summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sbin/ipsecctl/ike.c14
-rw-r--r--sbin/ipsecctl/ipsec.conf.522
2 files changed, 26 insertions, 10 deletions
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c
index fa422c8604f..2346f64a782 100644
--- a/sbin/ipsecctl/ike.c
+++ b/sbin/ipsecctl/ike.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike.c,v 1.41 2006/06/10 19:21:10 hshoexer Exp $ */
+/* $OpenBSD: ike.c,v 1.42 2006/06/13 16:13:41 naddy Exp $ */
/*
* Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -209,6 +209,9 @@ ike_section_qm(struct ipsec_addr_wrap *src, struct ipsec_addr_wrap *dst,
case ENCXF_AES:
fprintf(fd, "AES");
break;
+ case ENCXF_AESCTR:
+ fprintf(fd, "AESCTR");
+ break;
case ENCXF_BLOWFISH:
fprintf(fd, "BLF");
break;
@@ -335,6 +338,15 @@ ike_section_mm(struct ipsec_addr_wrap *peer, struct ipsec_transforms *mmxfs,
case AUTHXF_HMAC_SHA1:
fprintf(fd, "SHA");
break;
+ case AUTHXF_HMAC_SHA2_256:
+ fprintf(fd, "SHA2-256");
+ break;
+ case AUTHXF_HMAC_SHA2_384:
+ fprintf(fd, "SHA2-384");
+ break;
+ case AUTHXF_HMAC_SHA2_512:
+ fprintf(fd, "SHA2-512");
+ break;
default:
warnx("illegal transform %s", mmxfs->authxf->name);
return (-1);
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5
index bdee4c3e47c..beb598b16d8 100644
--- a/sbin/ipsecctl/ipsec.conf.5
+++ b/sbin/ipsecctl/ipsec.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ipsec.conf.5,v 1.55 2006/06/11 21:14:34 naddy Exp $
+.\" $OpenBSD: ipsec.conf.5,v 1.56 2006/06/13 16:13:41 naddy Exp $
.\"
.\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved.
.\"
@@ -484,16 +484,19 @@ These parameters define the cryptographic transforms to be used for main mode.
Possible values for
.Ic auth
are
-.Ar hmac-sha1
+.Ar hmac-md5 ,
+.Ar hmac-sha1 ,
+.Ar hmac-sha2-256 ,
+.Ar hmac-sha2-384 ,
and
-.Ar hmac-md5 .
+.Ar hmac-sha2-512 .
For
.Ic enc
the values
.Ar des ,
.Ar 3des ,
.Ar aes ,
-.Ar blowfish
+.Ar blowfish ,
and
.Ar cast
are allowed.
@@ -506,7 +509,7 @@ the values
.Ar modp2048 ,
.Ar modp3072 ,
.Ar modp4096 ,
-.Ar modp6144
+.Ar modp6144 ,
and
.Ar modp8192
are allowed.
@@ -536,16 +539,17 @@ are
.Ar hmac-sha1 ,
.Ar hmac-ripemd160 ,
.Ar hmac-sha2-256 ,
-.Ar hmac-sha2-384
+.Ar hmac-sha2-384 ,
and
.Ar hmac-sha2-512 .
For
.Ic enc
-valid values are again
+valid values are
.Ar des ,
.Ar 3des ,
.Ar aes ,
-.Ar blowfish
+.Ar aesctr ,
+.Ar blowfish ,
and
.Ar cast .
For
@@ -557,7 +561,7 @@ the values
.Ar modp2048 ,
.Ar modp3072 ,
.Ar modp4096 ,
-.Ar modp6144
+.Ar modp6144 ,
and
.Ar modp8192
are allowed.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 20:39:46 +0000