ipsec bits. sucked straight from ifup-ipsec

1 files changed, 30 insertions, 0 deletions

diff --git a/sysconfig.txt b/sysconfig.txt
index 608d77bc..6d962353 100644
--- a/sysconfig.txt
+++ b/sysconfig.txt
@@ -751,6 +751,36 @@ Files in /etc/sysconfig/network-scripts/
     LOCAL_IP=     will be converted to IPADDR by netconf
     REMOTE_IP=    will be converted to GATEWAY by netconf
 
+  IPSEC specific items
+     SRC = source address. Not required.
+     DST = destination address
+     TYPE = IPSEC
+     SRCNET = source net (for tunneling)
+     DSTNET = destination network (for tunneling)
+
+   Manual keying:
+
+     AH_PROTO{_IN,_OUT} = protocol to use for AH (defaults to HMAC-SHA1)
+     ESP_PROTO{_IN,_OUT} = protocol to use for ESP (defaults to 3DES)
+     KEY_AH{_IN,_OUT} = AH key
+     KEY_ESP{_IN,_OUT} = ESP key
+     SPI_{EH,AH_{IN,OUT}} = SPIs to use
+
+   _IN and _OUT specifiers are for using different keys or protocols for inccoming
+   and outgoing packets. If neither _IN or _OUT variants are set for protocols or
+   keys, the same will be used for both.
+
+   Automatic keying:
+
+     IKE_METHOD=PSK|X509|GSSAPI
+         PSK = preshared keys (shared secret)
+         X509 = X.509 certificates
+         GSSAPI = GSSAPI authentication
+     IKE_PSK = preshared key for this connection
+     IKE_CERTFILE = our certificate file name for X509 IKE 
+       IKE_PEER_CERTFILE = peer public cert filename for X509 IKE
+       IKE_DNSSEC = retrieve peer public certs from DNS
+     (otherwise uses certificate information sent over IKE)
       
 /etc/sysconfig/network-scripts/chat-<interface-name>: