From 8b96010d15650383678bf047bb4a587470b8f5a6 Mon Sep 17 00:00:00 2001 From: dlg Date: Sat, 31 Aug 2024 00:51:29 +0000 Subject: [PATCH] provide an example config for ikev1 with isakmpd and ipsecctl --- share/man/man4/sec.4 | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/share/man/man4/sec.4 b/share/man/man4/sec.4 index 79c86a6c859..60632ee06c6 100644 --- a/share/man/man4/sec.4 +++ b/share/man/man4/sec.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sec.4,v 1.3 2024/08/30 13:09:10 dlg Exp $ +.\" $OpenBSD: sec.4,v 1.4 2024/08/31 00:51:29 dlg Exp $ .\" .\" Copyright (c) 2023 David Gwynne .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 30 2024 $ +.Dd $Mdocdate: August 31 2024 $ .Dt SEC 4 .Os .Sh NAME @@ -112,10 +112,21 @@ ikev2 "s2s" active \\ iface sec0 .Ed .Pp -Once -.Xr iked 8 -is running with this configuration, communication between the -customer and provider gateways is enabled. +Alternatively, IKEv1 negotiation of the IPsec tunnel SAs is supported by +.Xr isakmpd 8 +and +.Xr ipsecctl 8 . +The equivalient +.Xr ipsec.conf 5 +configuration for the given parameters follows: +.Bd -literal -offset indent +ike interface sec0 \\ + local 192.0.2.8 peer 198.51.100.14 \\ + psk "7kA7evdkd50Q5YdCCF9t8eftgEgL4vk2" +.Ed +.Pp +Once the Security Associations are established, communication between +the customer and provider gateways is enabled. .Pp Routes to networks hosted by the provider can be added using the providers -- 2.20.1