diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-12-14 10:17:29 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-12-14 10:17:29 +0000 |
| commit | 1ab553d24519e0dfba8905c63f981e6757231552 (patch) | |
| tree | b50c2061406d11c5e3a5dc13a468c68357f64a4b /sbin/isakmpd/isakmpd.conf.5 | |
| parent | 7bd191da600d6d33c1d70abf3d41c55537ed9646 (diff) | |
Allow the Address, Network, or Netmask values of the <IPsec-ID> to be
specified with an interface name (in which case the first address is used)
or the keyword 'default' (in which case the address is selected based on the
default route). eg:
[roadwarrior-ip]
ID-type= IPV4_ADDR
Address= default
ok ho@ hshoexer@
Diffstat (limited to 'sbin/isakmpd/isakmpd.conf.5')
| -rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index db3dd7869df..9eadfba2d64 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.94 2004/08/10 15:59:10 ho Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.95 2004/12/14 10:17:28 mcbride Exp $ .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -644,21 +644,43 @@ If the ID-type is .Li IPV4_ADDR or .Li IPV6_ADDR -this tag should exist and be an IP-address. +this tag should exist and be an IP-address, an interface name, or the +.Em default +keyword. +If an interface is used, the first address of the appropriate +family will be used. +The +.Em default +keyword uses the interface associated with the default route. +In the case of IPv6 link-local addresses will be skipped if +addresses which are not link-local exist. +If the address on the interface changes +.Em isakmpd +will not track the change. +The configuration must be reloaded to learn the new address. .It Em Network If the ID-type is .Li IPV4_ADDR_SUBNET or .Li IPV6_ADDR_SUBNET -this tag should exist and -be a network address. +this tag should exist and be a network address, an interface, or the +.Em default +keyword. +When an interface is specified the network is selected as with the +.Em Address +tag. .It Em Netmask If the ID-type is .Li IPV4_ADDR_SUBNET or .Li IPV6_ADDR_SUBNET this tag should exist and -be a network subnet mask. +be a network subnet mask or an interface. +When an interface is specified the netmask is the mask associated with the +.Em Network . +The +.Em default +keyword uses the interface associated with the default route. .It Em Protocol If the ID-type is .Li IPV4_ADDR , |