diff options
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/isakmpd/isakmpd.8 | 21 | ||||
| -rw-r--r-- | sbin/isakmpd/isakmpd.conf.5 | 6 | ||||
| -rw-r--r-- | sbin/isakmpd/isakmpd.policy.5 | 17 |
3 files changed, 24 insertions, 20 deletions
diff --git a/sbin/isakmpd/isakmpd.8 b/sbin/isakmpd/isakmpd.8 index 6244a41eb70..473b37bf2c4 100644 --- a/sbin/isakmpd/isakmpd.8 +++ b/sbin/isakmpd/isakmpd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.8,v 1.106 2010/06/03 16:57:40 reyk Exp $ +.\" $OpenBSD: isakmpd.8,v 1.107 2010/06/07 08:38:09 jmc Exp $ .\" $EOM: isakmpd.8,v 1.23 2000/05/02 00:30:23 niklas Exp $ .\" .\" Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. @@ -30,7 +30,7 @@ .\" .\" Manual page, using -mandoc macros .\" -.Dd $Mdocdate: June 3 2010 $ +.Dd $Mdocdate: June 7 2010 $ .Dt ISAKMPD 8 .Os .Sh NAME @@ -71,13 +71,15 @@ A newer, much simpler format is now available: .Nm implements the IKEv1 protocol which is defined in the standards ISAKMP/Oakley (RFC 2408), IKE (RFC 2409), and the Internet DOI (RFC 2407). -The IKEv2 protocol, +The newer IKEv2 protocol, as defined in RFC 4306, is not supported by -.Nm ; +.Nm but by -.Xr iked 8 -instead. +.Xr iked 8 . +It follows then that references to IKE in this document +pertain to IKEv1 only, +and not IKEv2. .Pp The way .Nm @@ -798,6 +800,7 @@ command is issued in the command FIFO. .Xr ipsec.conf 5 , .Xr isakmpd.conf 5 , .Xr isakmpd.policy 5 , +.Xr iked 8 , .Xr sasyncd 8 , .Xr ssl 8 , .Xr tcpdump 8 @@ -827,9 +830,3 @@ For redundant setups, must be manually restarted every time .Nm is restarted. -.Pp -The IKEv2 protocol is not supported by -.Nm ; -but by -.Xr iked 8 -instead. diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index 706df3c15fb..5dd337e79bd 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.125 2008/02/17 10:36:32 hshoexer Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.126 2010/06/07 08:38:09 jmc Exp $ .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -28,7 +28,7 @@ .\" .\" Manual page, using -mandoc macros .\" -.Dd $Mdocdate: February 17 2008 $ +.Dd $Mdocdate: June 7 2010 $ .Dt ISAKMPD.CONF 5 .Os .Sh NAME @@ -926,7 +926,7 @@ configuration file. .Sh EXAMPLES An example of a configuration file: .Bd -literal -# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon. +# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKEv1) daemon. [General] Listen-on= 10.1.0.2 diff --git a/sbin/isakmpd/isakmpd.policy.5 b/sbin/isakmpd/isakmpd.policy.5 index b37ec6ce9d7..1e1197ddb8c 100644 --- a/sbin/isakmpd/isakmpd.policy.5 +++ b/sbin/isakmpd/isakmpd.policy.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.policy.5,v 1.43 2010/04/06 06:46:30 jmc Exp $ +.\" $OpenBSD: isakmpd.policy.5,v 1.44 2010/06/07 08:38:09 jmc Exp $ .\" $EOM: isakmpd.policy.5,v 1.24 2000/11/23 12:55:25 niklas Exp $ .\" .\" Copyright (c) 1999-2001, Angelos D. Keromytis. All rights reserved. @@ -26,7 +26,7 @@ .\" .\" Manual page, using -mandoc macros .\" -.Dd $Mdocdate: April 6 2010 $ +.Dd $Mdocdate: June 7 2010 $ .Dt ISAKMPD.POLICY 5 .Os .Sh NAME @@ -39,13 +39,20 @@ is the policy configuration file for the daemon, managing security association and key management for the .Xr ipsec 4 layer of the kernel's networking stack. -.Pp The .Xr isakmpd 8 -daemon (also known as IKE, for Internet Key Exchange) is used when two +daemon, +also known as the IKEv1 key management daemon, +implements the Internet Key Exchange version 1 (IKEv1) protocol. +It follows then that references to IKE in this document +pertain to IKEv1 only, +and not IKEv2. +.Pp +.Xr isakmpd 8 +is used when two systems need to automatically set up a pair of Security Associations (SAs) for secure communication using IPsec. -IKE operates in two stages: +IKEv1 operates in two stages: .Pp In the first stage (Main or Identity Protection Mode), the two IKE daemons establish a secure link between themselves, fully |