From f05ca2bc9dbc4e16238a2160a059ccb841a40f61 Mon Sep 17 00:00:00 2001 From: "Angelos D. Keromytis" Date: Wed, 24 Feb 1999 23:32:54 +0000 Subject: Remove unnecessary file, move man page to section 8. --- sbin/ipsecadm/Makefile | 3 +- sbin/ipsecadm/ipsecadm.1 | 352 ----------------------------------------------- sbin/ipsecadm/ipsecadm.8 | 352 +++++++++++++++++++++++++++++++++++++++++++++++ sbin/ipsecadm/ipsecadm.c | 5 +- 4 files changed, 356 insertions(+), 356 deletions(-) delete mode 100644 sbin/ipsecadm/ipsecadm.1 create mode 100644 sbin/ipsecadm/ipsecadm.8 (limited to 'sbin') diff --git a/sbin/ipsecadm/Makefile b/sbin/ipsecadm/Makefile index 05bf387de53..5c0241f2bb1 100644 --- a/sbin/ipsecadm/Makefile +++ b/sbin/ipsecadm/Makefile @@ -1,6 +1,7 @@ -# $OpenBSD: Makefile,v 1.2 1999/02/24 22:53:36 angelos Exp $ +# $OpenBSD: Makefile,v 1.3 1999/02/24 23:32:51 angelos Exp $ PROG= ipsecadm +MAN= ipsecadm.8 SRCS= ipsecadm.c .include diff --git a/sbin/ipsecadm/ipsecadm.1 b/sbin/ipsecadm/ipsecadm.1 deleted file mode 100644 index 6da655d1cde..00000000000 --- a/sbin/ipsecadm/ipsecadm.1 +++ /dev/null @@ -1,352 +0,0 @@ -.\" $OpenBSD: ipsecadm.1,v 1.8 1999/02/24 22:53:36 angelos Exp $ -.\" Copyright 1997 Niels Provos -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by Niels Provos. -.\" 4. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" Manual page, using -mandoc macros -.\" -.Dd August 26, 1997 -.Dt IPSECADM 1 -.Os -.Sh NAME -.Nm ipsecadm -.Nd interface to setup IPSec -.Sh SYNOPSIS -.Nm ipsecadm -.Op command -.Ar modifiers ... -.Sh DESCRIPTION -The -.Nm ipsecadm -utility allows sets up security associations in the kernel -to be used with -.Xr ipsec 4 . -It can be used to specify the encryption and authentication -algorithms and key material for the network layer security -provided by IPSec. -The possible commands are: -.Bl -tag -width new_esp -.It new esp -Setup a Security Parameters Index (SPI) which uses the new esp transforms. -Encryption and authentication algorithms can be applied. -This is the default mode. -Allowed -modifiers are: -.Fl dst , -.Fl src , -.Fl proxy , -.Fl spi , -.Fl enc , -.Fl auth , -.Fl authkey , -.Fl forcetunnel , -and -.Fl key . -.It old esp -Setup a SPI which uses the old esp transforms. Only -encryption algorithms can be applied. Allowed modifiers are: -.Fl dst , -.Fl src , -.Fl proxy , -.Fl spi , -.Fl enc , -.Fl halfiv , -.Fl forcetunnel , -and -.Fl key . -.It new ah -Setup a SPI which uses the new ah transforms. Authentication -will be done with HMAC using the specified hash algorithm. Allowed modifiers -are: -.Fl dst , -.Fl src , -.Fl proxy , -.Fl spi , -.Fl forcetunnel , -.Fl auth , -and -.Fl key . -.It old ah -Setup a SPI which uses the old ah transforms. Simple keyed -hashes will be used for authentication. Allowed modifiers are: -.Fl dst , -.Fl src , -.Fl proxy , -.Fl spi , -.Fl forcetunnel , -.Fl auth , -and -.Fl key . -.It ip4 -Setup an SPI which uses the IP-in-IP encapsulation protocol. This mode -offers no security services by itself, but can be used to route other -(experimental or otherwise) protocols over an IP network. The SPI value -is not used for anything other than referencing the information, and -does not appear on the wire. Unlike other setups, like new esp, there -is no necessary setup in the receiving side. Allowed modifiers are: -.Fl dst , -.Fl src , -and -.Fl spi. -.It delspi -The specified Security Association (SA) will be deleted. An SA consists of -the destination address, SPI and security protocol. Allowed modifiers are: -.Fl dst , -.Fl spi , -.Fl proto . -and -.Fl chain . -.It group -Group two SA's together. Allowed modifiers are: -.Fl dst , -.Fl spi , -.Fl proto , -.Fl dst2 , -.Fl spi2 , -and -.Fl proto2 . -.It flow -Create a flow determining which packets are routed via which Security -Association. Allowed modifiers are: -.Fl dst , -.Fl spi , -.Fl proto , -.Fl addr , -.Fl transport , -.Fl sport , -.Fl dport , -.FL local , -.Fl delete . -The -.Xr netstat 1 -command shows the existing flows. -.El -.Pp -If no command is given -.Xr ipsecadm 1 -defaults to new esp mode. -.Pp -The modifiers have the following meanings: -.Bl -tag -width forcetunnel -offset indent -.It src -The source IP address for the SPI. This is necessary for incoming -SAs to avoid source address spoofing between mutually -suspicious hosts that have established SAs with us. For outgoing SAs, this -field is used to slightly speedup packet processing. If this field is -zero (0.0.0.0), no spoofing check will be done for incoming SAs, and an -extra routing lookup may be necessary for certain classes of packets that -originate from the local machine and make use of the SA. If present, the -value of this field is used when doing IP-in-IP encapsulation (e.g., when -the -.Nm forcetunnel -option has been specified. -.It dst -The destination IP address for the SPI. -.It proxy -This IP address, if provided, is checked against the inner IP address when -doing tunneling to a firewall, to prevent source spoofing attacks. It is -strongly recommended that this option is provided when applicable. It is -applicable in a scenario when host A is using IPsec to communicate with -firewall B, and through that to host C. In that case, the proxy address for -the incoming SA should be C. This option is not necessary for outgoing SAs. -.It spi -The unique Security Parameter Index (SPI). -.It tunnel -This option has been deprecated. The arguments are ignored, and it -otherwise has the same effect as the -.Nm forcetunnel -option. -.It newpadding -This option has been deprecated. -.It forcetunnel -Force IP-inside-IP encapsulation before ESP or AH processing is performed for -outgoing packets. The source/destination addresses of the outgoing IP packet -will be those provided in the -.Nm src -and -.Nm dst -options. Notice that the IPsec stack will perform IP-inside-IP encapsulation -when deemed necessary, even if this flag has not been set. -.It enc -The encryption algorithm to be used with the SPI. Possible values -are: -.Bl -tag -width skipjack -.It Nm des -This is available for both old and new esp. -Notice that hardware crackers for DES can be (and have been) built for -US$250,000. Use DES for encryption of critical information at your risk. -We suggest using 3DES instead. DES support is kept for interoperability -(with old implementations) purposes only. -.It Nm 3des -This is available for both old and new esp. It is more considered to be -more secure than straight DES, since it uses larger keys. -.It Nm blf -Blowfish encryption is available only in new esp. -.It Nm cast -CAST encryption is available only in new esp. -.It Nm skipjack -SKIPJACK encryption is available only in new esp. This algorithm designed -by the NSA is faster than 3DES. However, since it was designed by the NSA -it is a poor choice. -.El -.Pp -.It auth -The authentication algorithm to be used with the SPI. Possible values -are: -.Nm md5 -and -.Nm sha1 -for both old and new ah and also new esp. Also -.Nm rmd160 -for both new ah and esp. -.It key -The secret symmetric key used for encryption and authentication. The size -for -.Nm des -and -.Nm 3des -is fixed to 8 and 24 respectively. For other ciphers like -.Nm cast -or -.Nm blf -the key length can be variable. The -.Nm key -should be given in hexadecimal digits. The -.Nm key -should be chosen in random (ideally, using some true-random source like -coin flipping). It is very important that the key is not guessable. One -practical way of generating keys is by using the -.Xr random 4 -device (e.g. dd if=/dev/urandom bs=1024 count=1 | sha1) -.It authkey -The secret key material used for authentication -if additional authentication in new esp mode is required. For -old or new ah the key material for authentication is passed with the -.Nm key -option. The -.Nm key -should be given in hexadecimal digits. The -.Nm key -should be chosen in random (ideally, using some true-random source like -coin flipping). It is very important that the key is not guessable. One -practical way of generating keys is by using the -.Xr random 4 -device (e.g. dd if=/dev/urandom bs=1024 count=1 | sha1) -.It iv -This option has been deprecated. The argument is ignored. When applicable, -it has the same behaviour as the -.Nm halfiv -option. -.It halfiv -This option causes use of a 4 byte IV in old ESP (as opposed to 8 bytes). It -may only be used with old ESP. -.It proto -The security protocol needed by -.Nm delspi , -.Nm flow -or -.Nm group -to uniquely specify the SA. -The default value is 50 which means -.Nm IPPROTO_ESP . -Other accepted values are 51 -.Nm ( IPPROTO_AH ), -and 4 -.Nm ( IPPROTO_IP ) . -One can also specify the symbolic names "esp", "ah", and "ip4", -case insensitive. -.It chain -Delete the whole SPI chain, otherwise delete only the SPI given. -.It dst2 -The second IP destination address used by -.Nm group . -.It spi2 -The second SPI used by -.Nm group . -.It proto2 -The second security protocol used by -.Nm group . -It defaults to -.Nm IPPROTO_AH . -Other accepted values are 50 -.Nm ( IPPROTO_ESP ), -and 4 -.Nm ( IPPROTO_IP ) . -One can also specify the symbolic names "esp", "ah", and "ip4", -case insensitive. -.It addr -The source address, source network mask, destination address and destination -network mask against which packets need to match to use the specified -Security Association. -.It transport -The protocol number which packets need to match to use the specified -Security Association. By default the protocol number is not used for -matching. Instead of a number, a valid protocol name that appears in -.Xr protocols 5 -can be used. -.It sport -The source port which packets have to match for the flow. -By default the source port is not used for matching. -Instead of a number, a valid service name that appears in -.Xr services 5 -can be used. -.It dport -The destination port which packets have to match for the flow. -By default the source port is not used for matching. -Instead of a number, a valid service name that appears in -.Xr services 5 -can be used. -.It local -The -.Nm flow -command also creates a flow which matches local packets. This is aquivalent -to using a source address of 0.0.0.0 and a source network mask of -255.255.255.0. -.It delete -Instead of creating a flow, an existing flow is deleted. -.El -.Sh EXAMPLE -Setup a SPI which uses new esp with 3des encryption and HMAC-SHA1 -authentication: -.Bd -literal -ipsecadm -enc 3des -auth sha1 -spi 1001 -dst 169.20.12.2 -src 169.20.12.3 --key 638063806380638063806380638063806380638063806380 -authp 1234123412341234 -.Ed -.Pp -Setup a SPI for authentication with old ah only: -.Bd -literal -ipsecadm old ah -auth md5 -spi 1001 -dst 169.20.12.2 -src 169.20.12.3 --key 12341234deadbeef -.Ed -.Sh SEE ALSO -.Xr services 5 , -.Xr protocols 5 , -.Xr netstat 1 , -.Xr isakmpd 8 , -.Xr ipsec 4 , -.Xr vpn 8 , -.Xr photurisd 8 diff --git a/sbin/ipsecadm/ipsecadm.8 b/sbin/ipsecadm/ipsecadm.8 new file mode 100644 index 00000000000..ffcfd64dd96 --- /dev/null +++ b/sbin/ipsecadm/ipsecadm.8 @@ -0,0 +1,352 @@ +.\" $OpenBSD: ipsecadm.8,v 1.1 1999/02/24 23:32:52 angelos Exp $ +.\" Copyright 1997 Niels Provos +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Niels Provos. +.\" 4. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" Manual page, using -mandoc macros +.\" +.Dd August 26, 1997 +.Dt IPSECADM 8 +.Os +.Sh NAME +.Nm ipsecadm +.Nd interface to setup IPSec +.Sh SYNOPSIS +.Nm ipsecadm +.Op command +.Ar modifiers ... +.Sh DESCRIPTION +The +.Nm ipsecadm +utility allows sets up security associations in the kernel +to be used with +.Xr ipsec 4 . +It can be used to specify the encryption and authentication +algorithms and key material for the network layer security +provided by IPSec. +The possible commands are: +.Bl -tag -width new_esp +.It new esp +Setup a Security Parameters Index (SPI) which uses the new esp transforms. +Encryption and authentication algorithms can be applied. +This is the default mode. +Allowed +modifiers are: +.Fl dst , +.Fl src , +.Fl proxy , +.Fl spi , +.Fl enc , +.Fl auth , +.Fl authkey , +.Fl forcetunnel , +and +.Fl key . +.It old esp +Setup a SPI which uses the old esp transforms. Only +encryption algorithms can be applied. Allowed modifiers are: +.Fl dst , +.Fl src , +.Fl proxy , +.Fl spi , +.Fl enc , +.Fl halfiv , +.Fl forcetunnel , +and +.Fl key . +.It new ah +Setup a SPI which uses the new ah transforms. Authentication +will be done with HMAC using the specified hash algorithm. Allowed modifiers +are: +.Fl dst , +.Fl src , +.Fl proxy , +.Fl spi , +.Fl forcetunnel , +.Fl auth , +and +.Fl key . +.It old ah +Setup a SPI which uses the old ah transforms. Simple keyed +hashes will be used for authentication. Allowed modifiers are: +.Fl dst , +.Fl src , +.Fl proxy , +.Fl spi , +.Fl forcetunnel , +.Fl auth , +and +.Fl key . +.It ip4 +Setup an SPI which uses the IP-in-IP encapsulation protocol. This mode +offers no security services by itself, but can be used to route other +(experimental or otherwise) protocols over an IP network. The SPI value +is not used for anything other than referencing the information, and +does not appear on the wire. Unlike other setups, like new esp, there +is no necessary setup in the receiving side. Allowed modifiers are: +.Fl dst , +.Fl src , +and +.Fl spi. +.It delspi +The specified Security Association (SA) will be deleted. An SA consists of +the destination address, SPI and security protocol. Allowed modifiers are: +.Fl dst , +.Fl spi , +.Fl proto . +and +.Fl chain . +.It group +Group two SA's together. Allowed modifiers are: +.Fl dst , +.Fl spi , +.Fl proto , +.Fl dst2 , +.Fl spi2 , +and +.Fl proto2 . +.It flow +Create a flow determining which packets are routed via which Security +Association. Allowed modifiers are: +.Fl dst , +.Fl spi , +.Fl proto , +.Fl addr , +.Fl transport , +.Fl sport , +.Fl dport , +.FL local , +.Fl delete . +The +.Xr netstat 1 +command shows the existing flows. +.El +.Pp +If no command is given +.Xr ipsecadm 1 +defaults to new esp mode. +.Pp +The modifiers have the following meanings: +.Bl -tag -width forcetunnel -offset indent +.It src +The source IP address for the SPI. This is necessary for incoming +SAs to avoid source address spoofing between mutually +suspicious hosts that have established SAs with us. For outgoing SAs, this +field is used to slightly speedup packet processing. If this field is +zero (0.0.0.0), no spoofing check will be done for incoming SAs, and an +extra routing lookup may be necessary for certain classes of packets that +originate from the local machine and make use of the SA. If present, the +value of this field is used when doing IP-in-IP encapsulation (e.g., when +the +.Nm forcetunnel +option has been specified. +.It dst +The destination IP address for the SPI. +.It proxy +This IP address, if provided, is checked against the inner IP address when +doing tunneling to a firewall, to prevent source spoofing attacks. It is +strongly recommended that this option is provided when applicable. It is +applicable in a scenario when host A is using IPsec to communicate with +firewall B, and through that to host C. In that case, the proxy address for +the incoming SA should be C. This option is not necessary for outgoing SAs. +.It spi +The unique Security Parameter Index (SPI). +.It tunnel +This option has been deprecated. The arguments are ignored, and it +otherwise has the same effect as the +.Nm forcetunnel +option. +.It newpadding +This option has been deprecated. +.It forcetunnel +Force IP-inside-IP encapsulation before ESP or AH processing is performed for +outgoing packets. The source/destination addresses of the outgoing IP packet +will be those provided in the +.Nm src +and +.Nm dst +options. Notice that the IPsec stack will perform IP-inside-IP encapsulation +when deemed necessary, even if this flag has not been set. +.It enc +The encryption algorithm to be used with the SPI. Possible values +are: +.Bl -tag -width skipjack +.It Nm des +This is available for both old and new esp. +Notice that hardware crackers for DES can be (and have been) built for +US$250,000. Use DES for encryption of critical information at your risk. +We suggest using 3DES instead. DES support is kept for interoperability +(with old implementations) purposes only. +.It Nm 3des +This is available for both old and new esp. It is more considered to be +more secure than straight DES, since it uses larger keys. +.It Nm blf +Blowfish encryption is available only in new esp. +.It Nm cast +CAST encryption is available only in new esp. +.It Nm skipjack +SKIPJACK encryption is available only in new esp. This algorithm designed +by the NSA is faster than 3DES. However, since it was designed by the NSA +it is a poor choice. +.El +.Pp +.It auth +The authentication algorithm to be used with the SPI. Possible values +are: +.Nm md5 +and +.Nm sha1 +for both old and new ah and also new esp. Also +.Nm rmd160 +for both new ah and esp. +.It key +The secret symmetric key used for encryption and authentication. The size +for +.Nm des +and +.Nm 3des +is fixed to 8 and 24 respectively. For other ciphers like +.Nm cast +or +.Nm blf +the key length can be variable. The +.Nm key +should be given in hexadecimal digits. The +.Nm key +should be chosen in random (ideally, using some true-random source like +coin flipping). It is very important that the key is not guessable. One +practical way of generating keys is by using the +.Xr random 4 +device (e.g. dd if=/dev/urandom bs=1024 count=1 | sha1) +.It authkey +The secret key material used for authentication +if additional authentication in new esp mode is required. For +old or new ah the key material for authentication is passed with the +.Nm key +option. The +.Nm key +should be given in hexadecimal digits. The +.Nm key +should be chosen in random (ideally, using some true-random source like +coin flipping). It is very important that the key is not guessable. One +practical way of generating keys is by using the +.Xr random 4 +device (e.g. dd if=/dev/urandom bs=1024 count=1 | sha1) +.It iv +This option has been deprecated. The argument is ignored. When applicable, +it has the same behaviour as the +.Nm halfiv +option. +.It halfiv +This option causes use of a 4 byte IV in old ESP (as opposed to 8 bytes). It +may only be used with old ESP. +.It proto +The security protocol needed by +.Nm delspi , +.Nm flow +or +.Nm group +to uniquely specify the SA. +The default value is 50 which means +.Nm IPPROTO_ESP . +Other accepted values are 51 +.Nm ( IPPROTO_AH ), +and 4 +.Nm ( IPPROTO_IP ) . +One can also specify the symbolic names "esp", "ah", and "ip4", +case insensitive. +.It chain +Delete the whole SPI chain, otherwise delete only the SPI given. +.It dst2 +The second IP destination address used by +.Nm group . +.It spi2 +The second SPI used by +.Nm group . +.It proto2 +The second security protocol used by +.Nm group . +It defaults to +.Nm IPPROTO_AH . +Other accepted values are 50 +.Nm ( IPPROTO_ESP ), +and 4 +.Nm ( IPPROTO_IP ) . +One can also specify the symbolic names "esp", "ah", and "ip4", +case insensitive. +.It addr +The source address, source network mask, destination address and destination +network mask against which packets need to match to use the specified +Security Association. +.It transport +The protocol number which packets need to match to use the specified +Security Association. By default the protocol number is not used for +matching. Instead of a number, a valid protocol name that appears in +.Xr protocols 5 +can be used. +.It sport +The source port which packets have to match for the flow. +By default the source port is not used for matching. +Instead of a number, a valid service name that appears in +.Xr services 5 +can be used. +.It dport +The destination port which packets have to match for the flow. +By default the source port is not used for matching. +Instead of a number, a valid service name that appears in +.Xr services 5 +can be used. +.It local +The +.Nm flow +command also creates a flow which matches local packets. This is aquivalent +to using a source address of 0.0.0.0 and a source network mask of +255.255.255.0. +.It delete +Instead of creating a flow, an existing flow is deleted. +.El +.Sh EXAMPLE +Setup a SPI which uses new esp with 3des encryption and HMAC-SHA1 +authentication: +.Bd -literal +ipsecadm -enc 3des -auth sha1 -spi 1001 -dst 169.20.12.2 -src 169.20.12.3 +-key 638063806380638063806380638063806380638063806380 -authp 1234123412341234 +.Ed +.Pp +Setup a SPI for authentication with old ah only: +.Bd -literal +ipsecadm old ah -auth md5 -spi 1001 -dst 169.20.12.2 -src 169.20.12.3 +-key 12341234deadbeef +.Ed +.Sh SEE ALSO +.Xr services 5 , +.Xr protocols 5 , +.Xr netstat 1 , +.Xr isakmpd 8 , +.Xr ipsec 4 , +.Xr vpn 8 , +.Xr photurisd 8 diff --git a/sbin/ipsecadm/ipsecadm.c b/sbin/ipsecadm/ipsecadm.c index 3d7c6c38cf7..5869fc2a4fc 100644 --- a/sbin/ipsecadm/ipsecadm.c +++ b/sbin/ipsecadm/ipsecadm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecadm.c,v 1.4 1999/02/24 22:53:37 angelos Exp $ */ +/* $OpenBSD: ipsecadm.c,v 1.5 1999/02/24 23:32:53 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -57,8 +57,7 @@ #include #include #include -#include "net/pfkeyv2.h" -#include "netinet/ip_ipsp.h" +#include #define ESP_OLD 0x01 #define ESP_NEW 0x02 -- cgit v1.2.3