From 8507d5ed84a7c901a192d08a29970726415afa65 Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Mon, 16 Jan 2006 23:57:21 +0000 Subject: add support for pre-shared keys with "ike esp" using the new keyword "psk". rsa-sig is recommended and will still be used by default. ok hshoexer@, manpage ok jmc@ --- sbin/ipsecctl/ipsec.conf.5 | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'sbin/ipsecctl/ipsec.conf.5') diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index 3e5e8f80644..31bb7879546 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.28 2005/12/06 14:27:57 markus Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.29 2006/01/16 23:57:20 reyk Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -391,14 +391,17 @@ as the identity of the local peer. Similar to .Ar srcid , this optional parameter defines a FQDN to be used by the remote peer. -.El -.Pp -Note that -.Xr isakmpd 8 -will use RSA authentication. +.It Ar psk Aq Ar string +Use a pre-shared key +.Ar string +for authentication. +If not specified, RSA authentication will be used. By default, the system startup script .Xr rc 8 -generates a key-pair when starting, if one does not already exist. +generates a key-pair for +.Xr isakmpd 8 +when starting, if one does not already exist. +.El .Pp See also .Sx ISAKMP EXAMPLES -- cgit v1.2.3