NameDateSize

..Today70

app.cH A D03-Feb-20172.1 KiB

app.hH A D15-Apr-20041.7 KiB

attribute.cH A D03-Feb-20173.6 KiB

attribute.hH A D14-May-20042 KiB

BUGSH A D22-Aug-20171.8 KiB

cert.cH A D20-Mar-20134.3 KiB

cert.hH A D15-Jan-20153.7 KiB

conf.cH A D27-Oct-201727.7 KiB

conf.hH A D30-Aug-20064 KiB

connection.cH A D15-Jan-201812 KiB

connection.hH A D15-Apr-20042.1 KiB

constants.cH A D08-Apr-20052.8 KiB

constants.hH A D15-Apr-20042 KiB

cookie.cH A D03-Feb-20172.7 KiB

cookie.hH A D14-May-20041.7 KiB

crypto.cH A D15-Jan-20188.7 KiB

crypto.hH A D19-Oct-20105.1 KiB

DESIGN-NOTESH A D02-Jun-200616 KiB

dh.cH A D31-Mar-202317.6 KiB

dh.hH A D08-Nov-20171.7 KiB

dnssec.cH A D17-Oct-20217.6 KiB

dnssec.hH A D14-May-20041.7 KiB

doi.cH A D20-Mar-20131.9 KiB

doi.hH A D08-Apr-20053.8 KiB

dpd.cH A D05-Dec-201710.2 KiB

dpd.hH A D26-Oct-20051.6 KiB

exchange.cH A D15-Jan-201852.4 KiB

exchange.hH A D15-Jan-20189.1 KiB

exchange_num.cstH A D02-Jun-20061.8 KiB

field.cH A D02-Apr-20176.1 KiB

field.hH A D23-May-20042.1 KiB

genconstants.shH A D21-Jan-20142.7 KiB

genfields.shH A D21-Jan-20144.1 KiB

hash.cH A D15-Oct-20154.8 KiB

hash.hH A D10-Jun-20062.7 KiB

if.cH A D29-Jun-20192 KiB

if.hH A D15-Apr-20041.7 KiB

ike_aggressive.cH A D15-Jan-20185.2 KiB

ike_aggressive.hH A D23-May-20041.7 KiB

ike_auth.cH A D08-Jul-202031 KiB

ike_auth.hH A D15-Apr-20041.9 KiB

ike_main_mode.cH A D15-Jan-20183.5 KiB

ike_main_mode.hH A D23-May-20041.7 KiB

ike_phase_1.cH A D03-Oct-201840 KiB

ike_phase_1.hH A D15-Apr-20042.5 KiB

ike_quick_mode.cH A D01-Apr-202358.4 KiB

ike_quick_mode.hH A D15-Apr-20041.7 KiB

init.cH A D17-Oct-20213.6 KiB

init.hH A D15-Apr-20041.6 KiB

ipsec.cH A D21-Dec-202367.5 KiB

ipsec.hH A D08-Nov-20175 KiB

ipsec_doi.hH A D15-Apr-20041.8 KiB

ipsec_fld.fldH A D03-Jun-20032.4 KiB

ipsec_num.cstH A D23-Oct-20215.6 KiB

isakmp.hH A D20-Jun-20042.4 KiB

isakmp_cfg.cH A D15-Jan-201826.7 KiB

isakmp_cfg.hH A D23-May-20041.9 KiB

isakmp_doi.cH A D18-Oct-20107 KiB

isakmp_doi.hH A D15-Apr-20041.6 KiB

isakmp_fld.fldH A D20-Jun-20043.7 KiB

isakmp_num.cstH A D25-Jun-20056.3 KiB

isakmpd.8H A D31-Aug-201921 KiB

isakmpd.cH A D09-Mar-202311.9 KiB

isakmpd.conf.5H A D09-Aug-202337 KiB

isakmpd.policy.5H A D06-Feb-202222.4 KiB

key.cH A D17-Oct-20214.2 KiB

key.hH A D15-Nov-20051.5 KiB

libcrypto.hH A D17-Oct-20211.8 KiB

log.cH A D29-Apr-202416.5 KiB

log.hH A D22-Dec-20083.6 KiB

MakefileH A D17-Oct-20213.5 KiB

message.cH A D04-Apr-201672.4 KiB

message.hH A D15-Jan-20186.4 KiB

monitor.cH A D09-Feb-202318.2 KiB

monitor.hH A D22-Dec-20082.4 KiB

monitor_fdpass.cH A D29-Feb-20163.2 KiB

nat_traversal.cH A D05-Dec-201711.5 KiB

nat_traversal.hH A D25-Jul-20052 KiB

pf_key_v2.cH A D07-Aug-202388 KiB

pf_key_v2.hH A D29-May-20062.5 KiB

policy.cH A D29-Apr-202460 KiB

policy.hH A D05-Aug-20073 KiB

prf.cH A D20-Mar-20134.3 KiB

prf.hH A D15-Apr-20042.3 KiB

QUESTIONSH A D05-Nov-20031.7 KiB

READMEH A D02-Sep-20163.3 KiB

sa.cH A D28-Jan-202234 KiB

sa.hH A D07-Aug-20239.1 KiB

sysdep/HToday4

timer.cH A D05-Dec-20173.9 KiB

timer.hH A D05-Dec-20172.1 KiB

TO-DOH A D28-Aug-20033.6 KiB

transport.cH A D28-Jan-202111.6 KiB

transport.hH A D28-Jan-20225.3 KiB

udp.cH A D22-Jul-200813.9 KiB

udp.hH A D25-Feb-20051.9 KiB

udp_encap.cH A D17-Jan-202212.3 KiB

udp_encap.hH A D04-Mar-20051.6 KiB

ui.cH A D25-Oct-202114.7 KiB

ui.hH A D31-Aug-20061.8 KiB

util.cH A D29-Jun-201913.4 KiB

util.hH A D05-Dec-20172.7 KiB

vendor.cH A D08-Nov-20173.6 KiB

vendor.hH A D26-Mar-20071 KiB

virtual.cH A D29-Jun-201919.9 KiB

virtual.hH A D20-Jun-20041.8 KiB

x509.cH A D29-Apr-202433.3 KiB

x509.hH A D05-Aug-20073.4 KiB

README

1$OpenBSD: README,v 1.20 2016/09/02 12:17:32 tb Exp $
2$EOM: README,v 1.28 1999/10/10 22:53:24 angelos Exp $
3
4This is isakmpd, a BSD-licensed ISAKMP/Oakley (a.k.a. IKE)
5implementation.  It's written by Niklas Hallqvist and Niels Provos,
6funded by Ericsson Radio Systems AB.  Isakmpd's home is in the
7OpenBSD main source tree under src/sbin/isakmpd.  Look at
8https://www.openbsd.org/ for details on how to get OpenBSD source.
9
10Isakmpd is being developed under OpenBSD, with OpenBSD as its primary
11target, however, it is ported to Linux with FreeS/WAN IPsec.  The
12makefile support assumes a BSD environment nonetheless as it is not too
13hard to get such an environment to work under other operating systems.
14For example, Red Hat 5.2 shipped with pmake installed.  Read sysdep/README
15for further details about this issue.  Other systems isakmpd has been
16ported to, but no code has been made available for, includes Solaris
17and Win32s.  I mention this just because it shows that the code is
18fairly portable.
19
20First edit the Makefile in a manner you see fit.  Specifically the OS
21define is important to get right of course.
22Assuming you have an OpenBSD /usr/share/mk and use the OpenBSD (or
23similar) make(1), you build isakmpd this way:
24
25make obj && make depend && make
26
27Then obj/isakmpd will be the daemon.  I suggest you try it by running
28under gdb with args similar to:
29	-d -n -p5000 -DA=99 -f/tmp/isakmpd.fifo -csamples/VPN-east.conf
30
31That will run isakmpd in the foreground, not connected to any application
32(like an IPsec implementation) logging to stderr with full debugging output,
33listening on UDP port 5000, accepting control commands via the named pipe
34called /tmp/isakmpd.fifo and reading its configuration from the
35VPN-east.conf file (found in the isakmpd/samples directory).
36
37If you are root you can try to run without -n -p5000 thus getting it to
38talk to your IPsec stack and use the standard port 500 instead.
39
40The logging classes are Miscellaneous = 0, Transports = 1, Messages = 2,
41Crypto = 3, Timers = 4, System Dependencies = 5, Security Associations = 6,
42and Exchanges = 7.  The debug levels increase in verbosity from 0 (off) to
4399 (max). Read log.[ch] and ui.c to see how to alter the debugging levels.
44
45Now you have setup your daemon and can watch incoming negotiations.
46But how do you get such?  Either use http://isakmp-test.ssh.fi/,
47there's an excellent service, just waiting for you.  Or you can try to
48start another isakmpd on another port (say -p5001 or so, instead)
49and another fifo (let's say /tmp/other.fifo).  Then edit the config
50file to have some peer descriptions that fit your need and issue a
51command like this:
52
53$ echo "c IPsec-east-west" >/tmp/other.fifo
54
55and watch.  You can turn on debugging on that isakmpd too of course, for
56greater fun.  This rudimentary user interface is slightly described in
57DESIGN-NOTES.  If you are going to look at the config file, don't be scared,
58the man page isakmpd.conf(5) covers every detail, and the flexibility will
59be hidden under a userfriendlier layer in a later release.  I did this
60first config-file syntax just because it should be easy to parse. The man
61page isakmpd.policy(5) describes the policy model used in conjunction with
62KeyNote.
63
64Happy IKEing!
65
66Niklas Hallqvist <niklas@openbsd.org>
67Niels Provos <provos@openbsd.org>
68H�kan Olsson <ho@openbsd.org>
69