diff options
Diffstat (limited to 'sbin/ipsecctl')
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index b9cb972f122..f2c1224d496 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.11 2005/07/10 07:56:56 jmc Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.12 2005/07/23 20:44:36 hshoexer Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -131,6 +131,16 @@ The parameter .Ar spi is a 32-bit value defining the Security Parameter Index (SPI) for this SA. The key to be used is a hexadecimal string of arbitrary length. +For both +.Ar spi +and +.Ar key +it is possible to specify two values separated by a colon. +.Xr ipsecctl 8 +will then generate the matching incoming SA using the second values for +.Ar spi +and +.Ar key . .El .Pp For details on how to enable TCP MD5 signatures see @@ -152,8 +162,8 @@ flow esp out from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.12 flow esp in from 192.168.8.0/24 to 192.168.7.0/24 peer 192.168.3.12 # Set up keys for TCP MD5 signatures -tcpmd5 from 192.168.3.14 to 192.168.3.27 spi 0x1000 key 0xdeadbeef -tcpmd5 from 192.168.3.27 to 192.168.3.14 spi 0x1001 key 0xbeefdead +tcpmd5 from 192.168.3.14 to 192.168.3.27 spi 0x1000:0x1001 \\ + key 0xdeadbeef:0xbeefdead .Ed .Sh SEE ALSO .Xr ipsec 4 , |