nixos: add the strongswan-swanctl service
bd24b3a 
The strongswan-swanctl systemd service starts charon-systemd. This implements a IKE daemon
very similar to charon, but it's specifically designed for use with systemd. It uses the
systemd libraries for a native integration.

Instead of using starter and an ipsec.conf based configuration, the daemon is directly
managed by systemd and configured with the swanctl configuration backend.

See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd

Note that the strongswan.conf and swantctl.conf configuration files are automatically
generated based on NixOS options under services.strongswan-swanctl.strongswan and
services.strongswan-swanctl.swanctl respectively.
@basvandijk
strongswan-swanctl: support strongswan-5.6.1 configuration options
7cc5ee2 
I determined which options got changed by executing the following
commands in the strongswan repository:

  git diff -U20 5.6.0..5.6.1 src/swanctl/swanctl.opt
  git diff -U20 5.6.0..5.6.1 conf
@basvandijk
strongswan-swanctl: don't generate options for charon
7c94804 
This reduces the number of options from 1152 to 756.
@basvandijk
strongswan-swanctl: support strongswan-5.6.2 configuration options
592a89b
@basvandijk
Copy link
Member Author

I've rebased this PR on the current master, I've updated the options to the just released StrongSwan-5.6.2, I fixed the file options and the test and I implemented my proposed compromise by dropping the 600+ strongswan options in favor of a literal configuration. Now we have a respectable 134 new options.

@basvandijk
Copy link
Member Author

@fpletz care to review again?

@matthewbauer matthewbauer merged commit e4717c9 into NixOS:master Apr 21, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bgamari bgamari bgamari left review comments

@fpletz fpletz fpletz approved these changes

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (new) 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
17.09
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@basvandijk @mention-bot @globin @bgamari @fpletz @matthewbauer @NeQuissimus @GrahamcOfBorg