diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-10-16 23:28:23 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-10-16 23:28:23 +0000 |
| commit | ff48e571ba3258758e827b4724efface9b1b4ae7 (patch) | |
| tree | 3ac3f8354c76fa34c7197658d8f1954010b69cf4 /sbin/isakmpd | |
| parent | 36499ad6dea3128a48c4d71d359ff8122fe30f97 (diff) | |
Merge with EOM 1.52
author: niklas
heh, backspace as a continuation character, yeah right!
author: angelos
Mention Remote-ID tag in ISAKMP-peer section, and also that it doesn't
currently work.
author: angelos
It's "Local-address", not "Listen-address" in the ISAKMP-peer section.
author: angelos
Mention RIPEMD.
Diffstat (limited to 'sbin/isakmpd')
| -rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index c26f526992d..11937bce32b 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,5 +1,5 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.41 2000/10/09 23:27:31 niklas Exp $ -.\" $EOM: isakmpd.conf.5,v 1.48 2000/10/09 22:08:29 angelos Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.42 2000/10/16 23:28:22 niklas Exp $ +.\" $EOM: isakmpd.conf.5,v 1.52 2000/10/15 20:01:28 niklas Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. .\" Copyright (c) 2000 Håkan Olsson. All rights reserved. @@ -59,7 +59,7 @@ Inside a section many tag/value pairs can be stored, each one looking like: Tag=Value .Ed If the value needs more space than fits on a single line it's possible to -continue it on the next by ending the first with a backspace character +continue it on the next by ending the first with a backslash character immediately before the newline character. This method can extend a value for an arbitrary amount of lines. .Pp @@ -88,7 +88,7 @@ For Main Mode: .Pp For Quick Mode: .Bd -filled -offset indent -compact -.Ar QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA}][-PFS]-SUITE +.Ar QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA,RIPEMD}][-PFS]-SUITE .Ed .Pp Example 1: 3DES-SHA means; 3DES encryption, SHA hash, and authorization by @@ -271,7 +271,7 @@ the port number to send to. This is optional, the default value is 500 which is the IANA-registered number for ISAKMP. -.It Em Listen-address +.It Em Local-address The Local IP-address to use, if we are multi-homed, or have aliases. .It Em Address If existent, the IP-address of the peer. @@ -288,6 +288,11 @@ If not present, it defaults to the address of the local interface we are sending packets over to the remote daemon. Look at <Phase1-ID> below. +.It Em Remote-ID +If existent, the name of the section that describes the remote client +ID we expect the remote daemon to send us. +If not present, it defaults to the address of the remote daemon. +Look at <Phase1-ID> below. .It Em Flags A comma-separated list of flags controlling the further handling of the ISAKMP SA. @@ -890,6 +895,11 @@ LIFE_DURATION= 32768,16384:65536 LIFE_TYPE= KILOBYTES LIFE_DURATION= 4608000,4096000:8192000 .Ed +.Sh BUGS +.Nm +does not currently verify the Remote-ID as specified in the +ISAKMP-peer section. +It is still possible to verify this through the policy file. .Sh SEE ALSO .Xr ipsec 4 , .Xr keynote 1 , |