summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ipsec.conf.5
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/ipsecctl/ipsec.conf.5')
-rw-r--r--sbin/ipsecctl/ipsec.conf.5117
1 files changed, 117 insertions, 0 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5
new file mode 100644
index 00000000000..4ef7288e2d3
--- /dev/null
+++ b/sbin/ipsecctl/ipsec.conf.5
@@ -0,0 +1,117 @@
+.\" $Id: ipsec.conf.5,v 1.1 2005/04/04 22:19:50 hshoexer Exp $
+.\"
+.\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\" derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd July 7, 2004
+.Dt IPSEC.CONF 5
+.Os
+.Sh NAME
+.Nm ipsec.conf
+.Nd IPsec configuration file
+.Sh DESCRIPTION
+.Nm
+.Xr ipsec 4
+.Sh EXAMPLES
+.Bd -literal
+.Ed
+.Sh GRAMMAR
+.Nm
+in BNF:
+.Bd -literal
+line = ( flow-rule | group-rule )
+
+flow-rule = "flow" [( ah-rule | esp-rule | ipip-rule | ipcomp-rule )]
+
+group-rule = "group" "{" flow-rule, flow-rule, ... "}"
+
+ah-rule = "ah" [ "transport" ] [ ( "in" | "out" ) ] [ "log" ]
+ [ "on" ifspec ] hosts [ peers ] [ spi ] [ xform ] [ key ]
+ [ tag ]
+
+ipip-rule = "ipip" [ ( "in" | "out" ) ] [ "log" ]
+ [ "on" ifspec ] hosts [ peers ] [ spi ] [ tag ]
+
+esp-rule = "esp" [ "transport" ] [ ( "in" | "out" ) ] [ "log" ]
+ [ "on" ifspec ] hosts [ peers ] [ spi ] [ xform ] [ key ]
+ [ tag ]
+
+ipcomp-rule = "ipcomp" [ ( "in" | "out" ) ] [ "log" ] [ "on" ifspec ]
+ hosts [ peers ] [ cpi ]
+
+hosts = "from" [
+ [ port ] "to" ( "any" | "self" | host ) [ port ]
+
+cpi = "cpi" cpispec
+
+cpispec = ( number | number:number )
+
+spi = "spi" spispec
+
+spispec = ( number | number:number )
+
+peers = "peer"
+
+xform = "xform" xformspec
+
+xformspec = ( tranform | transform:transform )
+
+transform = ( enc | enc-auth | auth )
+
+auth = ( "md5" | "rmd160" | "sha1" | "sha2-256" | "sha2-384" |
+ "sha2-512" )
+
+enc = ( "aes" | "blowfish" | "cast" | "des" | "3des" | "skipjack" )
+
+key = "key" string
+
+ipspec = "any" | host | "{" host-list "}"
+
+host = [ "!" ] ( address [ "/" mask-bits ] | "<" string ">" )
+
+address = ( interface-name | "(" interface-name ")" | hostname |
+ ipv4-dotted-quad | ipv6-coloned-hex )
+
+.Ed
+.\" The following requests should be uncommented and used where appropriate.
+.\" This next request is for sections 2, 3, and 9 function return values only.
+.\" .Sh RETURN VALUES
+.\" This next request is for sections 1, 6, 7 & 8 only.
+.\" .Sh ENVIRONMENT
+.\" .Sh FILES
+.\" .Sh EXAMPLES
+.\" This next request is for sections 1, 4, 6, and 8 only.
+.\" .Sh DIAGNOSTICS
+.\" The next request is for sections 2, 3, and 9 error and signal handling only.
+.\" .Sh ERRORS
+.\" .Sh SEE ALSO
+.\" .Xr foobar 1
+.\" .Sh STANDARDS
+.Sh HISTORY
+The
+.Nm
+file format first appeared in
+.Ox 3.7
+.\" .Sh CAVEATS
+.\" .Sh BUGS