summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
authorDavid Gwynne <dlg@cvs.openbsd.org>2023-08-07 03:17:43 +0000
committerDavid Gwynne <dlg@cvs.openbsd.org>2023-08-07 03:17:43 +0000
commit1c1e9bb54a0ab1616559089e5b90ac5ff70f7111 (patch)
treec7c83284c38ad63977e134112b4cf195d8f6d160 /share
parentbec22006b8aa1b0d3f94f4dac4c9e818e90b2c74 (diff)
sec(4) to support route-based ipsec vpns.
committing it now so jmc@ gets commits for any fixes he makes.
Diffstat (limited to 'share')
-rw-r--r--share/man/man4/Makefile4
-rw-r--r--share/man/man4/sec.475
2 files changed, 77 insertions, 2 deletions
diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile
index 736dd76330e..755ac54c06b 100644
--- a/share/man/man4/Makefile
+++ b/share/man/man4/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.843 2023/07/08 02:43:02 jcs Exp $
+# $OpenBSD: Makefile,v 1.844 2023/08/07 03:17:42 dlg Exp $
MAN= aac.4 abcrtc.4 abl.4 ac97.4 acphy.4 acrtc.4 \
acpi.4 acpiac.4 acpials.4 acpiasus.4 acpibat.4 \
@@ -84,7 +84,7 @@ MAN= aac.4 abcrtc.4 abl.4 ac97.4 acphy.4 acrtc.4 \
rkrng.4 rktcphy.4 rktemp.4 rkusbphy.4 rkvop.4 \
rl.4 rlphy.4 route.4 rsu.4 rtsx.4 rum.4 run.4 rtw.4 rtwn.4 \
safte.4 sbus.4 schsio.4 scmi.4 scsi.4 sd.4 \
- sdmmc.4 sdhc.4 se.4 ses.4 sf.4 sili.4 \
+ sdmmc.4 sdhc.4 se.4 sec.4 ses.4 sf.4 sili.4 \
simpleamp.4 simpleaudio.4 simplefb.4 simplepanel.4 siop.4 sis.4 sk.4 \
sm.4 smsc.4 sncodec.4 \
softraid.4 spdmem.4 sdtemp.4 speaker.4 sppp.4 sqphy.4 \
diff --git a/share/man/man4/sec.4 b/share/man/man4/sec.4
new file mode 100644
index 00000000000..676e32f5dc0
--- /dev/null
+++ b/share/man/man4/sec.4
@@ -0,0 +1,75 @@
+.\" $OpenBSD: sec.4,v 1.1 2023/08/07 03:17:42 dlg Exp $
+.\"
+.\" Copyright (c) 2023 David Gwynne <dlg@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 7 2023 $
+.Dt SEC 4
+.Os
+.Sh NAME
+.Nm sec
+.Nd Route-based IPsec VPN tunnel interface pseudo-device
+.Sh SYNOPSIS
+.Cd "pseudo-device sec"
+.Sh DESCRIPTION
+The
+.Nm
+driver provides point-to-point tunnel interfaces for IPv4 and IPv6
+protected by the Encapsulating Security Payload (ESP)
+.Xr ipsec 4
+protocol.
+.Pp
+Traffic is encapsulated in the ESP protocol and forwarded to the
+remote endpoint by routing over an
+.Nm sec
+interface rather than matching policy in the IPsec Security Policy
+Database (SPD).
+.Nm
+interfaces require the configuration of IPsec Security Associations
+.\" with the interface extension
+between the local and remote endpoints.
+Negotiation of interface SAs is supported by
+.Xr iked 8 ,
+and
+.Xr isakmpd 8
+with
+.Xr ipsecctl 8 .
+.Pp
+.Nm
+interfaces can be created at runtime using the
+.Ic ifconfig sec Ns Ar N Ic create
+command or by setting up a
+.Xr hostname.if 5
+configuration file for
+.Xr netstart 8 .
+The interface itself can be configured with
+.Xr ifconfig 8 ;
+see its manual page for more information.
+.Sh SEE ALSO
+.Xr ipsec 4 ,
+.Xr netintro 4 ,
+.Xr hostname.if 5 ,
+.Xr pf.conf 5 ,
+.Xr ifconfig 8 ,
+.Xr iked 8 ,
+.Xr ipsecctl 8 ,
+.Xr isakmpd 8 ,
+.Xr netstart 8
+.Sh HISTORY
+The
+.Nm
+driver first appeared in
+.Ox 7.4 .
+.Sh AUTHORS
+.An David Gwynne Aq Mt dlg@openbsd.org .