new symmetric identity choice. fix bug with expired exchange values on

multiple exchanges. a bit more documentation. drop -f flag and have -c
with opposite meaning instead. include responder offered schemes into
responder cookie calculation.

1 files changed, 9 insertions, 2 deletions

diff --git a/sbin/ipsec/startkey/startkey.1 b/sbin/ipsec/startkey/startkey.1
index 689d2e2254d..b08d7b4b796 100644
--- a/sbin/ipsec/startkey/startkey.1
+++ b/sbin/ipsec/startkey/startkey.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: startkey.1,v 1.2 1997/07/23 12:28:57 provos Exp $
+.\" $OpenBSD: startkey.1,v 1.3 1997/07/24 23:47:21 provos Exp $
 .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
 .\" All rights reserved.
 .\"
@@ -61,7 +61,9 @@ The options
 .Nm port ,
 .Nm options ,
 .Nm tsrc ,
-.Nm tdsr
+.Nm tdsr ,
+.Nm exchange_lifetime ,
+.Nm spi_lifetime
 and
 .Nm user
 are understood by the daemon.
@@ -84,6 +86,11 @@ for the tunnel to be created.
 .It tdst
 The destination address with netmask for which packets are
 accepted for the tunnel being created.
+.It exchange_lifetime
+Determines the lifetime of the exchange. After an exchange expires
+no new SPIs are created.
+.It spi_lifetime
+Determines the lifetime of each created SPI in the exchange.
 .It user
 The user name for whom the keying shall be done. Preconfigured
 secrets are taken from the users secret file.