summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2005-10-06 18:29:19 +0000
committerHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2005-10-06 18:29:19 +0000
commit08c1bb3dd57bd3e48f4d8f1747e570ea72e30c1f (patch)
treee731907fea8b4b49695024775d208a6446300ebc
parent7dcd9611e9754f285002657bf7ea131ba7e501f3 (diff)
improve examples and show how to use KEY_LENGTH. Slightly different fix than
proposed by sthen at spacehopper dot org, fixes pr 4522, thanks! ok and with jmc@
-rw-r--r--sbin/isakmpd/isakmpd.conf.518
1 files changed, 17 insertions, 1 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5
index ccf26f40428..bca9f273a2f 100644
--- a/sbin/isakmpd/isakmpd.conf.5
+++ b/sbin/isakmpd/isakmpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.conf.5,v 1.107 2005/08/23 13:19:22 jmc Exp $
+.\" $OpenBSD: isakmpd.conf.5,v 1.108 2005/10/06 18:29:18 hshoexer Exp $
.\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $
.\"
.\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved.
@@ -700,6 +700,9 @@ description.
The values are the same as those for GROUP_DESCRIPTION in
.Aq Sy ISAKMP-transform
sections shown above.
+.It Em KEY_LENGTH
+For encryption algorithms with variable key length, this is
+where the offered keylength is described.
.It Em Life
List of lifetimes, each element is a
.Aq Sy Lifetime
@@ -999,6 +1002,16 @@ AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= Default-phase-1-lifetime
+# AES
+
+[AES-SHA]
+ENCRYPTION_ALGORITHM= AES_CBC
+KEY_LENGTH= 128,128:256
+HASH_ALGORITHM= SHA
+AUTHENTICATION_METHOD= PRE_SHARED
+GROUP_DESCRIPTION= MODP_1024
+Life= Default-phase-1-lifetime
+
# Blowfish
[BLF-SHA]
@@ -1189,6 +1202,7 @@ Life= Default-phase-2-lifetime
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
+KEY_LENGTH= 128
Life= Default-phase-2-lifetime
[QM-ESP-AES-SHA-PFS-XF]
@@ -1196,12 +1210,14 @@ TRANSFORM_ID= AES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
GROUP_DESCRIPTION= MODP_1024
+KEY_LENGTH= 128
Life= Default-phase-2-lifetime
[QM-ESP-AES-SHA-TRP-XF]
TRANSFORM_ID= AES
ENCAPSULATION_MODE= TRANSPORT
AUTHENTICATION_ALGORITHM= HMAC_SHA
+KEY_LENGTH= 128
Life= Default-phase-2-lifetime
# AH