diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2006-03-31 13:13:52 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2006-03-31 13:13:52 +0000 |
| commit | b4080d65a209c2f93532e62b09803ecdcc96ddf5 (patch) | |
| tree | 56bdbd6c919d900516f3e778873041969e97f3be /sbin/ipsecctl/ipsec.conf.5 | |
| parent | bf2b4bd8eedf281cb823398d10395d46d97bd165 (diff) | |
allow specification of encapsulated protocol for flows; ok hshoexer
Diffstat (limited to 'sbin/ipsecctl/ipsec.conf.5')
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index bc52eff04ba..7ab9e38ca64 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.35 2006/03/31 09:15:18 jmc Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.36 2006/03/31 13:13:51 markus Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -107,6 +107,19 @@ for this rule and will construct a proper .Ar in rule. Thus packets in both directions will be matched. +.It Ar proto Aq Ar protocol +The optional +.Ar proto +parameter restricts the flow to a specific IP protocol. +Common protocols are +.Xr icmp 4 , +.Xr tcp 4 , +and +.Xr udp 4 . +For a list of all the protocol name to number mappings used by +.Xr ipsecctl 8 , +see the file +.Em /etc/protocols . .It Xo .Ar from .Aq Ar src @@ -536,6 +549,9 @@ flow esp in from 192.168.8.0/24 to 192.168.7.0/24 peer 192.168.3.12 flow esp from 192.168.7.0/24 to 192.168.8.0/24 \e local 192.168.1.1 peer 192.168.3.12 +# Protect remote bridges (IP over ethernet) +flow esp proto etherip from 192.168.100.1 to 192.168.200.1 + # Set up IPsec SAs for flows between 192.168.3.14 and 192.168.3.12 esp from 192.168.3.14 to 192.168.3.12 spi 0xdeadbeef:0xbeefdead \e auth hmac-sha2-256 enc aesctr authkey file "auth14:auth12" \e |