diff options
Diffstat (limited to 'static/freebsd/man4/if_ipsec.4 3.html')
| -rw-r--r-- | static/freebsd/man4/if_ipsec.4 3.html | 102 |
1 files changed, 0 insertions, 102 deletions
diff --git a/static/freebsd/man4/if_ipsec.4 3.html b/static/freebsd/man4/if_ipsec.4 3.html deleted file mode 100644 index 70eee8f8..00000000 --- a/static/freebsd/man4/if_ipsec.4 3.html +++ /dev/null @@ -1,102 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">if_ipsec(4)</td> - <td class="head-vol">Device Drivers Manual</td> - <td class="head-rtitle">if_ipsec(4)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">if_ipsec</code> — <span class="Nd">IPsec - virtual tunneling interface</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp">The <code class="Cm">if_ipsec</code> network interface is a part - of the <span class="Ux">FreeBSD</span> IPsec implementation. To compile it - into the kernel, place this line in the kernel configuration file:</p> -<div class="Bd Pp Bd-indent"><code class="Cd">options IPSEC</code></div> -<p class="Pp">It can also be loaded as part of the <code class="Cm">ipsec</code> - kernel module if the kernel was compiled with</p> -<div class="Bd Pp Bd-indent"><code class="Cd">options IPSEC_SUPPORT</code></div> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">if_ipsec</code> network interface is targeted - for creating route-based VPNs. It can tunnel IPv4 and IPv6 traffic over - either IPv4 or IPv6 and secure it with ESP.</p> -<p class="Pp"><code class="Nm">if_ipsec</code> interfaces are dynamically - created and destroyed with the <a class="Xr">ifconfig(8)</a> - <code class="Cm">create</code> and <code class="Cm">destroy</code> - subcommands. The administrator must configure IPsec - <code class="Cm">tunnel</code> endpoint addresses. These addresses will be - used for the outer IP header of ESP packets. The administrator can also - configure the protocol and addresses for the inner IP header with - <a class="Xr">ifconfig(8)</a>, and modify the routing table to route the - packets through the <code class="Nm">if_ipsec</code> interface.</p> -<p class="Pp">When the <code class="Nm">if_ipsec</code> interface is configured, - it automatically creates special security policies. These policies can be - used to acquire security associations from the IKE daemon, which are needed - for establishing an IPsec tunnel. It is also possible to create needed - security associations manually with the <a class="Xr">setkey(8)</a> - utility.</p> -<p class="Pp">Each <code class="Nm">if_ipsec</code> interface has an additional - numeric configuration option <code class="Cm">reqid</code> - <var class="Ar">id</var>. This <var class="Ar">id</var> is used to - distinguish traffic and security policies between several - <code class="Nm">if_ipsec</code> interfaces. The - <code class="Cm">reqid</code> can be specified on interface creation and - changed later. If not specified, it is automatically assigned. Note that - changing <code class="Cm">reqid</code> will lead to generation of new - security policies, and this may require creating new security - associations.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1> -<p class="Pp">The example below shows manual configuration of an IPsec tunnel - between two FreeBSD hosts. Host A has the IP address 192.168.0.3, and host B - has the IP address 192.168.0.5.</p> -<p class="Pp">On host A:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>ifconfig ipsec0 create reqid 100 -ifconfig ipsec0 inet tunnel 192.168.0.3 192.168.0.5 -ifconfig ipsec0 inet 172.16.0.3/16 172.16.0.5 -setkey -c -add 192.168.0.3 192.168.0.5 esp 10000 -m tunnel -u 100 -E rijndael-cbc "VerySecureKey!!1"; -add 192.168.0.5 192.168.0.3 esp 10001 -m tunnel -u 100 -E rijndael-cbc "VerySecureKey!!2"; -^D</pre> -</div> -<p class="Pp">On host B:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>ifconfig ipsec0 create reqid 200 -ifconfig ipsec0 inet tunnel 192.168.0.5 192.168.0.3 -ifconfig ipsec0 inet 172.16.0.5/16 172.16.0.3 -setkey -c -add 192.168.0.3 192.168.0.5 esp 10000 -m tunnel -u 200 -E rijndael-cbc "VerySecureKey!!1"; -add 192.168.0.5 192.168.0.3 esp 10001 -m tunnel -u 200 -E rijndael-cbc "VerySecureKey!!2"; -^D</pre> -</div> -<p class="Pp">Note the value 100 on host A and value 200 on host B are used as - reqid. The same value must be used as identifier of the policy entry in the - <a class="Xr">setkey(8)</a> command.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">gif(4)</a>, <a class="Xr">gre(4)</a>, - <a class="Xr">ipsec(4)</a>, <a class="Xr">ifconfig(8)</a>, - <a class="Xr">setkey(8)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp"><span class="An">Andrey V. Elsukov</span> - <<a class="Mt" href="mailto:ae@FreeBSD.org">ae@FreeBSD.org</a>></p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">February 6, 2017</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> |