diff options
| -rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index c26f526992d..11937bce32b 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,5 +1,5 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.41 2000/10/09 23:27:31 niklas Exp $ -.\" $EOM: isakmpd.conf.5,v 1.48 2000/10/09 22:08:29 angelos Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.42 2000/10/16 23:28:22 niklas Exp $ +.\" $EOM: isakmpd.conf.5,v 1.52 2000/10/15 20:01:28 niklas Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. .\" Copyright (c) 2000 Håkan Olsson. All rights reserved. @@ -59,7 +59,7 @@ Inside a section many tag/value pairs can be stored, each one looking like: Tag=Value .Ed If the value needs more space than fits on a single line it's possible to -continue it on the next by ending the first with a backspace character +continue it on the next by ending the first with a backslash character immediately before the newline character. This method can extend a value for an arbitrary amount of lines. .Pp @@ -88,7 +88,7 @@ For Main Mode: .Pp For Quick Mode: .Bd -filled -offset indent -compact -.Ar QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA}][-PFS]-SUITE +.Ar QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA,RIPEMD}][-PFS]-SUITE .Ed .Pp Example 1: 3DES-SHA means; 3DES encryption, SHA hash, and authorization by @@ -271,7 +271,7 @@ the port number to send to. This is optional, the default value is 500 which is the IANA-registered number for ISAKMP. -.It Em Listen-address +.It Em Local-address The Local IP-address to use, if we are multi-homed, or have aliases. .It Em Address If existent, the IP-address of the peer. @@ -288,6 +288,11 @@ If not present, it defaults to the address of the local interface we are sending packets over to the remote daemon. Look at <Phase1-ID> below. +.It Em Remote-ID +If existent, the name of the section that describes the remote client +ID we expect the remote daemon to send us. +If not present, it defaults to the address of the remote daemon. +Look at <Phase1-ID> below. .It Em Flags A comma-separated list of flags controlling the further handling of the ISAKMP SA. @@ -890,6 +895,11 @@ LIFE_DURATION= 32768,16384:65536 LIFE_TYPE= KILOBYTES LIFE_DURATION= 4608000,4096000:8192000 .Ed +.Sh BUGS +.Nm +does not currently verify the Remote-ID as specified in the +ISAKMP-peer section. +It is still possible to verify this through the policy file. .Sh SEE ALSO .Xr ipsec 4 , .Xr keynote 1 , |