VPN, and location properties which are already
defined. (Assigning new properties is permitted.)
+ * It is not permitted to define new VPN-level
+ properties.
+
Finally, the properties.
- If a property has already been defined on an item, then it is an
- error to try to redefine it.
+ Usually, if a property has already been defined on an item, then
+ it is an error to try to redefine it. But some properties are
+ list-like: the values are accumulated into a single list.
Mostly, properties are written to corresponding assignments in
the generated Secnet configuration file, . The entries below
location levels.
dh P G
- Assigns a Diffie--Hellman closure to the `dh' key,
- constructed as `diffie-hellman(P, G)'. Acceptable at all
- levels; required at site level.
+ dh GROUP-NAME
+ Assigns a Diffie--Hellman closure to the `dh' key. If
+ MODULUS and GENERATOR are given, the closure is
+ constructed as `diffie-hellman(P, G)'. If a GROUP-NAME
+ is given, it must be one of `x25519' or `x448', and the
+ like-named pre-existing DH closure is used. This is a
+ listish property: it can be set more than once and the
+ values are accumulated into a list in the output.
+
+ Acceptable at all levels; required at site level.
hash HASH-NAME
Assigns the HASH-NAME to the `hash' key. The HASH-NAME
- must be one of `md5' or `sha1', and the corresponding
- hash closure is used. Acceptable at all levels;
- required at site level.
+ must be one of `md5', `sha1', or `sha512', and the
+ corresponding hash closure is used. Acceptable at all
+ levels; required at site level.
key-lifetime INT
setup-timeout INT