move ipsec tools into .

1 files changed, 128 insertions, 0 deletions

diff --git a/sbin/startkey/startkey.1 b/sbin/startkey/startkey.1
new file mode 100644
index 00000000000..d878d7d7175
--- /dev/null
+++ b/sbin/startkey/startkey.1
@@ -0,0 +1,128 @@
+.\" $OpenBSD: startkey.1,v 1.1 1998/11/14 23:37:30 deraadt Exp $
+.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"      This product includes software developed by Niels Provos.
+.\" 4. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" Manual page, using -mandoc macros
+.\"
+.Dd July 18, 1997
+.Dt STARTKEY 1
+.Os
+.Sh NAME
+.Nm startkey
+.Nd start keying with photurisd
+.Sh SYNOPSIS
+.Nm startkey
+.Op Fl d Ar directory
+.Ar options ...
+.Sh DESCRIPTION
+The
+.Nm startkey
+utility attemps to contact the
+.Xr photurisd 8
+daemon and initalize a key exchange. The flags are: 
+.Bl -tag -width Ds
+.It Fl d
+The
+.Fl d
+option specifies the directory in which
+.Nm photurisd
+looks for its startup files. The default is
+.Pa /etc/photuris/ .
+.El
+.Pp
+The options 
+.Nm dst ,
+.Nm port ,
+.Nm options ,
+.Nm tsrc ,
+.Nm tdst ,
+.Nm exchange_lifetime ,
+.Nm spi_lifetime
+and
+.Nm user
+are understood by the daemon.
+The meanings are as follows:
+.Bl -tag -width options -offset indent
+.It dst
+The destination IP address with which the exchange is to be established.
+.It port
+The port number of the destination
+.Nm photuris
+daemon.
+.It options
+The options to be used in the exchange. Possible values are
+.Nm enc
+and
+.Nm auth .
+.It tsrc
+If both
+.Nm tsrc
+and
+.Nm tdst
+(see below) are specified, a tunnel (IP over IP) is setup.  The
+.Nm tsrc
+option is a network address with netmask used for matching the source
+IP address of a packet.  When both the source and the destination
+addresses match their respective options the packet will be routed into the
+tunnel.
+.It tdst
+If both
+.Nm tsrc
+(see above) and
+.Nm tdst
+are specified, a tunnel (IP over IP) is setup.  The
+.Nm tdst
+option is a network address with netmask used for matching the destination
+IP address of a packet.  When both the source and the destination
+addresses match their respective options the packet will be routed into the
+tunnel.
+.It exchange_lifetime
+Determines the lifetime of the exchange. After an exchange expires
+no new SPIs are created, which means the transport or tunnel is torn down
+as soon as the current SPI times out (see
+.Nm spi_lifetime
+below).  The default value is gotten from the
+.Nm exchange_lifetime
+parameter given in
+.Pa photuris.conf .
+If it is not given there the default is 1800 seconds.
+.It spi_lifetime
+Determines the lifetime of each created SPI in the exchange.
+.It user
+The user name for whom the keying shall be done. Preconfigured
+secrets are taken from the users secret file.
+.El
+.Sh EXAMPLE
+startkey dst=169.200.12.23 options=auth
+.Sh FILES
+.Bl -tag -width /etc/photuris/photuris.pipe -compact
+.It /etc/photuris/photuris.pipe
+The FIFO in which keying requests are written.
+.El
+.Sh SEE ALSO
+.Xr photurisd 8 .