Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/strongswan/strongswan/llms.txt

Use this file to discover all available pages before exploring further.

swanctl.conf is the main configuration file for the swanctl VPN manager. It uses a hierarchical key-value syntax. The top-level sections are connections, pools, secrets, and authorities.
You can split your configuration across multiple files using include conf.d/*.conf at the bottom of swanctl.conf.

connections

Defines IKE connection configurations. Each connection is a named subsection. 
connections {
  <conn> {
    ...
  }
}

connections.<conn> — IKE connection settings

version
number
default:"0"
IKE major version. 1 = IKEv1, 2 = IKEv2. The default 0 accepts both IKEv1 and IKEv2 as responder, and initiates with IKEv2.
local_addrs
string
default:"%any"
Local address(es) for IKE communication, comma-separated. Accepts IPs, DNS names, CIDR subnets, or ranges. %any matches all addresses.
remote_addrs
string
default:"%any"
Remote address(es) for IKE communication, comma-separated. To initiate a connection, at least one specific address or DNS name must be set.
local_port
number
default:"500"
Local UDP port for IKE. When port 500 is used, automatic IKE port floating to port 4500 is enabled to handle NAT.
remote_port
number
default:"500"
Remote UDP port for IKE. Floating to port 4500 applies when this is 500.
proposals
string
default:"default"
Comma-separated IKE proposals to accept. Algorithms are separated by dashes within a proposal. default uses a safe set of supported algorithms.
vips
string
Comma-separated virtual IPs to request via IKEv2 configuration payloads or IKEv1 Mode Config. Use 0.0.0.0 or :: to request any address.
pools
string
Comma-separated list of named IP pools (from the pools section or an external pool) to allocate virtual IPs from.
rekey_time
string
default:"4h"
Time to schedule IKE SA rekeying. Refreshes key material using a Diffie-Hellman exchange without re-checking credentials. Set to 0 to disable.
reauth_time
string
default:"0s"
Time to schedule IKE reauthentication. Recreates the IKE SA from scratch and re-evaluates credentials. Disabled by default.
over_time
string
default:"10% of rekey/reauth time"
Hard IKE SA lifetime. If rekeying or reauthentication does not complete in time, the IKE SA is closed.
rand_time
string
default:"equal to over_time"
Random time subtracted from rekey_time / reauth_time to avoid simultaneous rekeying on both peers.
mobike
boolean
default:"yes"
Enable MOBIKE on IKEv2 connections. MOBIKE allows client mobility and server multi-homing. Has no effect on IKEv1.
aggressive
boolean
default:"no"
Use Aggressive Mode in IKEv1. Aggressive Mode is less secure because peer identities are exchanged unprotected. Avoid unless required for compatibility.
dpd_delay
string
default:"0s"
Interval for Dead Peer Detection (DPD) liveness checks. 0 disables active DPD.
dpd_timeout
string
default:"0s"
DPD timeout for IKEv1 only. IKEv2 uses the standard retransmission mechanism.
send_certreq
boolean
default:"yes"
Send certificate request payloads to offer trusted CA certificates to the peer. Disabling reduces initial packet size when many CAs are installed.
send_cert
string
default:"ifasked"
Control when certificate payloads are sent. Accepted values: ifasked (only when a certificate request is received), always, never.
fragmentation
string
default:"yes"
IKE fragmentation support. Accepted values: yes, accept, force (IKEv1 only), no.
encap
boolean
default:"no"
Enforce UDP encapsulation of ESP packets by faking NAT-D payloads.
keyingtries
number
default:"1"
Number of retransmission sequences during initial connect. 0 retries indefinitely until established or a permanent error occurs.
unique
string
default:"no"
Connection uniqueness policy. Accepted values: never, no, keep, replace.
if_id_in
string
default:"0"
Default inbound XFRM interface ID inherited by child SAs. %unique allocates a unique ID per IKE SA.
if_id_out
string
default:"0"
Default outbound XFRM interface ID inherited by child SAs.

connections.<conn>.local / .remote — authentication rounds

Each connection can have one or more local and remote subsections. Suffix them (e.g. local-eap, remote1) for multiple authentication rounds.
auth
string
default:"pubkey"
Authentication method. Accepted values:
  • pubkey — certificate-based public key authentication
  • psk — pre-shared key
  • eap / eap-<method> — EAP (IKEv2 only)
  • xauth / xauth-<backend> — XAuth (IKEv1 only)
id
string
IKE identity for this authentication round. When using certificate authentication, this must appear in the certificate’s subject or SAN. For remote, supports wildcards (e.g. *@strongswan.org) and regex.
certs
string
Comma-separated list of certificate files to use (local) or accept (remote). Relative paths are resolved from the swanctl x509 directory.
cacerts
string
Comma-separated list of CA certificate files to accept for authentication. Relative paths are resolved from the swanctl x509ca directory. (remote only)
eap_id
string
EAP identity. On the client side, this is the identity sent in the EAP-Identity exchange.
xauth_id
string
XAuth username used in the XAuth exchange. (local / client side only)
groups
string
Comma-separated authorization group memberships required from the remote peer. (remote only)
revocation
string
default:"relaxed"
Certificate revocation policy. Accepted values:
  • relaxed — fail only if the certificate is explicitly revoked (default)
  • ifuri — fail if a CRL/OCSP URI is present but checking fails
  • strict — fail if no revocation information is available

connections.<conn>.children.<child> — CHILD SA settings

local_ts
string
default:"dynamic"
Local traffic selectors, comma-separated CIDR subnets. dynamic resolves to the tunnel outer address or negotiated virtual IP.
remote_ts
string
default:"dynamic"
Remote traffic selectors, comma-separated CIDR subnets.
esp_proposals
string
default:"default"
ESP proposals for the CHILD SA, comma-separated. default uses a safe set of algorithms.
ah_proposals
string
AH proposals for the CHILD SA. ESP is used by default when neither is specified.
mode
string
default:"tunnel"
IPsec mode. Accepted values:
  • tunnel — IPsec Tunnel Mode (default)
  • transport — IPsec Transport Mode
  • beet — Bound End-to-End Tunnel mode
  • iptfs — IP-TFS tunnel mode
  • pass — bypass traffic from IPsec processing
  • drop — drop matched traffic
start_action
string
default:"none"
Action after loading the configuration.
  • none — load only; initiate manually or act as responder
  • trap — install a trap policy, triggering the tunnel on matching traffic
  • start — initiate the connection immediately
  • trap|start — combine both
close_action
string
default:"none"
Action when the CHILD SA is closed by the peer. none, trap, or start.
dpd_action
string
default:"clear"
Action on DPD timeout. Accepted values: clear (close and take no action), trap (install trap policy), restart (immediately re-negotiate).
rekey_time
string
default:"1h"
Time to schedule CHILD SA rekeying.
life_time
string
default:"rekey_time + 10%"
Maximum CHILD SA lifetime before closure.
rekey_bytes
number
default:"0"
Bytes processed before initiating CHILD SA rekeying. 0 disables volume-based rekeying.
rekey_packets
number
default:"0"
Packets processed before initiating CHILD SA rekeying. 0 disables packet-count-based rekeying.
inactivity
string
default:"0s"
Close the CHILD SA after this period of inactivity in either direction. 0 disables inactivity checks.
updown
string
Path to a script invoked on CHILD SA up/down events.
ipcomp
boolean
default:"no"
Enable IPComp compression before ESP encryption.
replay_window
number
default:"32"
IPsec replay window size. 0 disables replay protection.

pools

Defines named IP address pools for virtual IP allocation. 
pools {
  <name> {
    addrs = 10.10.0.0/24
    dns = 10.10.0.1
  }
}
addrs
string
required
CIDR subnet or address range (<from>-<to>) to allocate from. Pools must be unique and non-overlapping.
dns
string
Comma-separated DNS server addresses pushed to clients.
nbns
string
Comma-separated NBNS/WINS server addresses pushed to clients.
dhcp
string
DHCP server address for dynamic attribute assignment.
split_include
string
Comma-separated subnets pushed as split-include routes.
split_exclude
string
Comma-separated subnets pushed as split-exclude routes.

secrets

Defines secrets for IKE PSK, EAP/XAuth, and private key decryption.
Avoid storing private key decryption passphrases in swanctl.conf. Store private keys unencrypted or enter passphrases interactively with swanctl --load-creds.

IKE pre-shared keys

secrets {
  ike-peer1 {
    id = moon.strongswan.org
    secret = "s3cr3t"
  }
}
secrets.ike-<name>.secret
string
required
Value of the IKE PSK. ASCII string, 0x-prefixed hex, or 0s-prefixed Base64.
secrets.ike-<name>.id
string
IKE identity the PSK belongs to. Multiple id entries are allowed.

EAP / XAuth secrets

secrets {
  eap-carol {
    id = carol
    secret = "password"
  }
}
secrets.eap-<name>.secret
string
required
EAP or XAuth password. xauth is an alias for eap; both are interchangeable.
secrets.eap-<name>.id
string
EAP/XAuth identity the secret belongs to. Multiple id entries are allowed.

Private key passphrases

secrets {
  private-moon {
    file = moonKey.pem
    secret = "passphrase"
  }
}
secrets.private-<name>.file
string
Filename in the swanctl private directory for which this passphrase applies.
secrets.private-<name>.secret
string
Decryption passphrase for the private key.

Token (HSM/smartcard) keys

secrets.token-<name>.handle
string
required
Hex-encoded CKA_ID of the private key on the token.
secrets.token-<name>.slot
number
Optional token slot number.
secrets.token-<name>.module
string
Optional PKCS#11 module name.
secrets.token-<name>.pin
string
Optional PIN to access the key. If omitted, the PIN is prompted interactively during swanctl --load-creds.

authorities

Defines certification authority attributes for revocation checking and certificate URI base. 
authorities {
  strongswan {
    cacert = strongswanCert.pem
    crl_uris = http://crl.strongswan.org/strongswan.crl
    ocsp_uris = http://ocsp.strongswan.org
  }
}
cacert
string
CA certificate filename, relative to the swanctl x509ca directory, or an absolute path.
file
string
Absolute path to the CA certificate. Use instead of cacert for paths outside the swanctl directory.
handle
string
Hex-encoded CKA_ID of the CA certificate on a token.
crl_uris
string
Comma-separated CRL distribution point URIs (LDAP, HTTP, or file).
ocsp_uris
string
Comma-separated OCSP responder URIs.
cert_uri_base
string
Base URI for Hash-and-URL certificate exchange (IKEv2). Certificates are retrieved by appending their SHA-1 hash to this URI.

Full example

connections {
  gw-gw {
    remote_addrs = moon.strongswan.org
    version = 2
    proposals = aes256gcm16-prfsha384-ecp384
    rekey_time = 4h

    local {
      auth = pubkey
      certs = sunCert.pem
      id = sun.strongswan.org
    }
    remote {
      auth = pubkey
      id = moon.strongswan.org
    }
    children {
      gw-gw {
        local_ts = 10.1.0.0/16
        remote_ts = 10.2.0.0/16
        esp_proposals = aes256gcm16-ecp384
        start_action = start
      }
    }
  }
}

secrets {
}

authorities {
  strongswan {
    cacert = strongswanCert.pem
    crl_uris = http://crl.strongswan.org/strongswan.crl
  }
}