summaryrefslogtreecommitdiff
path: root/sbin/iked
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/iked')
-rw-r--r--sbin/iked/iked.851
-rw-r--r--sbin/iked/iked.c4
2 files changed, 26 insertions, 29 deletions
diff --git a/sbin/iked/iked.8 b/sbin/iked/iked.8
index 4d964a12812..daa6daa5e61 100644
--- a/sbin/iked/iked.8
+++ b/sbin/iked/iked.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: iked.8,v 1.1 2010/06/03 16:41:12 reyk Exp $
+.\" $OpenBSD: iked.8,v 1.2 2010/06/07 10:07:44 jmc Exp $
.\" $vantronix: iked.8,v 1.5 2010/06/02 14:38:08 reyk Exp $
.\"
.\" Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net>
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: June 3 2010 $
+.Dd $Mdocdate: June 7 2010 $
.Dt IKED 8
.Os
.Sh NAME
@@ -23,7 +23,7 @@
.Nd Internet Key Exchange version 2 (IKEv2) daemon
.Sh SYNOPSIS
.Nm iked
-.Op Fl dnvT
+.Op Fl dnTv
.Oo
.Fl D Ar macro Ns = Ns Ar value
.Oc
@@ -31,17 +31,20 @@
.Sh DESCRIPTION
.Nm
is an Internet Key Exchange (IKEv2) daemon which performs mutual
-authentication and is establishing and maintaining IPsec flows and
+authentication and which establishes and maintains IPsec flows and
security associations (SAs) between the two peers.
.Pp
-The IKEv2 protocol is defined in RFC 4306 which combines and updates
-the previous standards ISAKMP/Oakley (RFC 2408), IKE (RFC 2409), and
-the Internet DOI (RFC 2407).
+The IKEv2 protocol is defined in RFC 4306,
+which combines and updates the previous standards:
+ISAKMP/Oakley (RFC 2408),
+IKE (RFC 2409),
+and the Internet DOI (RFC 2407).
.Nm
only supports the IKEv2 protocol;
-have a look at
-.Xr isakmpd 8
-for ISAKMP/Oakley or IKEv1 support.
+support for
+ISAKMP/Oakley and IKEv1
+is provided by
+.Xr isakmpd 8 .
.Pp
The options are as follows:
.Bl -tag -width Ds
@@ -65,32 +68,32 @@ as the configuration file, instead of the default
.It Fl n
Configtest mode.
Only check the configuration file for validity.
-.It Fl v
-Produce more verbose output.
.It Fl T
Disable NAT-Traversal and do not propose NAT-Traversal support to the peers.
+.It Fl v
+Produce more verbose output.
.El
.Sh FILES
-.Bl -tag -width "/etc/isakmpd/private/" -compact
-.It /etc/iked.conf
+.Bl -tag -width "/etc/isakmpd/private/XXX" -compact
+.It Pa /etc/iked.conf
The default
.Nm
configuration file.
-.It /etc/isakmpd/ca/
+.It Pa /etc/isakmpd/ca/
The directory where CA certificates are kept.
-.It /etc/isakmpd/certs/
+.It Pa /etc/isakmpd/certs/
The directory where IKE certificates are kept, both the local
certificate(s) and those of the peers, if a choice to have them kept
permanently has been made.
-.It /etc/isakmpd/crls/
+.It Pa /etc/isakmpd/crls/
The directory where CRLs are kept.
-.It /etc/isakmpd/private/
+.It Pa /etc/isakmpd/private/
The directory where local private keys used for public key authentication
are kept.
The file
.Pa local.key
is used to store the local private key.
-.It /etc/isakmpd/pubkeys/
+.It Pa /etc/isakmpd/pubkeys/
The directory in which trusted public keys are kept.
The keys must be named in the fashion described above.
.It Pa /var/run/iked.sock
@@ -119,11 +122,5 @@ program was written by
.An Reyk Floeter Aq reyk@vantronix.net .
.Sh CAVEATS
.Nm
-does not provide backwards compatibility for the ISAKMP/IKEv1 protocol.
-Please use
-.Xr isakmpd 8
-instead.
-.Pp
-.Nm
-is not yet finished and misses some important security features.
-Please don't use it in production networks yet.
+is not yet finished and is missing some important security features.
+It should not yet be used in production networks.
diff --git a/sbin/iked/iked.c b/sbin/iked/iked.c
index 168ff2be3c3..0ad0ebaca83 100644
--- a/sbin/iked/iked.c
+++ b/sbin/iked/iked.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: iked.c,v 1.1 2010/06/03 16:41:12 reyk Exp $ */
+/* $OpenBSD: iked.c,v 1.2 2010/06/07 10:07:44 jmc Exp $ */
/* $vantronix: iked.c,v 1.22 2010/06/02 14:43:30 reyk Exp $ */
/*
@@ -65,7 +65,7 @@ usage(void)
{
extern char *__progname;
- fprintf(stderr, "usage: %s [-dnvT] [-D macro=value] "
+ fprintf(stderr, "usage: %s [-dnTv] [-D macro=value] "
"[-f file]\n", __progname);
exit(1);
}