diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-12-12 01:46:06 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-12-12 01:46:06 +0000 |
| commit | 7871d936b0b08c0e0f266e9cc8ed0a8525de5f88 (patch) | |
| tree | 730f065174b005fa8b45ba88bfd3eef16588b61b | |
| parent | d0fe2215ae8007bbe6f20aa8c30cc173089389c0 (diff) | |
Merge with EOM 1.55
author: angelos
Add Default-phase-1-ID tag in [General], and document its use.
author: angelos
isakmpd can now negotiate transport protocol/ports (either through the
configuration file or through kernel ACQUIREs).
| -rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index 89dd0f834e6..81269ef34f0 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,5 +1,5 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.44 2000/11/23 12:56:06 niklas Exp $ -.\" $EOM: isakmpd.conf.5,v 1.53 2000/11/23 12:39:13 niklas Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.45 2000/12/12 01:46:05 niklas Exp $ +.\" $EOM: isakmpd.conf.5,v 1.55 2000/12/04 02:04:29 angelos Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. .\" Copyright (c) 2000 Håkan Olsson. All rights reserved. @@ -128,6 +128,21 @@ Default-phase-2-lifetime= 1200,60:86400 .\"XXX Following empty .Ss works around a nroff bug, we want the new line." .Ss .Pp +Also, the default Phase 1 ID can be set by creating a <Phase1-ID> +section, as shown below, and adding this tag under the "General" +section; +.Pp +.Bd -literal +[General] +Default-phase-1-ID= Phase1-ID-name + +[Phase1-ID-name] +ID-type= USER_FQDN +Name= foo@bar.com +.Ed +.\"XXX Following empty .Ss works around a nroff bug, we want the new line." +.Ss +.Pp .Ss Roots .Bl -hang -width 12n .It Em General @@ -519,6 +534,26 @@ If the ID-type is .Li IPV4_ADDR_SUBNET this tag should exist and be a network subnet mask. +.It Em Protocol +If the ID-type is +.Li IPV4_ADDR +or +.Li IPV4_ADDR_SUBNET , +this tag indicates what transport protocol should be transmitted over +the SA. +If left unspecified, all transport protocols between the two address +(ranges) will be sent (or permitted) over that SA. +.It Em Port +If the ID-type is +.Li IPV4_ADDR +or +.Li IPV4_ADDR_SUBNET , +this tag indicates what source or destination port is allowed to be +transported over the SA (depending on whether this is a local or +remote ID). +If left unspecified, all ports of the given transport protocol +will be transmitted (or permitted) over the SA. +The Protocol tag must be specified in conjunction with this tag. .El .El .Sh EXAMPLE |