Loading nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix +13 −0 Original line number Diff line number Diff line Loading @@ -1093,6 +1093,19 @@ in all kernel interfaces. ''; icmp = mkYesNoParam no '' Whether to forward certain ICMP error messages even if their source IP doesn't match the negotiated IPsec policies. ICMP error messages, such as Destination Unreachable, Time Exceeded or Fragmentation Needed, may be generated by a host whose IP address isn't included in the negotiated traffic selectors and therefore doesn't match the IPsec policies. If this option is enabled and the kernel supports it, such packets may still be forwarded. As ICMP errors contain parts of the IP packet that triggered them, the kernel will base its decision on a reverse policy lookup using that IP header. ''; start_action = mkEnumParam [ "none" "trap" "start" "trap|start" ] "none" '' Action to perform after loading the configuration. Loading pkgs/by-name/st/strongswan/package.nix +3 −3 Original line number Diff line number Diff line Loading @@ -122,13 +122,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "strongswan"; version = "6.0.4"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading! version = "6.0.5"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading! src = fetchFromGitHub { owner = "strongswan"; repo = "strongswan"; tag = finalAttrs.version; hash = "sha256-KRfEH7puwn+PgQvOrkTEowPnGzCtXdsUqg7wBNMypkQ="; hash = "sha256-AB0PNy5UIPb5Pwois9APhyQxDPd55mnwYdhpkKpV+uM="; }; patches = [ Loading Loading @@ -192,7 +192,7 @@ stdenv.mkDerivation (finalAttrs: { meta = { description = "OpenSource IPsec-based VPN solution"; homepage = "https://www.strongswan.org/"; changelog = "https://github.com/strongswan/strongswan/blob/${finalAttrs.src.rev}/ChangeLog"; changelog = "https://github.com/strongswan/strongswan/blob/${finalAttrs.src.rev}/NEWS"; license = lib.licenses.gpl2Plus; maintainers = with lib.maintainers; [ nickcao ]; mainProgram = "swanctl"; Loading Loading
nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix +13 −0 Original line number Diff line number Diff line Loading @@ -1093,6 +1093,19 @@ in all kernel interfaces. ''; icmp = mkYesNoParam no '' Whether to forward certain ICMP error messages even if their source IP doesn't match the negotiated IPsec policies. ICMP error messages, such as Destination Unreachable, Time Exceeded or Fragmentation Needed, may be generated by a host whose IP address isn't included in the negotiated traffic selectors and therefore doesn't match the IPsec policies. If this option is enabled and the kernel supports it, such packets may still be forwarded. As ICMP errors contain parts of the IP packet that triggered them, the kernel will base its decision on a reverse policy lookup using that IP header. ''; start_action = mkEnumParam [ "none" "trap" "start" "trap|start" ] "none" '' Action to perform after loading the configuration. Loading
pkgs/by-name/st/strongswan/package.nix +3 −3 Original line number Diff line number Diff line Loading @@ -122,13 +122,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "strongswan"; version = "6.0.4"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading! version = "6.0.5"; # Make sure to also update <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix> when upgrading! src = fetchFromGitHub { owner = "strongswan"; repo = "strongswan"; tag = finalAttrs.version; hash = "sha256-KRfEH7puwn+PgQvOrkTEowPnGzCtXdsUqg7wBNMypkQ="; hash = "sha256-AB0PNy5UIPb5Pwois9APhyQxDPd55mnwYdhpkKpV+uM="; }; patches = [ Loading Loading @@ -192,7 +192,7 @@ stdenv.mkDerivation (finalAttrs: { meta = { description = "OpenSource IPsec-based VPN solution"; homepage = "https://www.strongswan.org/"; changelog = "https://github.com/strongswan/strongswan/blob/${finalAttrs.src.rev}/ChangeLog"; changelog = "https://github.com/strongswan/strongswan/blob/${finalAttrs.src.rev}/NEWS"; license = lib.licenses.gpl2Plus; maintainers = with lib.maintainers; [ nickcao ]; mainProgram = "swanctl"; Loading
