diff options
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 14 | ||||
| -rw-r--r-- | sbin/isakmpd/isakmpd.8 | 25 |
2 files changed, 30 insertions, 9 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index c291aa66faa..f3355c4c32e 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.124 2010/01/02 20:15:15 schwarze Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.125 2010/06/03 16:57:40 reyk Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 2 2010 $ +.Dd $Mdocdate: June 3 2010 $ .Dt IPSEC.CONF 5 .Os .Sh NAME @@ -159,7 +159,11 @@ include "/etc/macros.conf" In this scenario, .Nm is used to set up flows and SAs automatically using -.Xr isakmpd 8 . +.Xr isakmpd 8 +with the ISAKMP/Oakley a.k.a. IKEv1 protocol. +To configure automatic keying using the IKEv2 protocol, see +.Xr iked.conf 5 +instead. Some examples of setting up automatic keying: .Bd -literal -offset 3n # Set up a VPN: @@ -178,7 +182,7 @@ The commands are as follows: .Op Ar tmode .Xc .Ar mode -specifies the IKE mode to use: +specifies the IKEv1 mode to use: one of .Ar passive , .Ar active , @@ -264,7 +268,7 @@ Host addresses are parsed as type .Dq IPV4_ADDR ; adding the suffix /32 will change the type to .Dq IPV4_ADDR_SUBNET , -which can improve interoperability with some IKE implementations. +which can improve interoperability with some IKEv1 implementations. .Pp The optional .Ic port diff --git a/sbin/isakmpd/isakmpd.8 b/sbin/isakmpd/isakmpd.8 index 4aaaf4bc4b8..6244a41eb70 100644 --- a/sbin/isakmpd/isakmpd.8 +++ b/sbin/isakmpd/isakmpd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.8,v 1.105 2010/01/03 16:43:45 schwarze Exp $ +.\" $OpenBSD: isakmpd.8,v 1.106 2010/06/03 16:57:40 reyk Exp $ .\" $EOM: isakmpd.8,v 1.23 2000/05/02 00:30:23 niklas Exp $ .\" .\" Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. @@ -30,12 +30,12 @@ .\" .\" Manual page, using -mandoc macros .\" -.Dd $Mdocdate: January 3 2010 $ +.Dd $Mdocdate: June 3 2010 $ .Dt ISAKMPD 8 .Os .Sh NAME .Nm isakmpd -.Nd ISAKMP/Oakley a.k.a. IKE key management daemon +.Nd ISAKMP/Oakley a.k.a. IKEv1 key management daemon .Sh SYNOPSIS .Nm isakmpd .Bk -words @@ -68,6 +68,17 @@ file format. A newer, much simpler format is now available: .Xr ipsec.conf 5 . .Pp +.Nm +implements the IKEv1 protocol which is defined in the standards +ISAKMP/Oakley (RFC 2408), IKE (RFC 2409), and the Internet DOI (RFC 2407). +The IKEv2 protocol, +as defined in RFC 4306, +is not supported by +.Nm ; +but by +.Xr iked 8 +instead. +.Pp The way .Nm goes about its work is by maintaining an internal configuration @@ -87,7 +98,7 @@ The ability to provide redundancy is made available through .Xr carp 4 and .Xr sasyncd 8 . -For other uses, some more knowledge of IKE as a protocol is required. +For other uses, some more knowledge of IKEv1 as a protocol is required. The RFCs mentioned below are a possible starting point. .Pp On startup @@ -816,3 +827,9 @@ For redundant setups, must be manually restarted every time .Nm is restarted. +.Pp +The IKEv2 protocol is not supported by +.Nm ; +but by +.Xr iked 8 +instead. |