.\" $OpenBSD: ipsecadm.8,v 1.26 2000/04/22 01:50:15 angelos Exp $ .\" .\" Copyright 1997 Niels Provos .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by Niels Provos. .\" 4. The name of the author may not be used to endorse or promote products .\" derived from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" Manual page, using -mandoc macros .\" .Dd August 26, 1997 .Dt IPSECADM 8 .Os .Sh NAME .Nm ipsecadm .Nd interface to setup IPSec .Sh SYNOPSIS .Nm ipsecadm .Op command .Ar modifiers ... .Sh NOTE Before .Xr ipsecadm 8 can be used, IPSec must be enabled by setting one or more of the following .Xr sysctl 3 variables: .Bl -tag -width xxxxxxxxxxxxxxxxxxxxx .It net.inet.esp.enable Enable the ESP IPSec protocol .It net.inet.ah.enable Enable the AH IPSec protocol .El .Pp To enable these operations across reboots, see .Pa /etc/sysctl.conf . .Pp .Sh DESCRIPTION The .Nm ipsecadm utility sets up security associations in the kernel to be used with .Xr ipsec 4 . It can be used to specify the encryption and authentication algorithms and key material for the network layer security provided by IPSec. The possible commands are: .Bl -tag -width new_esp .It new esp Setup a Security Association (SA) which uses the new esp transforms. A SA consists of the destination address, a Security Parameter Index (SPI) and a security protocol. Encryption and authentication algorithms can be applied. This is the default mode. Allowed modifiers are: .Fl dst , .Fl src , .Fl proxy , .Fl spi , .Fl enc , .Fl auth , .Fl authkey , .Fl authkeyfile , .Fl forcetunnel , .Fl key , and .Fl keyfile . .It old esp Setup a SA which uses the old esp transforms. Only encryption algorithms can be applied. Allowed modifiers are: .Fl dst , .Fl src , .Fl proxy , .Fl spi , .Fl enc , .Fl halfiv , .Fl forcetunnel , .Fl key , and .Fl keyfile . .It new ah Setup a SA which uses the new ah transforms. Authentication will be done with HMAC using the specified hash algorithm. Allowed modifiers are: .Fl dst , .Fl src , .Fl proxy , .Fl spi , .Fl forcetunnel , .Fl auth , .Fl key , and .Fl keyfile . .It old ah Setup a SA which uses the old ah transforms. Simple keyed hashes will be used for authentication. Allowed modifiers are: .Fl dst , .Fl src , .Fl proxy , .Fl spi , .Fl forcetunnel , .Fl auth , .Fl key , and .Fl keyfile . .It ip4 Setup an SA which uses the IP-in-IP encapsulation protocol. This mode offers no security services by itself, but can be used to route other (experimental or otherwise) protocols over an IP network. The SPI value is not used for anything other than referencing the information, and does not appear on the wire. Unlike other setups, like new esp, there is no necessary setup in the receiving side. Allowed modifiers are: .Fl dst , .Fl src , and .Fl spi . .It delspi The specified SA will be deleted. Allowed modifiers are: .Fl dst , .Fl spi , .Fl proto , and .Fl chain . .It group Group two SAs together. Allowed modifiers are: .Fl dst , .Fl spi , .Fl proto , .Fl dst2 , .Fl spi2 , and .Fl proto2 . .It flow Create a flow determining which packets are routed via which Security Association, or (for ingress flows) which packets may be received over an incoming SA. Allowed modifiers are: .Fl dst , .Fl spi , .Fl proto , .Fl addr , .Fl transport , .Fl sport , .Fl dport , .Fl delete , .Fl ingress , and .Fl bypass . The .Xr netstat 1 command shows the existing egress (outbound) flows. A .Nm bypass flow is used to specify a flow for which IPSec processing will be bypassed, i.e packets will not be processed by any SAs. For .Nm bypass flows, additional modifiers are restricted to: .Fl addr , .Fl transport , .Fl sport , .Fl dport , and .Fl delete . These flows always have SPI 0, destination 0.0.0.0 and protocol 0. .It bind Associate an incoming Security Association with an outgoing Security Association. When a socket receives packets secured by the incoming SA all responses will be processed by the outgoing SA. Allowed modifiers are: .Fl dst , .Fl spi , .Fl proto , .Fl dst2 , .Fl spi2 , and .Fl proto2 . The IP address 0.0.0.0 can be used as wildcard for .Fl src and .Fl dst . This can be useful while travelling where the IP address of potential clients is not known. .It flush Flush SAs from from kernel. This includes flushing any flows and routing entries associated with the SAs. Allowed modifiers are: .Fl ah , .Fl esp , .Fl oldah , .Fl oldesp , and .Fl ip4 . Default action is to flush all types of security associations from the kernel. .El .Pp If no command is given .Xr ipsecadm 1 defaults to new esp mode. .Pp The modifiers have the following meanings: .Bl -tag -width xxxx -offset indent .It Fl src The source IP address for the SA. This is necessary for incoming SAs to avoid source address spoofing between mutually suspicious hosts that have established SAs with us. For outgoing SAs, this field is used to fill in the source address when doing tunneling. .It Fl dst The destination IP address for the SA. .It Fl proxy This IP address, if provided, is checked against the inner IP address when doing tunneling to a firewall, to prevent source spoofing attacks. It is strongly recommended that this option is provided when applicable. It is applicable in a scenario when host A is using IPsec to communicate with firewall B, and through that to host C. In that case, the proxy address for the incoming SA should be C. This option is not necessary for outgoing SAs. .It Fl spi The Security Parameter Index (SPI). .It Fl tunnel This option has been deprecated. The arguments are ignored, and it otherwise has the same effect as the .Nm forcetunnel option. .It Fl newpadding This option has been deprecated. .It Fl forcetunnel Force IP-inside-IP encapsulation before ESP or AH processing is performed for outgoing packets. The source/destination addresses of the outgoing IP packet will be those provided in the .Nm src and .Nm dst options. Notice that the IPsec stack will perform IP-inside-IP encapsulation when deemed necessary, even if this flag has not been set. .It Fl enc The encryption algorithm to be used with the SA. Possible values are: .Bl -tag -width skipjack .It Nm des This is available for both old and new esp. Notice that hardware crackers for DES can be (and have been) built for US$250,000 (in 1998). Use DES for encryption of critical information at your own risk. We suggest using 3DES instead. DES support is kept for interoperability (with old implementations) purposes only. See .Xr des_cipher 3 . .It Nm 3des This is available for both old and new esp. It is considered more secure than straight DES, since it uses larger keys. .It Nm blf Blowfish encryption is available only in new esp. See .Xr blf_key 3 . .It Nm cast CAST encryption is available only in new esp. .It Nm skipjack SKIPJACK encryption is available only in new esp. This algorithm designed by the NSA and is faster than 3DES. However, since it was designed by the NSA it is a poor choice. .El .Pp .It Fl auth The authentication algorithm to be used with the SA. Possible values are: .Nm md5 and .Nm sha1 for both old and new ah and also new esp. Also .Nm rmd160 for both new ah and esp. .It Fl key The secret symmetric key used for encryption and authentication. The size for .Nm des and .Nm 3des is fixed to 8 and 24 respectively. For other ciphers like .Nm cast or .Nm blf the key length can be variable. The .Nm key should be given in hexadecimal digits. The .Nm key should be chosen in random (ideally, using some true-random source like coin flipping). It is very important that the key is not guessable. One practical way of generating keys is by using the .Xr random 4 device (e.g., dd if=/dev/urandom bs=1024 count=1 | sha1) .It Fl keyfile Read the key from a file. May be used instead of the .Fl key flag, and has the same syntax considerations. .It Fl authkey The secret key material used for authentication if additional authentication in new esp mode is required. For old or new ah the key material for authentication is passed with the .Nm key option. The .Nm key should be given in hexadecimal digits. The .Nm key should be chosen in random (ideally, using some true-random source like coin flipping). It is very important that the key is not guessable. One practical way of generating keys is by using the .Xr random 4 device (e.g., dd if=/dev/urandom bs=1024 count=1 | sha1) .It Fl authkeyfile Read the authkey from a file. May be used instead of the .Fl authkey flag, and has the same syntax considerations. .It Fl iv This option has been deprecated. The argument is ignored. When applicable, it has the same behaviour as the .Nm halfiv option. .It Fl halfiv This option causes use of a 4 byte IV in old ESP (as opposed to 8 bytes). It may only be used with old ESP. .It Fl proto The security protocol needed by .Nm delspi , .Nm flow , .Nm group or .Nm bind to uniquely specify the SA. The default value is 50 which means .Nm IPPROTO_ESP . Other accepted values are 51 .Nm ( IPPROTO_AH ) , and 4 .Nm ( IPPROTO_IP ) . One can also specify the symbolic names "esp", "ah", and "ip4", case insensitive. .It Fl chain Delete the whole SPI chain, otherwise delete only the SPI given. .It Fl dst2 The second IP destination address used by .Nm group . .It Fl spi2 The second SPI used by .Nm group . .It Fl proto2 The second security protocol used by .Nm group . It defaults to .Nm IPPROTO_AH . Other accepted values are 50 .Nm ( IPPROTO_ESP ) , and 4 .Nm ( IPPROTO_IP ) . One can also specify the symbolic names "esp", "ah", and "ip4", case insensitive. .It Fl addr The source address, source network mask, destination address and destination network mask against which packets need to match to use the specified Security Association. All addresses must be of the same address family (IPv4 or IPv6). .It Fl transport The protocol number which packets need to match to use the specified Security Association. By default the protocol number is not used for matching. Instead of a number, a valid protocol name that appears in .Xr protocols 5 can be used. .It Fl sport The source port which packets have to match for the flow. By default the source port is not used for matching. Instead of a number, a valid service name that appears in .Xr services 5 can be used. .It Fl dport The destination port which packets have to match for the flow. By default the source port is not used for matching. Instead of a number, a valid service name that appears in .Xr services 5 can be used. .It Fl delete Instead of creating a flow, an existing flow is deleted. .It Fl ingress For .Nm flow , create or delete an .Nm ingress flow. An SA's .Nm ingress flows specify the types of packets that may be accepted over that SA, if the sysctl variable .Bl -tag -width xxxxxxxxxxxxxxxxxxxxx .It net.inet.ip.ipsec-acl .El .Pp is set to any non-zero value. .It Fl bypass For .Nm flow , create or delete a .Nm bypass flow. Packets matching this flow will not be processed by IPSec. For .Nm flush , only flush SAs of type bypass. .It Fl ah For .Nm flush , only flush SAs of type ah. .It Fl esp For .Nm flush , only flush SAs of type esp. .It Fl oldah For .Nm flush , only flush SAs of type old ah. .It Fl oldesp For .Nm flush , only flush SAs of type old esp. .It Fl ip4 For .Nm flush , only flush SAs of type ip4. .El .Sh EXAMPLES Setup a SA which uses new esp with 3des encryption and HMAC-SHA1 authentication: .Bd -literal ipsecadm new esp -enc 3des -auth sha1 -spi 1001 -dst 169.20.12.2 \e\ -src 169.20.12.3 \e\ -key 638063806380638063806380638063806380638063806380 \e\ -authkey 1234123412341234123412341234123412341234 .Ed .Pp Setup a SA for authentication with old ah only: .Bd -literal ipsecadm old ah -auth md5 -spi 1001 -dst 169.20.12.2 -src 169.20.12.3 \e\ -key 12341234deadbeef .Ed .Pp Setup a flow using the above SA: .Bd -literal ipsecadm flow -dst 169.20.12.2 -spi 1001 -proto ah \e\ -addr 10.1.1.0 255.255.255.0 10.0.0.0 255.0.0.0 .Ed .Pp Setup an inbound SA: .Bd -literal ipsecadm new esp -enc blf -auth md5 -spi 1002 -dst 169.20.12.3 \e\ -src 169.20.12.2 \e\ -key abadbeef15deadbeefabadbeef15deadbeefabadbeef15deadbeef \e\ -authkey 12349876432167890192837465098273 .Ed .Pp Setup an ingress flow on for the inbound SA: .Bd -literal ipsecadm flow -addr 10.0.0.0 255.0.0.0 10.1.1.0 255.255.255.0 \e\ -dst 10.10.32.1 -spi 1002 -proto esp -ingress .Ed .Pp Setup a bypass flow: .Bd -literal ipsecadm flow -bypass \e\ -addr 10.1.1.0 255.255.255.0 10.1.1.0 255.255.255.0 .Ed .Pp Delete all esp SAs and their flows and routing information: .Bd -literal ipsecadm flush -esp .Ed .Sh SEE ALSO .Xr netstat 1 , .Xr enc 4 , .Xr ipsec 4 , .Xr protocols 5 , .Xr services 5 , .Xr isakmpd 8 , .Xr photurisd 8 , .Xr vpn 8