From 7ce92829bad1077536454c9f89b55e2ccde831f8 Mon Sep 17 00:00:00 2001 From: Hans-Joerg Hoexer Date: Mon, 19 Feb 2007 10:00:14 +0000 Subject: Document NULL encryption. --- sbin/ipsecctl/ipsec.conf.5 | 6 +++++- sbin/isakmpd/isakmpd.conf.5 | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index 3482019a0f0..af65eeaeaa0 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.110 2007/02/16 20:13:20 cloder Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.111 2007/02/19 10:00:13 hshoexer Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -549,6 +549,7 @@ keyword: .It Li blowfish Ta "160 bits" .It Li cast Ta "128 bits" .It Li skipjack Ta "80 bits" +.It Li null Ta "(none)" Ta "[phase 2 only]" .El .Pp Use of DES or Skipjack as an encryption algorithm is not recommended @@ -560,6 +561,9 @@ Note that DES requires 8 bytes to form a 56-bit key and 3DES requires 24 bytes to form its 168-bit key. This is because the most significant bit of each byte is used for parity. .Pp +Note that using NULL with ESP will only provide authentication. +This is useful in setups where AH can not be used, eg. when NAT is involved. +.Pp The following group types are permitted with the .Ic group keyword: diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5 index 06c71c7fdf9..46f8e19a080 100644 --- a/sbin/isakmpd/isakmpd.conf.5 +++ b/sbin/isakmpd/isakmpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: isakmpd.conf.5,v 1.119 2006/11/24 13:52:14 reyk Exp $ +.\" $OpenBSD: isakmpd.conf.5,v 1.120 2007/02/19 10:00:13 hshoexer Exp $ .\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $ .\" .\" Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -141,7 +141,7 @@ where: .It Ns { Ns Ar proto Ns } is either ESP or AH .It Ns { Ns Ar cipher Ns } -is either DES, 3DES, CAST, BLF, AES, or AESCTR +is either DES, 3DES, CAST, BLF, AES, AESCTR or NULL .It Ns { Ns Ar hash Ns } is either MD5, SHA, RIPEMD, or SHA2-{256,384,512} .It Ns { Ns Ar group Ns } -- cgit v1.2.3