diff options
| author | Jason McIntyre <jmc@cvs.openbsd.org> | 2006-09-11 09:01:44 +0000 |
|---|---|---|
| committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2006-09-11 09:01:44 +0000 |
| commit | 858593820b1d709c97adccaca043fc95e4896393 (patch) | |
| tree | f8509802e58a699db087319c51d845405078df36 /sbin/ipsecctl | |
| parent | c3442a998858aa2577bdd769dc76c4016aa27465 (diff) | |
- document how to set ipsec stuff running at boot
- remove hazy tcp md5 blurb
ok hshoexer
Diffstat (limited to 'sbin/ipsecctl')
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.8 | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/sbin/ipsecctl/ipsecctl.8 b/sbin/ipsecctl/ipsecctl.8 index 8c616d74548..9b86882f19e 100644 --- a/sbin/ipsecctl/ipsecctl.8 +++ b/sbin/ipsecctl/ipsecctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecctl.8,v 1.21 2006/08/31 19:01:16 ho Exp $ +.\" $OpenBSD: ipsecctl.8,v 1.22 2006/09/11 09:01:43 jmc Exp $ .\" .\" Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> .\" @@ -35,23 +35,32 @@ IPsec. It allows ruleset configuration, and retrieval of status information from the kernel's SPD (Security Policy Database) and SAD (Security Association Database). -.Pp It also can control .Xr isakmpd 8 and establish tunnels using automatic keying with .Xr isakmpd 8 . -.Pp -Additionally, -.Nm -can be used to configure the SAD for use with TCP MD5 -signatures, as described in RFC 2385. -See -.Xr tcp 4 -for details. -.Pp The ruleset grammar is described in .Xr ipsec.conf 5 . .Pp +When the variable +.Va ipsec +is set to +.Dv YES +in +.Xr rc.conf.local 8 , +the rule file specified with the variable +.Va ipsec_rules +(by default +.Pa /etc/ipsec.conf ) +is loaded automatically by the +.Xr rc 8 +scripts. +The keying daemon, +.Xr isakmpd 8 , +can also be enabled to run at boot time via the +.Va isakmpd_flags +variable. +.Pp The options are as follows: .Bl -tag -width Ds .It Fl D Ar macro Ns = Ns Ar value |