summaryrefslogtreecommitdiff
path: root/share/man
diff options
context:
space:
mode:
authorHakan Olsson <ho@cvs.openbsd.org>2000-05-02 22:33:27 +0000
committerHakan Olsson <ho@cvs.openbsd.org>2000-05-02 22:33:27 +0000
commit33597ddcd6a919204738214e12557e9911a30ca0 (patch)
treeda7d75667a53cb4096d99fee6151587867bbbd44 /share/man
parent3a00804b04dfc86df224e97166761a637a1579fe (diff)
Back to hexdump again after syntax fix from espie@.
Add a bit more info in isakmpd.conf example comments on phase1/2.
Diffstat (limited to 'share/man')
-rw-r--r--share/man/man8/vpn.827
1 files changed, 19 insertions, 8 deletions
diff --git a/share/man/man8/vpn.8 b/share/man/man8/vpn.8
index d8916406962..34a3ae65c16 100644
--- a/share/man/man8/vpn.8
+++ b/share/man/man8/vpn.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: vpn.8,v 1.37 2000/05/02 22:01:36 ho Exp $
+.\" $OpenBSD: vpn.8,v 1.38 2000/05/02 22:33:26 ho Exp $
.\" Copyright 1998 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
.\"
@@ -120,7 +120,12 @@ being unguessable, it is very important that the keys be chosen using a
strong random source. One practical method of generating them
is by using the
.Xr random 4
-device. To produce 160 bits (20 bytes) of randomness, for example, do a:
+device. To produce 160 bits (20 bytes) of randomness, for example, do:
+.Bd -literal
+ openssl rand 20 | hexdump -e '20/1 "%02x"'
+.Ed
+.Pp
+or:
.Bd -literal
openssl rand 20 | perl -pe 's/./unpack("H2",$&)/ges'
.Ed
@@ -306,9 +311,9 @@ The 3DES encryption key needs 192 bits (3x64), or 24 bytes.
The SHA-1 authentication key for needs 160 bits, or 20 bytes.
.Pp
.Bd -literal
-# openssl rand 24 | perl -pe 's/./unpack("H2",$&)/ges' > enc_key
+# openssl rand 24 | hexdump -e '24/1 "%02x"' > enc_key
-# openssl rand 20 | perl -pe 's/./unpack("H2",$&)/ges' > auth_key
+# openssl rand 20 | hexdump -e '20/1 "%02x"' > auth_key
.Ed
.Pp
.It
@@ -435,12 +440,15 @@ for machine A:
.Bd -literal
# Incoming phase 1 negotiations are multiplexed on the source IP
-# address.
+# address. Phase 1 is used to setup a protected channel just
+# between the two gateway machines. This channel is then used for
+# the phase 2 negotiation traffic (i.e encrypted & authenticated).
[Phase 1]
193.168.2.1= peer-machineB
-# In 'Phase 2' we define the VPN connections we want to use.
+# 'Phase 2' defines which connections the daemon should establish.
+# These connections contain the actual "IPsec VPN" information.
[Phase 2]
Connections= VPN-A-B
@@ -495,12 +503,15 @@ for machine B:
.Bd -literal
# Incoming phase 1 negotiations are multiplexed on the source IP
-# address.
+# address. Phase 1 is used to setup a protected channel just
+# between the two gateway machines. This channel is then used for
+# the phase 2 negotiation traffic (i.e encrypted & authenticated).
[Phase 1]
193.168.1.254= peer-machineA
-# In 'Phase 2' we define the VPN connections we want to use.
+# 'Phase 2' defines which connections the daemon should establish.
+# These connections contain the actual "IPsec VPN" information.
[Phase 2]
Connections= VPN-B-A