setkey.8 (122412) | setkey.8 (125681) |
---|---|
1.\" $KAME: setkey.8,v 1.89 2003/09/07 22:17:41 itojun Exp $ | 1.\" $KAME: setkey.8,v 1.89 2003/09/07 22:17:41 itojun Exp $ |
2.\" $FreeBSD: head/sbin/setkey/setkey.8 122412 2003-11-10 10:39:14Z ume $ | 2.\" $FreeBSD: head/sbin/setkey/setkey.8 125681 2004-02-11 04:34:34Z bms $ |
3.\" 4.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright --- 236 unchanged lines hidden (view full) --- 247.It Li esp-old 248ESP based on rfc1827 249.It Li ah 250AH based on rfc2402 251.It Li ah-old 252AH based on rfc1826 253.It Li ipcomp 254IPComp | 3.\" 4.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright --- 236 unchanged lines hidden (view full) --- 247.It Li esp-old 248ESP based on rfc1827 249.It Li ah 250AH based on rfc2402 251.It Li ah-old 252AH based on rfc1826 253.It Li ipcomp 254IPComp |
255.It Li tcp 256TCP-MD5 based on rfc2385 |
|
255.El 256.\" 257.Pp 258.It Ar spi 259Security Parameter Index 260.Pq SPI 261for the SAD and the SPD. 262.Ar spi 263must be a decimal number, or a hexadecimal number with 264.Dq Li 0x 265prefix. 266SPI values between 0 and 255 are reserved for future use by IANA 267and they cannot be used. | 257.El 258.\" 259.Pp 260.It Ar spi 261Security Parameter Index 262.Pq SPI 263for the SAD and the SPD. 264.Ar spi 265must be a decimal number, or a hexadecimal number with 266.Dq Li 0x 267prefix. 268SPI values between 0 and 255 are reserved for future use by IANA 269and they cannot be used. |
270TCP-MD5 associations must use 0x1000 and therefore only have per-host 271granularity at this time. |
|
268.\" 269.Pp 270.It Ar extensions 271take some of the following: 272.Bl -tag -width Fl -compact 273.\" 274.It Fl m Ar mode 275Specify a security protocol mode for use. --- 304 unchanged lines hidden (view full) --- 580hmac-sha2-384 384 ah: 96bit ICV (no document) 581 384 ah-old: 128bit ICV (no document) 582hmac-sha2-512 512 ah: 96bit ICV (no document) 583 512 ah-old: 128bit ICV (no document) 584hmac-ripemd160 160 ah: 96bit ICV (RFC2857) 585 ah-old: 128bit ICV (no document) 586aes-xcbc-mac 128 ah: 96bit ICV (RFC3566) 587 128 ah-old: 128bit ICV (no document) | 272.\" 273.Pp 274.It Ar extensions 275take some of the following: 276.Bl -tag -width Fl -compact 277.\" 278.It Fl m Ar mode 279Specify a security protocol mode for use. --- 304 unchanged lines hidden (view full) --- 584hmac-sha2-384 384 ah: 96bit ICV (no document) 585 384 ah-old: 128bit ICV (no document) 586hmac-sha2-512 512 ah: 96bit ICV (no document) 587 512 ah-old: 128bit ICV (no document) 588hmac-ripemd160 160 ah: 96bit ICV (RFC2857) 589 ah-old: 128bit ICV (no document) 590aes-xcbc-mac 128 ah: 96bit ICV (RFC3566) 591 128 ah-old: 128bit ICV (no document) |
592tcp-md5 8 to 640 tcp: rfc2385 |
|
588.Ed 589.Pp 590Followings are the list of encryption algorithms that can be used as 591.Ar ealgo 592in 593.Fl E Ar ealgo 594of 595.Ar protocol --- 48 unchanged lines hidden (view full) --- 644 645flush ; 646 647dump esp ; 648 649spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any 650 -P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ; 651 | 593.Ed 594.Pp 595Followings are the list of encryption algorithms that can be used as 596.Ar ealgo 597in 598.Fl E Ar ealgo 599of 600.Ar protocol --- 48 unchanged lines hidden (view full) --- 649 650flush ; 651 652dump esp ; 653 654spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any 655 -P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ; 656 |
657add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ; 658 |
|
652.Ed 653.\" 654.Sh SEE ALSO 655.Xr ipsec_set_policy 3 , 656.Xr racoon 8 , 657.Xr sysctl 8 658.Rs 659.%T "Changed manual key configuration for IPsec" --- 21 unchanged lines hidden --- | 659.Ed 660.\" 661.Sh SEE ALSO 662.Xr ipsec_set_policy 3 , 663.Xr racoon 8 , 664.Xr sysctl 8 665.Rs 666.%T "Changed manual key configuration for IPsec" --- 21 unchanged lines hidden --- |