diff options
| author | Hakan Olsson <ho@cvs.openbsd.org> | 2001-12-10 03:26:52 +0000 |
|---|---|---|
| committer | Hakan Olsson <ho@cvs.openbsd.org> | 2001-12-10 03:26:52 +0000 |
| commit | 45ae6f291dc1aad5ff5daf2a1b047da5ba241a7a (patch) | |
| tree | 018b399b082a233519e65c39a690f73ad7f7c41f /sbin/ipsecadm/ipsecadm.8 | |
| parent | 464930c980caa80fdda597ae4a6999db572c69e6 (diff) | |
ESP and AH are now enabled. -permit == -bypass. Regroup 'flow' modifiers a bit.
Diffstat (limited to 'sbin/ipsecadm/ipsecadm.8')
| -rw-r--r-- | sbin/ipsecadm/ipsecadm.8 | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/sbin/ipsecadm/ipsecadm.8 b/sbin/ipsecadm/ipsecadm.8 index 27c4bed8a92..99a6aba22e2 100644 --- a/sbin/ipsecadm/ipsecadm.8 +++ b/sbin/ipsecadm/ipsecadm.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecadm.8,v 1.46 2001/12/01 19:05:01 deraadt Exp $ +.\" $OpenBSD: ipsecadm.8,v 1.47 2001/12/10 03:26:51 ho Exp $ .\" .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. @@ -41,12 +41,12 @@ .Op command .Ar modifiers ... .Sh NOTE -Before -.Xr ipsecadm 8 -can be used, IPsec must be enabled by setting one or more of the following +To use +.Xr ipsecadm 8 , +IPsec must be enabled by having one or more of the following .Xr sysctl 3 -variables: -.Bl -tag -width xxxxxxxxxxxxxxxxxxxxxx +variables set: +.Bl -tag -offset 4n -width xxxxxxxxxxxxxxxxxxxxxx .It net.inet.esp.enable Enable the ESP IPsec protocol .It net.inet.ah.enable @@ -55,8 +55,9 @@ Enable the AH IPsec protocol Enable the IPComp protocol .El .Pp -To enable these operations across reboots, see -.Pa /etc/sysctl.conf . +Both the ESP and AH protocols are enabled by default. +To keep local modifications of these variables across reboots, see +.Xr sysctl.conf 5 . .Sh DESCRIPTION The .Nm ipsecadm @@ -196,18 +197,18 @@ Allowed modifiers are: .Fl delete , .Fl in , .Fl out , -.Fl deny , .Fl srcid , .Fl dstid , .Fl srcid_type , .Fl dstid_type , -.Fl use , .Fl acquire , .Fl require , .Fl dontacq , -.Fl permit , +.Fl use , +.Fl bypass , +.Fl permit and -.Fl bypass . +.Fl deny . The .Xr netstat 1 command shows all specified flows. @@ -255,6 +256,8 @@ or flow is used to specify a flow for which IPsec processing will be bypassed, i.e packets will/need not be processed by any SAs. For +.Nm bypass +or .Nm permit flows, additional modifiers are restricted to: .Fl addr , @@ -560,6 +563,9 @@ create or delete a .Nm bypass flow. Packets matching this flow will not be processed by IPsec. +.It Fl permit +Same as +.Fl bypass . .It Fl deny For .Nm flow , @@ -675,6 +681,7 @@ Delete all esp SAs and their flows and routing information: .Xr ipsec 4 , .Xr protocols 5 , .Xr services 5 , +.Xr sysctl.conf 5 , .Xr isakmpd 8 , .Xr photurisd 8 , .Xr vpn 8 |