aboutsummaryrefslogtreecommitdiffstats
path: root/sysconfig.txt
diff options
context:
space:
mode:
authorMiloslav Trmac <mitr@volny.cz>2006-07-08 22:17:12 +0000
committerMiloslav Trmac <mitr@volny.cz>2006-07-08 22:17:12 +0000
commit15af5afee0a490a48489b60511cb1c96e51e8d4b (patch)
tree4cdc3f79288c18c210530a995ee2e1486ff86b1c /sysconfig.txt
parent29fd49bc96ba9932b350324cd6652d9f942d6561 (diff)
downloadinitscripts-15af5afee0a490a48489b60511cb1c96e51e8d4b.tar
initscripts-15af5afee0a490a48489b60511cb1c96e51e8d4b.tar.gz
initscripts-15af5afee0a490a48489b60511cb1c96e51e8d4b.tar.bz2
initscripts-15af5afee0a490a48489b60511cb1c96e51e8d4b.tar.xz
initscripts-15af5afee0a490a48489b60511cb1c96e51e8d4b.zip
- Allow disabling AH or ESP with authomatic keying (part of #168972, based on
a patch by Aleksandar Milivojevic <alex@milivojevic.org>). - Merge updated documentation in ifup-ipsec to sysconfig.txt, remove the non-canonical copy in ifup-ipsec.
Diffstat (limited to 'sysconfig.txt')
-rw-r--r--sysconfig.txt21
1 files changed, 12 insertions, 9 deletions
diff --git a/sysconfig.txt b/sysconfig.txt
index 725001ae..b01a4e1a 100644
--- a/sysconfig.txt
+++ b/sysconfig.txt
@@ -832,15 +832,16 @@ Files in /etc/sysconfig/network-scripts/
Manual keying:
- AH_PROTO{_IN,_OUT}=protocol to use for AH (defaults to HMAC-SHA1)
- ESP_PROTO{_IN,_OUT}=protocol to use for ESP (defaults to 3DES)
- KEY_AH{_IN,_OUT}=AH key
- KEY_ESP{_IN,_OUT}=ESP key
- SPI_{ESP,AH_{IN,OUT}}=SPIs to use
+ AH_PROTO{,_IN,_OUT}=protocol to use for AH (defaults to hmac-sha1)
+ ESP_PROTO{,_IN,_OUT}=protocol to use for ESP (defaults to 3des-cbc)
+ KEY_AH{,_IN,_OUT}=AH key
+ KEY_ESP{,_IN,_OUT}=ESP key
+ SPI_{ESP,AH}_{IN,OUT}=SPIs to use
- _IN and _OUT specifiers are for using different keys or protocols for incoming
- and outgoing packets. If neither _IN or _OUT variants are set for protocols or
- keys, the same will be used for both.
+ _IN and _OUT specifiers are for using different keys or protocols for
+ incoming and outgoing packets. If neither _IN or _OUT variants are set for
+ protocols or keys, the same will be used for both. Hexadecimal keys need to
+ be prefixed with "0x".
Automatic keying:
@@ -849,11 +850,13 @@ Files in /etc/sysconfig/network-scripts/
X509=X.509 certificates
GSSAPI=GSSAPI authentication
IKE_PSK=preshared key for this connection
- IKE_CERTFILE=our certificate file name for X509 IKE
+ IKE_CERTFILE=our certificate file name for X509 IKE
IKE_PEER_CERTFILE=peer public cert filename for X509 IKE
IKE_DNSSEC=retrieve peer public certs from DNS
(otherwise uses certificate information sent over IKE)
+ Usage of AH or ESP may be disabled by setting {AH,ESP}_PROTO to "none".
+
Bonding-specific items
SLAVE=yes