diff options
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 40 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.8 | 21 |
2 files changed, 31 insertions, 30 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index de7ceb1af4d..d3f31793d19 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.99 2006/09/26 22:03:44 jmc Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.100 2006/09/29 10:51:27 jmc Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -50,9 +50,6 @@ are established, which detail how the desired protection will be achieved. IPsec uses flows to determine whether to apply security services to an IP packet or not. -Flows and SAs can be loaded, viewed, and modified using the -.Xr ipsecctl 8 -utility. .Pp Generally speaking an automated keying daemon, @@ -75,19 +72,42 @@ section of .Xr isakmpd 8 for information on the types of authentication available, and the procedures for setting them up. -After that it's simply a case of running the daemon. -Note that -.Xr isakmpd 8 -will probably need to be run with at least the +.Pp +The keying daemon, +.Xr isakmpd 8 , +can be enabled to run at boot time via the +.Va isakmpd_flags +variable in +.Xr rc.conf.local 8 . +Note that it will probably need to be run with at least the .Fl K option, to avoid .Xr keynote 4 policy checking. +The +.Nm +configuration itself is loaded at boot time +if the variable +.Va ipsec +is set to +.Dv YES +in +.Xr rc.conf.local 8 . +A utility called +.Xr ipsecctl 8 +is also available to load +.Nm +configurations, and can additionally be used +to view and modify IPsec flows. .Pp An alternative method of setting up SAs is also possible using manual keying. -Manual keying can be convenient for quick setups and testing. -These procedures are documented within this page. +Manual keying is not recommended, +but can be convenient for quick setups and testing. +Those procedures are documented within this page. +.Pp +.Nm +has the following format: .Pp Lines beginning with .Sq # diff --git a/sbin/ipsecctl/ipsecctl.8 b/sbin/ipsecctl/ipsecctl.8 index 9b86882f19e..a098173ce80 100644 --- a/sbin/ipsecctl/ipsecctl.8 +++ b/sbin/ipsecctl/ipsecctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecctl.8,v 1.22 2006/09/11 09:01:43 jmc Exp $ +.\" $OpenBSD: ipsecctl.8,v 1.23 2006/09/29 10:51:27 jmc Exp $ .\" .\" Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> .\" @@ -42,25 +42,6 @@ and establish tunnels using automatic keying with The ruleset grammar is described in .Xr ipsec.conf 5 . .Pp -When the variable -.Va ipsec -is set to -.Dv YES -in -.Xr rc.conf.local 8 , -the rule file specified with the variable -.Va ipsec_rules -(by default -.Pa /etc/ipsec.conf ) -is loaded automatically by the -.Xr rc 8 -scripts. -The keying daemon, -.Xr isakmpd 8 , -can also be enabled to run at boot time via the -.Va isakmpd_flags -variable. -.Pp The options are as follows: .Bl -tag -width Ds .It Fl D Ar macro Ns = Ns Ar value |