summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/isakmpd/isakmpd.conf.510
-rw-r--r--sbin/isakmpd/isakmpd.policy.532
2 files changed, 17 insertions, 25 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5
index 6205efb495f..1bc6d33d9d1 100644
--- a/sbin/isakmpd/isakmpd.conf.5
+++ b/sbin/isakmpd/isakmpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.conf.5,v 1.81 2003/06/03 14:28:16 ho Exp $
+.\" $OpenBSD: isakmpd.conf.5,v 1.82 2003/07/09 08:16:44 jmc Exp $
.\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $
.\"
.\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved.
@@ -116,7 +116,6 @@ same section and tag names in the configuration file.
In particular, the default phase 1 (Main or Aggressive Mode) and phase 2
(Quick Mode) lifetimes can be overridden by these tags under the "General"
section;
-.Pp
.Bd -literal
[General]
Default-phase-1-lifetime= 3600,60:86400
@@ -126,13 +125,10 @@ Default-phase-2-lifetime= 1200,60:86400
The Main Mode lifetime currently defaults to one hour (minimum 60
seconds, maximum 1 day). The Quick Mode lifetime defaults to 20
minutes (minimum 60 seconds, maximum 1 day).
-.\"XXX Following empty .Ss works around a nroff bug, we want the new line."
-.Ss
.Pp
Also, the default phase 1 ID can be set by creating a <Phase1-ID>
section, as shown below, and adding this tag under the "General"
section;
-.Pp
.Bd -literal
[General]
Default-phase-1-ID= Phase1-ID-name
@@ -141,9 +137,6 @@ Default-phase-1-ID= Phase1-ID-name
ID-type= USER_FQDN
Name= foo@bar.com
.Ed
-.\"XXX Following empty .Ss works around a nroff bug, we want the new line."
-.Ss
-.Pp
.Ss Roots
.Bl -hang -width 12n
.It Em General
@@ -700,7 +693,6 @@ configuration files.
.El
.Sh EXAMPLES
An example of a configuration file:
-.Pp
.Bd -literal
# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.
diff --git a/sbin/isakmpd/isakmpd.policy.5 b/sbin/isakmpd/isakmpd.policy.5
index a158e828b4e..f7b0546f8a0 100644
--- a/sbin/isakmpd/isakmpd.policy.5
+++ b/sbin/isakmpd/isakmpd.policy.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.policy.5,v 1.32 2003/06/04 07:31:17 ho Exp $
+.\" $OpenBSD: isakmpd.policy.5,v 1.33 2003/07/09 08:16:44 jmc Exp $
.\" $EOM: isakmpd.policy.5,v 1.24 2000/11/23 12:55:25 niklas Exp $
.\"
.\" Copyright (c) 1999-2001, Angelos D. Keromytis. All rights reserved.
@@ -139,21 +139,21 @@ For more details on KeyNote assertion format, please see
.Xr keynote 5 .
Briefly, KeyNote policy assertions used in IKE have the following
characteristics:
-.Pp
-.nf
-* The Authorizer field is typically "POLICY" (but see the examples
- below, for use of policy delegation).
-
-* The Licensees field can be an expression of passphrases used for
- authentication of the Main Mode exchanges, and/or public keys
- (typically, X509 certificates), and/or X509 distinguished names.
-
-* The Conditions field contains an expression of attributes from the
- IPsec policy action set (see below as well as the keynote syntax man
- page for more details).
-
-* The ordered return-values set for IPsec policy is "false, true".
-.fi
+.Bl -bullet
+.It
+The Authorizer field is typically "POLICY" (but see the examples
+below, for use of policy delegation).
+.It
+The Licensees field can be an expression of passphrases used for
+authentication of the Main Mode exchanges, and/or public keys
+(typically, X509 certificates), and/or X509 distinguished names.
+.It
+The Conditions field contains an expression of attributes from the
+IPsec policy action set (see below as well as the keynote syntax man
+page for more details).
+.It
+The ordered return-values set for IPsec policy is "false, true".
+.El
.Pp
For an explanation of these fields and their semantics, see
.Xr keynote 5 .