diff options
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ifconfig/ifconfig.8 | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index fddda119431..5c4a8ad0792 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ifconfig.8,v 1.348 2020/06/21 13:41:05 matthieu Exp $ +.\" $OpenBSD: ifconfig.8,v 1.349 2020/06/21 15:24:32 jmc Exp $ .\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $ .\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $ .\" @@ -2070,7 +2070,7 @@ interfaces: .It Cm wgkey Ar privatekey Set the local private key of the interface to .Ar privatekey . -This is a random 32 byte value, encoded as base64. +This is a random 32-byte value, encoded as base64. It may be generated as follows: .Pp .Dl $ openssl rand -base64 32 @@ -2078,7 +2078,7 @@ It may be generated as follows: A valid Curve25519 key is required to have 5 bits set to specific values. This is done by the interface, so it is safe to provide a random -32 byte base64 string. +32-byte base64 string. .Pp Once set, the corresponding public key will be displayed in the interface status; it must be distributed to peers @@ -2103,7 +2103,7 @@ can be set to any valid routing table ID; the corresponding routing domain is derived from this table. .It Cm wgpeer Ar publickey Select the peer to perform the subsequent operations on. -This creates a peer with the associated 32 byte, base64 encoded +This creates a peer with the associated 32-byte, base64-encoded .Ar publickey if it does not yet exist. This option can be specified multiple times in a single command. @@ -2122,7 +2122,7 @@ option must be specified, followed by its configuration options. .Bl -tag -width Ds .It Cm wgpsk Ar presharedkey Set the preshared key for the peer. -This is a random 32 byte, base64 encoded string +This is a random 32-byte, base64-encoded string that both ends must agree on. It offers a post-quantum resistance to the Diffie-Hellman exchange. If there is no preshared key, the exact same handshake is performed, @@ -2135,14 +2135,14 @@ Remove the preshared key from the specified peer. Set the interval of additional keepalive packets in seconds. By default this functionality is disabled, equivalent to a value of 0. This is often used to ensure a peer will be accessible when protected by -a firewall, as is when behind a NAT address. +a firewall, as when behind a NAT address. A value of 25 is commonly used. .It Cm wgendpoint Ar ip port Set the IP address and port to send the encapsulated packets to. If the peer changes address, the local interface will update the address after receiving a correctly authenticated packet. The IP address can be either -IPv4 or IPv6, and the port is a regular 16 bit UDP port. +IPv4 or IPv6, and the port is a regular 16-bit UDP port. .It Cm wgaip Ar allowed-ip/prefix Set the allowed IPs for the peer. The allowed IPs indicate the IP addresses a peer is allowed to send |