summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2006-09-11 10:34:54 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2006-09-11 10:34:54 +0000
commit6f85a60a5cd6df79a507d13b2e5925c99c99d02a (patch)
tree6471170ac4573773b8fccb4fb6e4661df97c8579 /sbin/ipsecctl
parent858593820b1d709c97adccaca043fc95e4896393 (diff)
improvememnts for `local', `peer', and `psk'; ok hshoexer
Diffstat (limited to 'sbin/ipsecctl')
-rw-r--r--sbin/ipsecctl/ipsec.conf.524
1 files changed, 9 insertions, 15 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5
index d881da48f68..56f4eeb6c5f 100644
--- a/sbin/ipsecctl/ipsec.conf.5
+++ b/sbin/ipsecctl/ipsec.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ipsec.conf.5,v 1.88 2006/09/07 12:58:21 jmc Exp $
+.\" $OpenBSD: ipsec.conf.5,v 1.89 2006/09/11 10:34:53 jmc Exp $
.\"
.\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved.
.\"
@@ -249,21 +249,18 @@ see the file
.It Ic local Ar localip Ic peer Ar remote
The
.Ic local
-parameter specifies the local address to be used, if we are multi-homed
-or have aliases.
-It can usually be left out.
+parameter specifies the address or FQDN of the local endpoint.
+Unless we are multi-homed or have aliases,
+this option is generally not needed.
.Pp
The
.Ic peer
-parameter specifies the address or FQDN of the remote endpoint of this
-particular flow.
+parameter specifies the address or FQDN of the remote endpoint.
For host-to-host connections where
.Ar dst
is identical to
.Ar remote ,
-the
-.Ic peer
-specification can be left out.
+this option is generally not needed.
.It Xo
.Ic main auth Ar algorithm
.Ic enc Ar algorithm
@@ -342,12 +339,9 @@ by the remote peer.
Use a pre-shared key
.Ar string
for authentication.
-If not specified, RSA authentication will be used.
-By default, the system startup script
-.Xr rc 8
-generates a key-pair for
-.Xr isakmpd 8
-when starting, if one does not already exist.
+If this option is not specified,
+public key authentication is used (see
+.Xr isakmpd 8 ) .
.El
.Sh MANUAL FLOWS
In this scenario,