diff options
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 45 |
1 files changed, 43 insertions, 2 deletions
diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index 12f4730b126..af377d2a811 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,8 +1,8 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.63 2002/03/01 15:25:17 ho Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.64 2002/04/10 20:56:57 ho Exp $ .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. -.\" Copyright (c) 2000, 2001 Håkan Olsson. All rights reserved. +.\" Copyright (c) 2000, 2001, 2002 Håkan Olsson. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -616,6 +616,40 @@ will be transmitted (or permitted) over the SA. The Protocol tag must be specified in conjunction with this tag. .El .El +.Ss Other sections +.Bl -hang -width 12n +.It Em <IKECFG-ID> +Parameters to use with IKE mode-config. One ID per peer. +.Pp +An IKECFG-ID is written as [<ID-type>/<name>]. +The following ID types are supported: +.Bl -tag -width 12n +.It IPv4 +[ipv4/A.B.C.D] +.It IPv6 +[ipv6/abcd:abcd::ab:cd] +.It FQDN +[fqdn/foo.bar.org] +.It UFQDN +[ufqdn/user@foo.bar.org] +.It ASN1_DN +[asn1_dn//C=aa/O=cc/...] (Note the double slashes as the DN itself +starts with a '/'.) +.El +.Pp +Each section specifies what configuration values to return to the peer +requesting IKE mode-config. Currently supported values are: +.Bl -tag -width 12n +.It Em Address +The peer's network address. +.It Em Netmask +The peer's netmask. +.It Em Nameserver +The IP address of a DNS nameserver. +.It Em WINS-server +The IP address of a WINS server. +.El +.El .Sh EXAMPLES An example of a configuration file: .Pp @@ -677,6 +711,13 @@ Transforms= 3DES-SHA EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-AES-SHA-PFS-SUITE +# Data for an IKE mode-config peer +[asn1_dn//C=SE/L=SomeCity/O=SomeCompany/CN=SomePeer.company.com] +Address= 192.168.1.123 +Netmask= 255.255.255.0 +Nameserver= 192.168.1.10 +WINS-server= 192.168.1.11 + # # ##################################################################### # All configration data below this point is not required as the example |