From 62a7f81f7e0297a9ee9af52443f50936fb4f2df6 Mon Sep 17 00:00:00 2001 From: Kjell Wooding Date: Wed, 7 Jul 1999 04:18:02 +0000 Subject: Add the ipsec sysctl information. --- share/man/man8/vpn.8 | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'share/man/man8') diff --git a/share/man/man8/vpn.8 b/share/man/man8/vpn.8 index 672b1b2be36..696983a88aa 100644 --- a/share/man/man8/vpn.8 +++ b/share/man/man8/vpn.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: vpn.8,v 1.19 1999/07/02 20:11:51 aaron Exp $ +.\" $OpenBSD: vpn.8,v 1.20 1999/07/07 04:18:01 kjell Exp $ .\" Copyright 1998 Niels Provos .\" All rights reserved. .\" @@ -103,6 +103,21 @@ in its structure. Note that when using DES (or 3DES), the most significant bit of each byte is ignored. This means that 8 bytes are required to form a 56-bit DES key, and 24 bytes are required to form a 168 bit 3DES key. +.Ss Enabling the Appropriate Kernel Operations +As of OpenBSD 2.5, IPSEC operations must be first enabled using +.Xr sysctl 8 . +Before creating security associations, or performing +encryption (ESP) or authentication (AH) operation, ensure the appropriate +kernel operation has been enabled: +.Bd -literal +sysctl -w net.inet.esp.enable=1 +sysctl -w net.inet.ah.enable=1 +.Ed +.Pp +For more permanent operation, these options should be enabled in your +.Xr sysctl.conf 5 . +.Pp + .Ss Creating Security Associations Before the IPSec flows can be defined, two Security Associations (SAs) must be defined on each end of the VPN, e.g.: -- cgit v1.2.3