diff options
Diffstat (limited to 'sbin/ipsecctl/ipsec.conf.5')
-rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 new file mode 100644 index 00000000000..4ef7288e2d3 --- /dev/null +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -0,0 +1,117 @@ +.\" $Id: ipsec.conf.5,v 1.1 2005/04/04 22:19:50 hshoexer Exp $ +.\" +.\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd July 7, 2004 +.Dt IPSEC.CONF 5 +.Os +.Sh NAME +.Nm ipsec.conf +.Nd IPsec configuration file +.Sh DESCRIPTION +.Nm +.Xr ipsec 4 +.Sh EXAMPLES +.Bd -literal +.Ed +.Sh GRAMMAR +.Nm +in BNF: +.Bd -literal +line = ( flow-rule | group-rule ) + +flow-rule = "flow" [( ah-rule | esp-rule | ipip-rule | ipcomp-rule )] + +group-rule = "group" "{" flow-rule, flow-rule, ... "}" + +ah-rule = "ah" [ "transport" ] [ ( "in" | "out" ) ] [ "log" ] + [ "on" ifspec ] hosts [ peers ] [ spi ] [ xform ] [ key ] + [ tag ] + +ipip-rule = "ipip" [ ( "in" | "out" ) ] [ "log" ] + [ "on" ifspec ] hosts [ peers ] [ spi ] [ tag ] + +esp-rule = "esp" [ "transport" ] [ ( "in" | "out" ) ] [ "log" ] + [ "on" ifspec ] hosts [ peers ] [ spi ] [ xform ] [ key ] + [ tag ] + +ipcomp-rule = "ipcomp" [ ( "in" | "out" ) ] [ "log" ] [ "on" ifspec ] + hosts [ peers ] [ cpi ] + +hosts = "from" [ + [ port ] "to" ( "any" | "self" | host ) [ port ] + +cpi = "cpi" cpispec + +cpispec = ( number | number:number ) + +spi = "spi" spispec + +spispec = ( number | number:number ) + +peers = "peer" + +xform = "xform" xformspec + +xformspec = ( tranform | transform:transform ) + +transform = ( enc | enc-auth | auth ) + +auth = ( "md5" | "rmd160" | "sha1" | "sha2-256" | "sha2-384" | + "sha2-512" ) + +enc = ( "aes" | "blowfish" | "cast" | "des" | "3des" | "skipjack" ) + +key = "key" string + +ipspec = "any" | host | "{" host-list "}" + +host = [ "!" ] ( address [ "/" mask-bits ] | "<" string ">" ) + +address = ( interface-name | "(" interface-name ")" | hostname | + ipv4-dotted-quad | ipv6-coloned-hex ) + +.Ed +.\" The following requests should be uncommented and used where appropriate. +.\" This next request is for sections 2, 3, and 9 function return values only. +.\" .Sh RETURN VALUES +.\" This next request is for sections 1, 6, 7 & 8 only. +.\" .Sh ENVIRONMENT +.\" .Sh FILES +.\" .Sh EXAMPLES +.\" This next request is for sections 1, 4, 6, and 8 only. +.\" .Sh DIAGNOSTICS +.\" The next request is for sections 2, 3, and 9 error and signal handling only. +.\" .Sh ERRORS +.\" .Sh SEE ALSO +.\" .Xr foobar 1 +.\" .Sh STANDARDS +.Sh HISTORY +The +.Nm +file format first appeared in +.Ox 3.7 +.\" .Sh CAVEATS +.\" .Sh BUGS |