diff options
-rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 10 | ||||
-rw-r--r-- | sbin/isakmpd/isakmpd.policy.5 | 32 |
2 files changed, 17 insertions, 25 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index 6205efb495f..1bc6d33d9d1 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.81 2003/06/03 14:28:16 ho Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.82 2003/07/09 08:16:44 jmc Exp $ .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -116,7 +116,6 @@ same section and tag names in the configuration file. In particular, the default phase 1 (Main or Aggressive Mode) and phase 2 (Quick Mode) lifetimes can be overridden by these tags under the "General" section; -.Pp .Bd -literal [General] Default-phase-1-lifetime= 3600,60:86400 @@ -126,13 +125,10 @@ Default-phase-2-lifetime= 1200,60:86400 The Main Mode lifetime currently defaults to one hour (minimum 60 seconds, maximum 1 day). The Quick Mode lifetime defaults to 20 minutes (minimum 60 seconds, maximum 1 day). -.\"XXX Following empty .Ss works around a nroff bug, we want the new line." -.Ss .Pp Also, the default phase 1 ID can be set by creating a <Phase1-ID> section, as shown below, and adding this tag under the "General" section; -.Pp .Bd -literal [General] Default-phase-1-ID= Phase1-ID-name @@ -141,9 +137,6 @@ Default-phase-1-ID= Phase1-ID-name ID-type= USER_FQDN Name= foo@bar.com .Ed -.\"XXX Following empty .Ss works around a nroff bug, we want the new line." -.Ss -.Pp .Ss Roots .Bl -hang -width 12n .It Em General @@ -700,7 +693,6 @@ configuration files. .El .Sh EXAMPLES An example of a configuration file: -.Pp .Bd -literal # A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. diff --git a/sbin/isakmpd/isakmpd.policy.5 b/sbin/isakmpd/isakmpd.policy.5 index a158e828b4e..f7b0546f8a0 100644 --- a/sbin/isakmpd/isakmpd.policy.5 +++ b/sbin/isakmpd/isakmpd.policy.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.policy.5,v 1.32 2003/06/04 07:31:17 ho Exp $ +.\" $OpenBSD: isakmpd.policy.5,v 1.33 2003/07/09 08:16:44 jmc Exp $ .\" $EOM: isakmpd.policy.5,v 1.24 2000/11/23 12:55:25 niklas Exp $ .\" .\" Copyright (c) 1999-2001, Angelos D. Keromytis. All rights reserved. @@ -139,21 +139,21 @@ For more details on KeyNote assertion format, please see .Xr keynote 5 . Briefly, KeyNote policy assertions used in IKE have the following characteristics: -.Pp -.nf -* The Authorizer field is typically "POLICY" (but see the examples - below, for use of policy delegation). - -* The Licensees field can be an expression of passphrases used for - authentication of the Main Mode exchanges, and/or public keys - (typically, X509 certificates), and/or X509 distinguished names. - -* The Conditions field contains an expression of attributes from the - IPsec policy action set (see below as well as the keynote syntax man - page for more details). - -* The ordered return-values set for IPsec policy is "false, true". -.fi +.Bl -bullet +.It +The Authorizer field is typically "POLICY" (but see the examples +below, for use of policy delegation). +.It +The Licensees field can be an expression of passphrases used for +authentication of the Main Mode exchanges, and/or public keys +(typically, X509 certificates), and/or X509 distinguished names. +.It +The Conditions field contains an expression of attributes from the +IPsec policy action set (see below as well as the keynote syntax man +page for more details). +.It +The ordered return-values set for IPsec policy is "false, true". +.El .Pp For an explanation of these fields and their semantics, see .Xr keynote 5 . |