From 40d728165b064ed5022e1210b4eebac7b508c5fb Mon Sep 17 00:00:00 2001
From: root <root@localhost>
Date: Thu, 14 Nov 2019 10:00:42 +0100
Subject: [PATCH] committing changes in /etc made by "apt-get install
 network-manager-strongswan"

Package changes:
+libcharon-standard-plugins 5.7.1-1ubuntu2 amd64
+libstrongswan 5.7.1-1ubuntu2 amd64
+libstrongswan-standard-plugins 5.7.1-1ubuntu2 amd64
+network-manager-strongswan 1.4.4-2 amd64
+strongswan-libcharon 5.7.1-1ubuntu2 amd64
+strongswan-nm 5.7.1-1ubuntu2 amd64
---
 .etckeeper                                 | 45 +++++++++++
 dbus-1/system.d/nm-strongswan-service.conf | 15 ++++
 strongswan.conf                            | 14 ++++
 strongswan.d/charon/aes.conf               |  8 ++
 strongswan.d/charon/aesni.conf             |  8 ++
 strongswan.d/charon/agent.conf             |  8 ++
 strongswan.d/charon/attr.conf              | 14 ++++
 strongswan.d/charon/bypass-lan.conf        | 17 +++++
 strongswan.d/charon/connmark.conf          |  8 ++
 strongswan.d/charon/constraints.conf       |  8 ++
 strongswan.d/charon/counters.conf          |  8 ++
 strongswan.d/charon/dnskey.conf            |  8 ++
 strongswan.d/charon/eap-mschapv2.conf      |  8 ++
 strongswan.d/charon/fips-prf.conf          |  8 ++
 strongswan.d/charon/gcm.conf               |  8 ++
 strongswan.d/charon/gmp.conf               |  8 ++
 strongswan.d/charon/hmac.conf              |  8 ++
 strongswan.d/charon/kernel-netlink.conf    | 87 ++++++++++++++++++++++
 strongswan.d/charon/md4.conf               |  8 ++
 strongswan.d/charon/md5.conf               |  8 ++
 strongswan.d/charon/mgf1.conf              |  8 ++
 strongswan.d/charon/nonce.conf             |  8 ++
 strongswan.d/charon/openssl.conf           | 14 ++++
 strongswan.d/charon/pem.conf               |  8 ++
 strongswan.d/charon/pgp.conf               |  8 ++
 strongswan.d/charon/pkcs1.conf             |  8 ++
 strongswan.d/charon/pkcs12.conf            |  8 ++
 strongswan.d/charon/pkcs7.conf             |  8 ++
 strongswan.d/charon/pkcs8.conf             |  8 ++
 strongswan.d/charon/pubkey.conf            |  8 ++
 strongswan.d/charon/random.conf            | 18 +++++
 strongswan.d/charon/rc2.conf               |  8 ++
 strongswan.d/charon/resolve.conf           | 18 +++++
 strongswan.d/charon/revocation.conf        | 14 ++++
 strongswan.d/charon/sha1.conf              |  8 ++
 strongswan.d/charon/sha2.conf              |  8 ++
 strongswan.d/charon/socket-default.conf    | 23 ++++++
 strongswan.d/charon/sshkey.conf            |  8 ++
 strongswan.d/charon/updown.conf            | 12 +++
 strongswan.d/charon/x509.conf              |  8 ++
 strongswan.d/charon/xauth-generic.conf     |  8 ++
 strongswan.d/charon/xcbc.conf              |  8 ++
 42 files changed, 531 insertions(+)
 create mode 100644 dbus-1/system.d/nm-strongswan-service.conf
 create mode 100644 strongswan.conf
 create mode 100644 strongswan.d/charon/aes.conf
 create mode 100644 strongswan.d/charon/aesni.conf
 create mode 100644 strongswan.d/charon/agent.conf
 create mode 100644 strongswan.d/charon/attr.conf
 create mode 100644 strongswan.d/charon/bypass-lan.conf
 create mode 100644 strongswan.d/charon/connmark.conf
 create mode 100644 strongswan.d/charon/constraints.conf
 create mode 100644 strongswan.d/charon/counters.conf
 create mode 100644 strongswan.d/charon/dnskey.conf
 create mode 100644 strongswan.d/charon/eap-mschapv2.conf
 create mode 100644 strongswan.d/charon/fips-prf.conf
 create mode 100644 strongswan.d/charon/gcm.conf
 create mode 100644 strongswan.d/charon/gmp.conf
 create mode 100644 strongswan.d/charon/hmac.conf
 create mode 100644 strongswan.d/charon/kernel-netlink.conf
 create mode 100644 strongswan.d/charon/md4.conf
 create mode 100644 strongswan.d/charon/md5.conf
 create mode 100644 strongswan.d/charon/mgf1.conf
 create mode 100644 strongswan.d/charon/nonce.conf
 create mode 100644 strongswan.d/charon/openssl.conf
 create mode 100644 strongswan.d/charon/pem.conf
 create mode 100644 strongswan.d/charon/pgp.conf
 create mode 100644 strongswan.d/charon/pkcs1.conf
 create mode 100644 strongswan.d/charon/pkcs12.conf
 create mode 100644 strongswan.d/charon/pkcs7.conf
 create mode 100644 strongswan.d/charon/pkcs8.conf
 create mode 100644 strongswan.d/charon/pubkey.conf
 create mode 100644 strongswan.d/charon/random.conf
 create mode 100644 strongswan.d/charon/rc2.conf
 create mode 100644 strongswan.d/charon/resolve.conf
 create mode 100644 strongswan.d/charon/revocation.conf
 create mode 100644 strongswan.d/charon/sha1.conf
 create mode 100644 strongswan.d/charon/sha2.conf
 create mode 100644 strongswan.d/charon/socket-default.conf
 create mode 100644 strongswan.d/charon/sshkey.conf
 create mode 100644 strongswan.d/charon/updown.conf
 create mode 100644 strongswan.d/charon/x509.conf
 create mode 100644 strongswan.d/charon/xauth-generic.conf
 create mode 100644 strongswan.d/charon/xcbc.conf

diff --git a/.etckeeper b/.etckeeper
index efc1672..779b740 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -38,6 +38,7 @@ mkdir -p './insserv/overrides'
 mkdir -p './kernel/install.d'
 mkdir -p './libpaper.d'
 mkdir -p './lightdm/lightdm.conf.d'
+mkdir -p './logcheck/violations.ignore.d'
 mkdir -p './netplan'
 mkdir -p './network/interfaces.d'
 mkdir -p './networkd-dispatcher/carrier.d'
@@ -1471,6 +1472,7 @@ maybe chmod 0644 'dbus-1/system.d/kerneloops.dbus'
 maybe chmod 0644 'dbus-1/system.d/net.hadess.SensorProxy.conf'
 maybe chmod 0644 'dbus-1/system.d/net.hadess.SwitcherooControl.conf'
 maybe chmod 0644 'dbus-1/system.d/net.reactivated.Fprint.conf'
+maybe chmod 0644 'dbus-1/system.d/nm-strongswan-service.conf'
 maybe chmod 0644 'dbus-1/system.d/org.debian.apt.conf'
 maybe chmod 0644 'dbus-1/system.d/org.freedesktop.Accounts.conf'
 maybe chmod 0644 'dbus-1/system.d/org.freedesktop.DisplayManager.conf'
@@ -2252,6 +2254,7 @@ maybe chmod 0644 'logcheck/ignore.d.server/rkhunter'
 maybe chmod 0644 'logcheck/ignore.d.server/rsyslog'
 maybe chmod 0755 'logcheck/ignore.d.workstation'
 maybe chmod 0644 'logcheck/ignore.d.workstation/mariadb-server-10_3'
+maybe chmod 0755 'logcheck/violations.ignore.d'
 maybe chmod 0644 'login.defs'
 maybe chmod 0644 'logrotate.conf'
 maybe chmod 0755 'logrotate.d'
@@ -2953,6 +2956,48 @@ maybe chmod 0755 'ssl/server'
 maybe chmod 0644 'ssl/server/server.crt'
 maybe chmod 0644 'ssl/server/server.csr'
 maybe chmod 0600 'ssl/server/server.key'
+maybe chmod 0644 'strongswan.conf'
+maybe chmod 0755 'strongswan.d'
+maybe chmod 0755 'strongswan.d/charon'
+maybe chmod 0644 'strongswan.d/charon/aes.conf'
+maybe chmod 0644 'strongswan.d/charon/aesni.conf'
+maybe chmod 0644 'strongswan.d/charon/agent.conf'
+maybe chmod 0644 'strongswan.d/charon/attr.conf'
+maybe chmod 0644 'strongswan.d/charon/bypass-lan.conf'
+maybe chmod 0644 'strongswan.d/charon/connmark.conf'
+maybe chmod 0644 'strongswan.d/charon/constraints.conf'
+maybe chmod 0644 'strongswan.d/charon/counters.conf'
+maybe chmod 0644 'strongswan.d/charon/dnskey.conf'
+maybe chmod 0644 'strongswan.d/charon/eap-mschapv2.conf'
+maybe chmod 0644 'strongswan.d/charon/fips-prf.conf'
+maybe chmod 0644 'strongswan.d/charon/gcm.conf'
+maybe chmod 0644 'strongswan.d/charon/gmp.conf'
+maybe chmod 0644 'strongswan.d/charon/hmac.conf'
+maybe chmod 0644 'strongswan.d/charon/kernel-netlink.conf'
+maybe chmod 0644 'strongswan.d/charon/md4.conf'
+maybe chmod 0644 'strongswan.d/charon/md5.conf'
+maybe chmod 0644 'strongswan.d/charon/mgf1.conf'
+maybe chmod 0644 'strongswan.d/charon/nonce.conf'
+maybe chmod 0644 'strongswan.d/charon/openssl.conf'
+maybe chmod 0644 'strongswan.d/charon/pem.conf'
+maybe chmod 0644 'strongswan.d/charon/pgp.conf'
+maybe chmod 0644 'strongswan.d/charon/pkcs1.conf'
+maybe chmod 0644 'strongswan.d/charon/pkcs12.conf'
+maybe chmod 0644 'strongswan.d/charon/pkcs7.conf'
+maybe chmod 0644 'strongswan.d/charon/pkcs8.conf'
+maybe chmod 0644 'strongswan.d/charon/pubkey.conf'
+maybe chmod 0644 'strongswan.d/charon/random.conf'
+maybe chmod 0644 'strongswan.d/charon/rc2.conf'
+maybe chmod 0644 'strongswan.d/charon/resolve.conf'
+maybe chmod 0644 'strongswan.d/charon/revocation.conf'
+maybe chmod 0644 'strongswan.d/charon/sha1.conf'
+maybe chmod 0644 'strongswan.d/charon/sha2.conf'
+maybe chmod 0644 'strongswan.d/charon/socket-default.conf'
+maybe chmod 0644 'strongswan.d/charon/sshkey.conf'
+maybe chmod 0644 'strongswan.d/charon/updown.conf'
+maybe chmod 0644 'strongswan.d/charon/x509.conf'
+maybe chmod 0644 'strongswan.d/charon/xauth-generic.conf'
+maybe chmod 0644 'strongswan.d/charon/xcbc.conf'
 maybe chmod 0644 'su-to-rootrc'
 maybe chmod 0644 'subgid'
 maybe chmod 0644 'subgid-'
diff --git a/dbus-1/system.d/nm-strongswan-service.conf b/dbus-1/system.d/nm-strongswan-service.conf
new file mode 100644
index 0000000..a630f34
--- /dev/null
+++ b/dbus-1/system.d/nm-strongswan-service.conf
@@ -0,0 +1,15 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+	<policy user="root">
+		<allow own="org.freedesktop.NetworkManager.strongswan"/>
+		<allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
+		<allow send_interface="org.freedesktop.NetworkManager.strongswan"/>
+	</policy>
+	<policy context="default">
+		<deny own="org.freedesktop.NetworkManager.strongswan"/>
+		<deny send_destination="org.freedesktop.NetworkManager.strongswan"/>
+	</policy>
+</busconfig>
+
diff --git a/strongswan.conf b/strongswan.conf
new file mode 100644
index 0000000..d906728
--- /dev/null
+++ b/strongswan.conf
@@ -0,0 +1,14 @@
+# strongswan.conf - strongSwan configuration file
+#
+# Refer to the strongswan.conf(5) manpage for details
+#
+# Configuration changes should be made in the included files
+
+charon {
+	load_modular = yes
+	plugins {
+		include strongswan.d/charon/*.conf
+	}
+}
+
+include strongswan.d/*.conf
diff --git a/strongswan.d/charon/aes.conf b/strongswan.d/charon/aes.conf
new file mode 100644
index 0000000..ae5c7fd
--- /dev/null
+++ b/strongswan.d/charon/aes.conf
@@ -0,0 +1,8 @@
+aes {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/aesni.conf b/strongswan.d/charon/aesni.conf
new file mode 100644
index 0000000..a872b26
--- /dev/null
+++ b/strongswan.d/charon/aesni.conf
@@ -0,0 +1,8 @@
+aesni {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/agent.conf b/strongswan.d/charon/agent.conf
new file mode 100644
index 0000000..47d8aef
--- /dev/null
+++ b/strongswan.d/charon/agent.conf
@@ -0,0 +1,8 @@
+agent {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/attr.conf b/strongswan.d/charon/attr.conf
new file mode 100644
index 0000000..7a3645b
--- /dev/null
+++ b/strongswan.d/charon/attr.conf
@@ -0,0 +1,14 @@
+# Section to specify arbitrary attributes that are assigned to a peer via
+# configuration payload (CP).
+attr {
+
+    # <attr> is an attribute name or an integer, values can be an IP address,
+    # subnet or arbitrary value.
+    # <attr> =
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/bypass-lan.conf b/strongswan.d/charon/bypass-lan.conf
new file mode 100644
index 0000000..e470ce6
--- /dev/null
+++ b/strongswan.d/charon/bypass-lan.conf
@@ -0,0 +1,17 @@
+bypass-lan {
+
+    # A comma-separated list of network interfaces for which connected subnets
+    # should be ignored, if interfaces_use is specified this option has no
+    # effect.
+    # interfaces_ignore =
+
+    # A comma-separated list of network interfaces for which connected subnets
+    # should be considered. All other interfaces are ignored.
+    # interfaces_use =
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = no
+
+}
+
diff --git a/strongswan.d/charon/connmark.conf b/strongswan.d/charon/connmark.conf
new file mode 100644
index 0000000..5f54a81
--- /dev/null
+++ b/strongswan.d/charon/connmark.conf
@@ -0,0 +1,8 @@
+connmark {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/constraints.conf b/strongswan.d/charon/constraints.conf
new file mode 100644
index 0000000..e5f06ff
--- /dev/null
+++ b/strongswan.d/charon/constraints.conf
@@ -0,0 +1,8 @@
+constraints {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/counters.conf b/strongswan.d/charon/counters.conf
new file mode 100644
index 0000000..21f20e4
--- /dev/null
+++ b/strongswan.d/charon/counters.conf
@@ -0,0 +1,8 @@
+counters {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/dnskey.conf b/strongswan.d/charon/dnskey.conf
new file mode 100644
index 0000000..957efd5
--- /dev/null
+++ b/strongswan.d/charon/dnskey.conf
@@ -0,0 +1,8 @@
+dnskey {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/eap-mschapv2.conf b/strongswan.d/charon/eap-mschapv2.conf
new file mode 100644
index 0000000..863686f
--- /dev/null
+++ b/strongswan.d/charon/eap-mschapv2.conf
@@ -0,0 +1,8 @@
+eap-mschapv2 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/fips-prf.conf b/strongswan.d/charon/fips-prf.conf
new file mode 100644
index 0000000..a13c602
--- /dev/null
+++ b/strongswan.d/charon/fips-prf.conf
@@ -0,0 +1,8 @@
+fips-prf {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/gcm.conf b/strongswan.d/charon/gcm.conf
new file mode 100644
index 0000000..eef4749
--- /dev/null
+++ b/strongswan.d/charon/gcm.conf
@@ -0,0 +1,8 @@
+gcm {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/gmp.conf b/strongswan.d/charon/gmp.conf
new file mode 100644
index 0000000..b1275ef
--- /dev/null
+++ b/strongswan.d/charon/gmp.conf
@@ -0,0 +1,8 @@
+gmp {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/hmac.conf b/strongswan.d/charon/hmac.conf
new file mode 100644
index 0000000..225910a
--- /dev/null
+++ b/strongswan.d/charon/hmac.conf
@@ -0,0 +1,8 @@
+hmac {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/kernel-netlink.conf b/strongswan.d/charon/kernel-netlink.conf
new file mode 100644
index 0000000..9827b22
--- /dev/null
+++ b/strongswan.d/charon/kernel-netlink.conf
@@ -0,0 +1,87 @@
+kernel-netlink {
+
+    # Buffer size for received Netlink messages.
+    # buflen = <min(PAGE_SIZE, 8192)>
+
+    # Force maximum Netlink receive buffer on Netlink socket.
+    # force_receive_buffer_size = no
+
+    # Firewall mark to set on the routing rule that directs traffic to our
+    # routing table.
+    # fwmark =
+
+    # Whether to ignore errors potentially resulting from a retransmission.
+    # ignore_retransmit_errors = no
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+    # MSS to set on installed routes, 0 to disable.
+    # mss = 0
+
+    # MTU to set on installed routes, 0 to disable.
+    # mtu = 0
+
+    # Whether to perform concurrent Netlink ROUTE queries on a single socket.
+    # parallel_route = no
+
+    # Whether to perform concurrent Netlink XFRM queries on a single socket.
+    # parallel_xfrm = no
+
+    # Whether to always use XFRM_MSG_UPDPOLICY to install policies.
+    # policy_update = no
+
+    # Whether to use port or socket based IKE XFRM bypass policies.
+    # port_bypass = no
+
+    # Whether to process changes in routing rules to trigger roam events.
+    # process_rules = no
+
+    # Maximum Netlink socket receive buffer in bytes.
+    # receive_buffer_size = 0
+
+    # Number of Netlink message retransmissions to send on timeout.
+    # retries = 0
+
+    # Whether to trigger roam events when interfaces, addresses or routes
+    # change.
+    # roam_events = yes
+
+    # Whether to set protocol and ports in the selector installed on transport
+    # mode IPsec SAs in the kernel.
+    # set_proto_port_transport_sa = no
+
+    # Netlink message retransmission timeout, 0 to disable retransmissions.
+    # timeout = 0
+
+    # Lifetime of XFRM acquire state and allocated SPIs in kernel.
+    # xfrm_acq_expires = 165
+
+    # XFRM policy hashing threshold configuration for IPv4 and IPv6.
+    spdh_thresh {
+
+        ipv4 {
+
+            # Local subnet XFRM policy hashing threshold for IPv4.
+            # lbits = 32
+
+            # Remote subnet XFRM policy hashing threshold for IPv4.
+            # rbits = 32
+
+        }
+
+        ipv6 {
+
+            # Local subnet XFRM policy hashing threshold for IPv6.
+            # lbits = 128
+
+            # Remote subnet XFRM policy hashing threshold for IPv6.
+            # rbits = 128
+
+        }
+
+    }
+
+}
+
diff --git a/strongswan.d/charon/md4.conf b/strongswan.d/charon/md4.conf
new file mode 100644
index 0000000..91598b3
--- /dev/null
+++ b/strongswan.d/charon/md4.conf
@@ -0,0 +1,8 @@
+md4 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/md5.conf b/strongswan.d/charon/md5.conf
new file mode 100644
index 0000000..a022fc4
--- /dev/null
+++ b/strongswan.d/charon/md5.conf
@@ -0,0 +1,8 @@
+md5 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/mgf1.conf b/strongswan.d/charon/mgf1.conf
new file mode 100644
index 0000000..b7d8615
--- /dev/null
+++ b/strongswan.d/charon/mgf1.conf
@@ -0,0 +1,8 @@
+mgf1 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/nonce.conf b/strongswan.d/charon/nonce.conf
new file mode 100644
index 0000000..52fd112
--- /dev/null
+++ b/strongswan.d/charon/nonce.conf
@@ -0,0 +1,8 @@
+nonce {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/openssl.conf b/strongswan.d/charon/openssl.conf
new file mode 100644
index 0000000..08ed759
--- /dev/null
+++ b/strongswan.d/charon/openssl.conf
@@ -0,0 +1,14 @@
+openssl {
+
+    # ENGINE ID to use in the OpenSSL plugin.
+    # engine_id = pkcs11
+
+    # Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
+    # fips_mode = 0
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/pem.conf b/strongswan.d/charon/pem.conf
new file mode 100644
index 0000000..d1802d5
--- /dev/null
+++ b/strongswan.d/charon/pem.conf
@@ -0,0 +1,8 @@
+pem {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/pgp.conf b/strongswan.d/charon/pgp.conf
new file mode 100644
index 0000000..f6bd1c2
--- /dev/null
+++ b/strongswan.d/charon/pgp.conf
@@ -0,0 +1,8 @@
+pgp {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/pkcs1.conf b/strongswan.d/charon/pkcs1.conf
new file mode 100644
index 0000000..67a42b7
--- /dev/null
+++ b/strongswan.d/charon/pkcs1.conf
@@ -0,0 +1,8 @@
+pkcs1 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/pkcs12.conf b/strongswan.d/charon/pkcs12.conf
new file mode 100644
index 0000000..30483c2
--- /dev/null
+++ b/strongswan.d/charon/pkcs12.conf
@@ -0,0 +1,8 @@
+pkcs12 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/pkcs7.conf b/strongswan.d/charon/pkcs7.conf
new file mode 100644
index 0000000..5cf504f
--- /dev/null
+++ b/strongswan.d/charon/pkcs7.conf
@@ -0,0 +1,8 @@
+pkcs7 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/pkcs8.conf b/strongswan.d/charon/pkcs8.conf
new file mode 100644
index 0000000..348beda
--- /dev/null
+++ b/strongswan.d/charon/pkcs8.conf
@@ -0,0 +1,8 @@
+pkcs8 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/pubkey.conf b/strongswan.d/charon/pubkey.conf
new file mode 100644
index 0000000..390bf67
--- /dev/null
+++ b/strongswan.d/charon/pubkey.conf
@@ -0,0 +1,8 @@
+pubkey {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/random.conf b/strongswan.d/charon/random.conf
new file mode 100644
index 0000000..e0af75f
--- /dev/null
+++ b/strongswan.d/charon/random.conf
@@ -0,0 +1,18 @@
+random {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+    # File to read random bytes from.
+    # random = ${random_device}
+
+    # If set to yes the RNG_STRONG class reads random bytes from the same source
+    # as the RNG_TRUE class.
+    # strong_equals_true = no
+
+    # File to read pseudo random bytes from.
+    # urandom = ${urandom_device}
+
+}
+
diff --git a/strongswan.d/charon/rc2.conf b/strongswan.d/charon/rc2.conf
new file mode 100644
index 0000000..1ab4b00
--- /dev/null
+++ b/strongswan.d/charon/rc2.conf
@@ -0,0 +1,8 @@
+rc2 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/resolve.conf b/strongswan.d/charon/resolve.conf
new file mode 100644
index 0000000..5d9ca72
--- /dev/null
+++ b/strongswan.d/charon/resolve.conf
@@ -0,0 +1,18 @@
+resolve {
+
+    # File where to add DNS server entries.
+    # file = /etc/resolv.conf
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+    resolvconf {
+
+        # Prefix used for interface names sent to resolvconf(8).
+        # iface_prefix = lo.inet.ipsec.
+
+    }
+
+}
+
diff --git a/strongswan.d/charon/revocation.conf b/strongswan.d/charon/revocation.conf
new file mode 100644
index 0000000..ca24a64
--- /dev/null
+++ b/strongswan.d/charon/revocation.conf
@@ -0,0 +1,14 @@
+revocation {
+
+    # Whether CRL validation should be enabled.
+    # enable_crl = yes
+
+    # Whether OCSP validation should be enabled.
+    # enable_ocsp = yes
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/sha1.conf b/strongswan.d/charon/sha1.conf
new file mode 100644
index 0000000..324dbff
--- /dev/null
+++ b/strongswan.d/charon/sha1.conf
@@ -0,0 +1,8 @@
+sha1 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/sha2.conf b/strongswan.d/charon/sha2.conf
new file mode 100644
index 0000000..f8fb2f9
--- /dev/null
+++ b/strongswan.d/charon/sha2.conf
@@ -0,0 +1,8 @@
+sha2 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/socket-default.conf b/strongswan.d/charon/socket-default.conf
new file mode 100644
index 0000000..abf4650
--- /dev/null
+++ b/strongswan.d/charon/socket-default.conf
@@ -0,0 +1,23 @@
+socket-default {
+
+    # Firewall mark to set on outbound packets.
+    # fwmark =
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+    # Set source address on outbound packets, if possible.
+    # set_source = yes
+
+    # Force sending interface on outbound packets, if possible.
+    # set_sourceif = no
+
+    # Listen on IPv4, if possible.
+    # use_ipv4 = yes
+
+    # Listen on IPv6, if possible.
+    # use_ipv6 = yes
+
+}
+
diff --git a/strongswan.d/charon/sshkey.conf b/strongswan.d/charon/sshkey.conf
new file mode 100644
index 0000000..24d47f2
--- /dev/null
+++ b/strongswan.d/charon/sshkey.conf
@@ -0,0 +1,8 @@
+sshkey {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/updown.conf b/strongswan.d/charon/updown.conf
new file mode 100644
index 0000000..8bcd330
--- /dev/null
+++ b/strongswan.d/charon/updown.conf
@@ -0,0 +1,12 @@
+updown {
+
+    # Whether the updown script should handle assigned DNS servers (if enabled
+    # they can't be handled by other plugins, like resolve).
+    # dns_handler = no
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/x509.conf b/strongswan.d/charon/x509.conf
new file mode 100644
index 0000000..dcb2f94
--- /dev/null
+++ b/strongswan.d/charon/x509.conf
@@ -0,0 +1,8 @@
+x509 {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/xauth-generic.conf b/strongswan.d/charon/xauth-generic.conf
new file mode 100644
index 0000000..578ec3d
--- /dev/null
+++ b/strongswan.d/charon/xauth-generic.conf
@@ -0,0 +1,8 @@
+xauth-generic {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/strongswan.d/charon/xcbc.conf b/strongswan.d/charon/xcbc.conf
new file mode 100644
index 0000000..456e0ff
--- /dev/null
+++ b/strongswan.d/charon/xcbc.conf
@@ -0,0 +1,8 @@
+xcbc {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
-- 
2.43.0