summaryrefslogtreecommitdiff
path: root/sbin/ipsecadm/ipsecadm.8
blob: 948efd103d003c247af6f2a8849c472ff9d7ea85 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
.\" $OpenBSD: ipsecadm.8,v 1.63 2003/12/02 23:16:29 markus Exp $
.\"
.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"      This product includes software developed by Niels Provos.
.\" 4. The name of the author may not be used to endorse or promote products
.\"    derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd August 26, 1997
.Dt IPSECADM 8
.Os
.Sh NAME
.Nm ipsecadm
.Nd interface to set up IPsec
.Sh SYNOPSIS
.Nm ipsecadm
.Op command
.Ar modifiers ...
.Sh NOTE
To use
.Nm ipsecadm ,
IPsec must be enabled by having one or more of the following
.Xr sysctl 3
variables set:
.Bl -tag -offset 4n -width xxxxxxxxxxxxxxxxxxxxxx
.It net.inet.esp.enable
Enable the ESP IPsec protocol
.It net.inet.ah.enable
Enable the AH IPsec protocol
.It net.inet.ipcomp.enable
Enable the IPComp protocol
.El
.Pp
Both the ESP and AH protocols are enabled by default.
To keep local modifications of these variables across reboots, see
.Xr sysctl.conf 5 .
.Sh DESCRIPTION
The
.Nm ipsecadm
utility sets up security associations in the kernel
to be used with
.Xr ipsec 4 .
It can be used to specify the encryption and authentication
algorithms and key material for the network layer security
provided by IPsec.
The possible commands are:
.Bl -tag -width new_esp
.It new esp
Set up a Security Association (SA) which uses the new esp transforms.
A SA consists of the destination address,
a Security Parameter Index (SPI) and a security protocol.
Encryption and authentication algorithms can be applied.
This is the default mode.
Allowed
modifiers are:
.Fl dst ,
.Fl src ,
.Fl proxy ,
.Fl spi ,
.Fl enc ,
.Fl srcid_type ,
.Fl srcid ,
.Fl dstid_type ,
.Fl dstid ,
.Fl auth ,
.Fl authkey ,
.Fl authkeyfile ,
.Fl forcetunnel ,
.Fl udpencap ,
.Fl key ,
and
.Fl keyfile .
.It old esp
Set up an SA which uses the old esp transforms.
Only encryption algorithms can be applied.
Allowed modifiers are:
.Fl dst ,
.Fl src ,
.Fl proxy ,
.Fl spi ,
.Fl enc ,
.Fl srcid_type ,
.Fl srcid ,
.Fl dstid_type ,
.Fl dstid ,
.Fl halfiv ,
.Fl forcetunnel ,
.Fl key ,
and
.Fl keyfile .
.It new ah
Set up an SA which uses the new ah transforms.
Authentication will be done with HMAC using the specified hash algorithm.
Allowed modifiers are:
.Fl dst ,
.Fl src ,
.Fl proxy ,
.Fl spi ,
.Fl srcid_type ,
.Fl srcid ,
.Fl dstid_type ,
.Fl dstid ,
.Fl forcetunnel ,
.Fl auth ,
.Fl key ,
and
.Fl keyfile .
.It old ah
Set up an SA which uses the old ah transforms.
Simple keyed hashes will be used for authentication.
Allowed modifiers are:
.Fl dst ,
.Fl src ,
.Fl proxy ,
.Fl spi ,
.Fl srcid_type ,
.Fl srcid ,
.Fl dstid_type ,
.Fl dstid ,
.Fl forcetunnel ,
.Fl auth ,
.Fl key ,
and
.Fl keyfile .
.It group
Group two SAs together, such that whenever the first one is applied, the
second one will be applied as well (SA bundle).
Arbitrarily long SA bundles can thus be created.
Note that the last SA in the bundle is the one that is applied last.
Thus, if an ESP and an AH SA are bundled together (in that order), then
the resulting packet will have an AH header, followed by an ESP header,
followed by the encrypted payload.
Allowed modifiers are:
.Fl dst ,
.Fl spi ,
.Fl proto ,
.Fl dst2 ,
.Fl spi2 ,
and
.Fl proto2 .
.It ip4
Set up an SA which uses the IP-in-IP encapsulation protocol.
This mode
offers no security services by itself, but can be used to route other
(experimental or otherwise) protocols over an IP network.
The SPI value
is not used for anything other than referencing the information, and
does not appear on the wire.
Unlike other setups, like new esp, there
is no necessary setup in the receiving side.
Allowed modifiers are:
.Fl dst ,
.Fl src ,
and
.Fl spi .
.It delspi
The specified SA will be deleted.
Allowed modifiers are:
.Fl dst ,
.Fl spi ,
and
.Fl proto .
.It flow
Create a flow determining what security parameters a packet should
have (input or output).
Allowed modifiers are:
.Fl src ,
.Fl dst ,
.Fl proto ,
.Fl addr ,
.Fl transport ,
.Fl sport ,
.Fl dport ,
.Fl delete ,
.Fl in ,
.Fl out ,
.Fl srcid ,
.Fl dstid ,
.Fl srcid_type ,
.Fl dstid_type ,
.Fl acquire ,
.Fl require ,
.Fl dontacq ,
.Fl use ,
.Fl bypass ,
.Fl permit
and
.Fl deny .
The
.Xr netstat 1
command shows all specified flows.
Flows are directional, and the
.Fl in
and
.Fl out
modifiers are used to specify the direction.
By default, flows are assumed to apply to outgoing packets.
The kernel will attempt to find an appropriate
Security Association from those already present (an SA that matches
the destination address, if set, and the security protocol).
If the destination address is set to all zeroes (0.0.0.0) or left
unspecified, the destination address from the packet will be used
to locate an SA (the source address is used for incoming flows).
For incoming flows, the destination address (if specified) should
point to the expected source of the SA (the remote SA peer).
If no such SA exists, key management daemons will be used to generate
them if
.Fl acquire
or
.Fl require
were used.
If
.Fl acquire
was used, traffic will be allowed out (or in) and IPsec will be used
when the relevant SAs have been established.
If
.Fl require
was used, traffic will not be allowed in or out until it is protected
by IPsec.
If
.Fl dontacq
was used, traffic will not be allowed in or out until it is protected
by IPsec, but key management will not be asked to provide such an SA.
The
.Fl proto
argument (by default set to
.Nm esp )
will be used to determine what type of SA should be established.
A
.Nm bypass
or
.Nm permit
flow is used to specify a flow for which IPsec processing will be
bypassed, i.e packets will/need not be processed by any SAs.
For
.Nm bypass
or
.Nm permit
flows, additional modifiers are restricted to:
.Fl addr ,
.Fl transport ,
.Fl sport ,
.Fl dport ,
.Fl in ,
.Fl out ,
and
.Fl delete .
A
.Nm deny
flow is used to specify classes of packets that must be dropped
(either on output or input) without further processing.
.Nm deny
takes the same additional modifiers as
.Nm bypass .
.It flush
Flush SAs from kernel.
This includes flushing any flows and
routing entries associated with the SAs.
Allowed modifiers are:
.Fl ah ,
.Fl esp ,
.Fl oldah ,
.Fl oldesp ,
.Fl ip4 ,
and
.Fl ipcomp .
Default action is to flush all types of security associations
from the kernel.
.It show
Show SAs from kernel.
Allowed modifiers are:
.Fl ah ,
.Fl esp ,
.Fl oldah ,
.Fl oldesp ,
.Fl ip4 ,
and
.Fl ipcomp .
Default action is to show all types of security associations
from the kernel.
.It monitor
Continuously display all
.Dv PF_KEY
messages exchanged with
the kernel.
.It ipcomp
Set up an IP Compression Association (IPCA) which will use the IPcomp
transforms.
Just like an SA, an IPCA consists of the destination
address, a Compression Parameter Index (CPI) and a protocol (which is
fixed to IPcomp).
Compression algorithms are applied.
Allowed modifiers are:
.Fl dst ,
.Fl src ,
.Fl cpi ,
.Fl comp ,
and
.Fl forcetunnel .
To create an IPsec SA using compression, an IPCA and an SA must first
be created.
After this an IPCA/SA bundle must be created using the
.Nm group
keyword.
The IPCA must be applied first.
.El
.Pp
If no command is given
.Nm ipsecadm
defaults to new esp mode.
.Pp
The modifiers have the following meanings:
.Bl -tag -width xxxx -offset indent
.It Fl src
The source IP address for the SA.
This is necessary for incoming
SAs to avoid source address spoofing between mutually
suspicious hosts that have established SAs with us.
For outgoing SAs,
this field is used to fill in the source address when doing tunneling.
.It Fl dst
The destination IP address for the SA.
.It Fl dst2
The second IP address used by
.Nm group .
.It Fl proxy
This IP address, if provided, is checked against the inner IP address when
doing tunneling to a firewall, to prevent source spoofing attacks.
It is
strongly recommended that this option is provided when applicable.
It is
applicable in a scenario when host A is using IPsec to communicate with
firewall B, and through that to host C.
In that case, the proxy address for
the incoming SA should be C.
This option is not necessary for outgoing SAs.
.It Fl spi
The Security Parameter Index (SPI), given as a hexadecimal number.
.It Fl spi2
The second SPI used by
.Nm group .
.It Fl cpi
The Compression Parameter Index (CPI), given as a 16 bit hexadecimal number.
.It Fl tunnel
This option has been deprecated.
The arguments are ignored, and it otherwise has the same effect as the
.Nm forcetunnel
option.
.It Fl newpadding
This option has been deprecated.
.It Fl forcetunnel
Force IP-inside-IP encapsulation before ESP or AH processing is performed for
outgoing packets.
The source/destination addresses of the outgoing IP packet
will be those provided in the
.Nm src
and
.Nm dst
options.
Notice that the IPsec stack will perform IP-inside-IP encapsulation
when deemed necessary, even if this flag has not been set.
.It Fl udpencap
Enable ESP-inside-UDP encapsulation.
The UDP destination port must be specified on the command line.
This port will be used for sending encapsulated UDP packets.
.It Fl enc
The encryption algorithm to be used with the SA.
Possible values are:
.Bl -tag -width skipjack
.It Nm des
This is available for both old and new esp.
Notice that hardware crackers for DES can be (and have been) built for
US$250,000 (in 1998).
Use DES for encryption of critical information at your own risk.
We suggest using 3DES or AES instead.
DES support is kept for interoperability
(with old implementations) purposes only.
See
.Xr des_cipher 3 .
.It Nm 3des
This is available for both old and new esp.
It is considered more secure than straight DES, since it uses larger
keys.
.It Nm aes
Rijndael encryption is available only in new esp.
.It Nm blf
Blowfish encryption is available only in new esp.
See
.Xr blf_key 3 .
.It Nm cast
CAST encryption is available only in new esp.
.It Nm skipjack
SKIPJACK encryption is available only in new esp.
This algorithm was designed by the NSA and is faster than 3DES.
However, since it was designed by the NSA
it is a poor choice.
.El
.Pp
.It Fl auth
The authentication algorithm to be used with the SA.
Possible values are:
.Nm md5
and
.Nm sha1
for both old and new ah and also new esp.
Also
.Nm rmd160 ,
.Nm sha2-256 ,
.Nm sha2-384 ,
.Nm sha2-512
for both new ah and esp.
.It Fl comp
The compression algorithm to be used with the IPCA.
Possible values are:
.Nm deflate
and
.Nm lzs .
Note that
.Nm lzs
is only available with
.Xr hifn 4
because of the patent held by Hifn, Inc.
.It Fl key
The secret symmetric key used for encryption and authentication.
The size for
.Nm des
and
.Nm 3des
is fixed to 8 and 24 respectively.
For other ciphers like
.Nm cast ,
.Nm aes ,
or
.Nm blf
the key length can vary (depending on the algorithm).
The
.Nm key
should be given in hexadecimal digits.
The
.Nm key
should be chosen at random (ideally, using some true-random source like
coin flipping).
It is very important that the key is not guessable.
One practical way of generating 160-bit (20-byte) keys is as follows:
.Bd -literal
	$ openssl rand 20 | hexdump -e '20/1 "%02x"'
.Ed
.It Fl keyfile
Read the key from a file.
May be used instead of the
.Fl key
flag, and has the same syntax considerations.
.It Fl authkey
The secret key material used for authentication
if additional authentication in new esp mode is required.
For old or new ah the key material for authentication is passed with the
.Nm key
option.
The
.Nm key
should be given in hexadecimal digits.
The
.Nm key
should be chosen at random (ideally, using some true-random source like
coin flipping).
It is very important that the key is not guessable.
One practical way of generating 160-bit (20-byte) keys is as follows:
.Bd -literal
	$ openssl rand 20 | hexdump -e '20/1 "%02x"'
.Ed
.It Fl authkeyfile
Read the authkey from a file.
May be used instead of the
.Fl authkey
flag, and has the same syntax considerations.
.It Fl iv
This option has been deprecated.
The argument is ignored.
When applicable, it has the same behaviour as the
.Nm halfiv
option.
.It Fl halfiv
This option causes use of a 4 byte IV in old ESP (as opposed to 8 bytes).
It may only be used with old ESP.
.It Fl proto
The security protocol needed by
.Nm delspi
or
.Nm flow ,
to uniquely specify the SA.
The default value is 50 which means
.Nm IPPROTO_ESP .
Other accepted values are 51
.Nm ( IPPROTO_AH ) ,
and 4
.Nm ( IPPROTO_IP ) .
One can also specify the symbolic names "esp", "ah", and "ip4",
case insensitive.
.It Fl proto2
The second security protocol used by
.Nm group .
It defaults to
.Nm IPPROTO_AH ,
otherwise takes the same values as
.Fl proto .
.It Fl addr
The source address, source network mask, destination address and destination
network mask against which packets need to match to use the specified
Security Association.
Alternatively, addresses and masks can be specified as
.Dq Li source/prefixlen destination/prefixlen .
All addresses must be of the same address family
(IPv4 or IPv6).
.It Fl transport
The protocol number which packets need to match to use the specified
Security Association.
By default the protocol number is not used for matching.
Instead of a number, a valid protocol name that appears in
.Xr protocols 5
can be used.
.It Fl sport
The source port which packets have to match for the flow.
By default the source port is not used for matching.
Instead of a number, a valid service name that appears in
.Xr services 5
can be used.
.It Fl dport
The destination port which packets have to match for the flow.
By default the source port is not used for matching.
Instead of a number, a valid service name that appears in
.Xr services 5
can be used.
.It Fl srcid
For flow, used to specify what local identity key management
should use when negotiating the SAs.
If left unspecified, the source address of the flow is used
(see the discussion on
.Nm flow
above, with regard to source address).
.It Fl dstid
For flow, used to specify what the remote identity key management
should expect is.
If left unspecified, the destination address of the flow is used
(see the discussion on
.Nm flow
above, with regard to destination address).
.It Fl srcid_type
For flow, used to specify the type of identity given by
.Fl srcid .
Valid values are
.Nm prefix ,
.Nm fqdn ,
and
.Nm ufqdn .
The
.Nm prefix
type implies an IPv4 or IPv6 address followed by a forward slash
character and a decimal number indicating the number of important bits
in the address (equivalent to a netmask, in IPv4 terms).
Key management then has to pick a local identity that falls within the
address space indicated.
The
.Nm fqdn
and
.Nm ufqdn
types are DNS-style host names and mailbox-format user
addresses, respectively, and are especially useful for mobile user
scenarios.
Note that no validity checking on the identities is done.
.It Fl dstid_type
See
.Fl srcid_type .
.It Fl delete
Instead of creating a flow, an existing flow is deleted.
.It Fl bypass
For
.Nm flow ,
create or delete a
.Nm bypass
flow.
Packets matching this flow will not be processed by IPsec.
.It Fl permit
Same as
.Fl bypass .
.It Fl deny
For
.Nm flow ,
create or delete a
.Nm deny
flow.
Packets matching this flow will be dropped.
.It Fl use
For
.Nm flow ,
specify that packets matching this flow should try to use IPsec if
possible.
.It Fl acquire
For
.Nm flow ,
specify that packets matching this flow should try to use IPsec and
establish SAs dynamically if possible, but permit unencrypted
traffic.
.It Fl require
For
.Nm flow ,
specify that packets matching this flow must use IPsec, and establish
SAs dynamically as needed.
If no SAs are established, traffic is not allowed through.
.It Fl dontacq
For
.Nm flow ,
specify that packets matching this flow must use IPsec.
If such SAs are not present, simply drop the packets.
Such a policy may be used to demand peers establish SAs before they
can communicate with us, without going through the burden of
initiating the SA ourselves (thus allowing for some denial of service
attacks).
This flow type is particularly suitable for security gateways.
.It Fl in
For
.Nm flow ,
specify that it should be used to match incoming packets only.
.It Fl out
For
.Nm flow ,
specify that it should be used to match outgoing packets only.
.It Fl ah
For
.Nm flush ,
only flush SAs of type ah.
.It Fl esp
For
.Nm flush ,
only flush SAs of type esp.
.It Fl oldah
For
.Nm flush ,
only flush SAs of type old ah.
.It Fl oldesp
For
.Nm flush ,
only flush SAs of type old esp.
.It Fl ip4
For
.Nm flush ,
only flush SAs of type ip4.
.El
.Sh EXAMPLES
Set up an SA which uses new esp with 3des encryption and HMAC-SHA1
authentication:
.Bd -literal
# ipsecadm new esp -enc 3des -auth sha1 -spi 100a -dst 169.20.12.2 \\
	-src 169.20.12.3 \\
	-key 638063806380638063806380638063806380638063806380 \\
	-authkey 1234123412341234123412341234123412341234
.Ed
.Pp
Set up an SA for authentication with old ah only:
.Bd -literal
# ipsecadm old ah -auth md5 -spi 10f2 -dst 169.20.12.2 -src 169.20.12.3 \\
	-key 12341234deadbeef
.Ed
.Pp
Set up a flow requiring use of AH:
.Bd -literal
# ipsecadm flow -dst 169.20.12.2 -proto ah \\
	-addr 10.1.1.0/24 10.0.0.0/24 -out -require
.Ed
.Pp
Set up an inbound SA:
.Bd -literal
# ipsecadm new esp -enc blf -auth md5 -spi 1002 -dst 169.20.12.3 \\
	-src 169.20.12.2 \\
	-key abadbeef15deadbeefabadbeef15deadbeefabadbeef15deadbeef \\
	-authkey 12349876432167890192837465098273
.Ed
.Pp
Set up an ingress flow for the inbound SA:
.Bd -literal
# ipsecadm flow -addr 10.0.0.0/8 10.1.1.0/24 \\
	-dst 169.20.12.2 -proto esp -in -require
.Ed
.Pp
Set up a bypass flow:
.Bd -literal
# ipsecadm flow -bypass -out \\
	-addr 10.1.1.0/24 10.1.1.0/24
.Ed
.Pp
Delete all esp SAs and their flows and routing information:
.Bd -literal
# ipsecadm flush -esp
.Ed
.Sh SEE ALSO
.Xr netstat 1 ,
.Xr enc 4 ,
.Xr ipsec 4 ,
.Xr protocols 5 ,
.Xr services 5 ,
.Xr sysctl.conf 5 ,
.Xr isakmpd 8 ,
.Xr vpn 8