Document NULL encryption.

2 files changed, 7 insertions, 3 deletions

diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5
index 3482019a0f0..af65eeaeaa0 100644
--- a/sbin/ipsecctl/ipsec.conf.5
+++ b/sbin/ipsecctl/ipsec.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ipsec.conf.5,v 1.110 2007/02/16 20:13:20 cloder Exp $
+.\"	$OpenBSD: ipsec.conf.5,v 1.111 2007/02/19 10:00:13 hshoexer Exp $
 .\"
 .\" Copyright (c) 2004 Mathieu Sauve-Frankel  All rights reserved.
 .\"
@@ -549,6 +549,7 @@ keyword:
 .It Li blowfish Ta "160 bits"
 .It Li cast Ta "128 bits"
 .It Li skipjack Ta "80 bits"
+.It Li null Ta "(none)" Ta "[phase 2 only]"
 .El
 .Pp
 Use of DES or Skipjack as an encryption algorithm is not recommended
@@ -560,6 +561,9 @@ Note that DES requires 8 bytes to form a 56-bit key and 3DES requires 24 bytes
 to form its 168-bit key.
 This is because the most significant bit of each byte is used for parity.
 .Pp
+Note that using NULL with ESP will only provide authentication.
+This is useful in setups where AH can not be used, eg. when NAT is involved.
+.Pp
 The following group types are permitted with the
 .Ic group
 keyword:
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5
index 06c71c7fdf9..46f8e19a080 100644
--- a/sbin/isakmpd/isakmpd.conf.5
+++ b/sbin/isakmpd/isakmpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.conf.5,v 1.119 2006/11/24 13:52:14 reyk Exp $
+.\" $OpenBSD: isakmpd.conf.5,v 1.120 2007/02/19 10:00:13 hshoexer Exp $
 .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $
 .\"
 .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist.  All rights reserved.
@@ -141,7 +141,7 @@ where:
 .It Ns { Ns Ar proto Ns }
 is either ESP or AH
 .It Ns { Ns Ar cipher Ns }
-is either DES, 3DES, CAST, BLF, AES, or AESCTR
+is either DES, 3DES, CAST, BLF, AES, AESCTR or NULL
 .It Ns { Ns Ar hash Ns }
 is either MD5, SHA, RIPEMD, or SHA2-{256,384,512}
 .It Ns { Ns Ar group Ns }