From fb5c63c31638a69a4e6039994b07e99096fddb2c Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Thu, 3 Jul 2003 02:34:16 +0000 Subject: ipsec bits. sucked straight from ifup-ipsec --- sysconfig.txt | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/sysconfig.txt b/sysconfig.txt index 608d77bc..6d962353 100644 --- a/sysconfig.txt +++ b/sysconfig.txt @@ -751,6 +751,36 @@ Files in /etc/sysconfig/network-scripts/ LOCAL_IP= will be converted to IPADDR by netconf REMOTE_IP= will be converted to GATEWAY by netconf + IPSEC specific items + SRC = source address. Not required. + DST = destination address + TYPE = IPSEC + SRCNET = source net (for tunneling) + DSTNET = destination network (for tunneling) + + Manual keying: + + AH_PROTO{_IN,_OUT} = protocol to use for AH (defaults to HMAC-SHA1) + ESP_PROTO{_IN,_OUT} = protocol to use for ESP (defaults to 3DES) + KEY_AH{_IN,_OUT} = AH key + KEY_ESP{_IN,_OUT} = ESP key + SPI_{EH,AH_{IN,OUT}} = SPIs to use + + _IN and _OUT specifiers are for using different keys or protocols for inccoming + and outgoing packets. If neither _IN or _OUT variants are set for protocols or + keys, the same will be used for both. + + Automatic keying: + + IKE_METHOD=PSK|X509|GSSAPI + PSK = preshared keys (shared secret) + X509 = X.509 certificates + GSSAPI = GSSAPI authentication + IKE_PSK = preshared key for this connection + IKE_CERTFILE = our certificate file name for X509 IKE + IKE_PEER_CERTFILE = peer public cert filename for X509 IKE + IKE_DNSSEC = retrieve peer public certs from DNS + (otherwise uses certificate information sent over IKE) /etc/sysconfig/network-scripts/chat-: -- cgit v1.2.1