aboutsummaryrefslogtreecommitdiffstats
path: root/sysconfig.txt
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2009-12-10 15:16:43 -0500
committerBill Nottingham <notting@redhat.com>2009-12-10 15:16:43 -0500
commitdb385525fbe5d60f1177cdc6a4f50825166ee1a3 (patch)
tree5b32f59a2d76dfdc02ca0ba857e5ffeedceb2393 /sysconfig.txt
parentcba4e4abf71e4290ba4d41532c6b9dd6c906e241 (diff)
downloadinitscripts-db385525fbe5d60f1177cdc6a4f50825166ee1a3.tar
initscripts-db385525fbe5d60f1177cdc6a4f50825166ee1a3.tar.gz
initscripts-db385525fbe5d60f1177cdc6a4f50825166ee1a3.tar.bz2
initscripts-db385525fbe5d60f1177cdc6a4f50825166ee1a3.tar.xz
initscripts-db385525fbe5d60f1177cdc6a4f50825166ee1a3.zip
Drop IPSEC ifcfg support, in favor of openswan.
Diffstat (limited to 'sysconfig.txt')
-rw-r--r--sysconfig.txt49
1 files changed, 0 insertions, 49 deletions
diff --git a/sysconfig.txt b/sysconfig.txt
index 582fb4d9..81610a35 100644
--- a/sysconfig.txt
+++ b/sysconfig.txt
@@ -856,55 +856,6 @@ Files in /etc/sysconfig/network-scripts/
SPYIPS=<list of IP addresses to monitor for link quality>
IWPRIV=<iwpriv(8) commands>
- IPSEC specific items
- SRC=source address. Not required.
- DST=destination address
- TYPE=IPSEC
- SRCNET=source net (for tunneling)
- DSTNET=destination network (for tunneling)
-
- Manual keying:
-
- AH_PROTO{,_IN,_OUT}=protocol to use for AH (defaults to hmac-sha1)
- ESP_PROTO{,_IN,_OUT}=protocol to use for ESP (defaults to 3des-cbc)
- AESP_PROTO{,_IN,_OUT}=protocol to use for ESP authentication (defaults to
- hmac-sha1)
- KEY_AH{,_IN,_OUT}=AH key
- KEY_ESP{,_IN,_OUT}=ESP encryption key
- KEY_AESP{,_IN,_OUT}=ESP authentication key (optional)
- SPI_{ESP,AH}_{IN,OUT}=SPIs to use
-
- _IN and _OUT specifiers are for using different keys or protocols for
- incoming and outgoing packets. If neither _IN or _OUT variants are set for
- protocols or keys, the same will be used for both. Hexadecimal keys need to
- be prefixed with "0x".
-
- Automatic keying:
-
- IKE_DHGROUP=<number> (defaults to 2)
- IKE_METHOD=PSK|X509|GSSAPI
- PSK=preshared keys (shared secret)
- X509=X.509 certificates
- GSSPI=GSSAPI authentication
- IKE_AUTH=protocol to use for Phase 1 of SA (defaults to sha1)
- IKE_ENC=protocol to use for Phase 1 of SA (defaults to 3des)
- IKE_PSK=preshared key for this connection
- IKE_CERTFILE=our certificate file name for X509 IKE
- IKE_PEER_CERTFILE=peer public cert filename for X509 IKE
- IKE_DNSSEC=retrieve peer public certs from DNS
- (otherwise uses certificate information sent over IKE)
-
- To manage the racoon configuration manually (e.g. when there is more than
- one IPSEC configuration with the same DST), set KEYING=automatic and leave
- all IKE_* parameters unspecified.
-
- To override the identifier to use with a preshared key:
-
- MYID_TYPE=address|fqdn|user_fqdn
- MYID_VALUE=fqdn or user_fqdn string for this connection
-
- Usage of AH or ESP may be disabled by setting {AH,ESP}_PROTO to "none".
-
Bonding-specific items
SLAVE=yes