From 22db0d4b292ca83fdb0980c2e8a1022bb2cf845d Mon Sep 17 00:00:00 2001 From: yasuoka Date: Thu, 4 Nov 2021 04:20:14 +0000 Subject: [PATCH] Tweaks (improve previous commit) from jmc --- sbin/ipsecctl/ipsec.conf.5 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index 98acad6a4ff..0162ea63fe7 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.161 2021/11/04 03:53:57 yasuoka Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.162 2021/11/04 04:20:14 yasuoka Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -668,7 +668,7 @@ Transforms followed by .Bq IKE only can only be used with the .Ic ike -keyword, transforms with +keyword; transforms with .Bq phase 2 only can only be used with the .Ic quick @@ -681,7 +681,7 @@ The keysize of AES-CTR can be 128, 192, or 256 bits. However as well as the key, a 32-bit nonce has to be supplied. Thus 160, 224, or 288 bits of key material, respectively, have to be supplied. The same applies to AES-GCM, AES-GMAC and Chacha20-Poly1305, -however in the latter case the keysize is 256 bit. +however in the latter case the keysize is 256 bits. .Pp Using AES-GMAC or NULL with ESP will only provide authentication. This is useful in setups where AH cannot be used, e.g. when NAT is involved. -- 2.20.1