Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- man/network-vpn-ipsec.txt | 97 +++++++++++++++++++++++++++++++++++++++++++++++ man/network-vpn.txt | 5 +++ 2 files changed, 102 insertions(+) create mode 100644 man/network-vpn-ipsec.txt
diff --git a/man/network-vpn-ipsec.txt b/man/network-vpn-ipsec.txt new file mode 100644 index 0000000..25347a8 --- /dev/null +++ b/man/network-vpn-ipsec.txt @@ -0,0 +1,97 @@ += network-vpn-security-policies(8) + +== NAME +network-ipsec - Configure IPsec VPN connections + +== SYNOPSIS +[verse] +'network vpn ipsec [new|destroy]' NAME... +'network vpn ipsec' NAME COMMAND ... + +== DESCRIPTION +With help of the 'vpn ipsec', it is possible to create, destroy +and edit IPsec VPN connections. + + +== COMMANDS +The following commands are understood: + +'new NAME':: + A new IPsec VPN connection may be created with the 'new' command. + + + NAME does not allow any spaces. + +'destroy NAME':: + A IPsec VPN connection can be destroyed with this command. + +For all other commands, the name of the IPsec VPN connection needs to be passed first: + +'NAME show':: + Shows the configuration of the IPsec VPN connection + +'NAME authentication mode':: + Set the authentication mode out of the following available modes: + * psk + +'NAME authentication psk PSK':: + Set the pre-shared-key to PSK, only useful when the authentication mode is psk: + +include::include-color.txt[] + +include::include-description.txt[] + +'NAME down':: + Shutdown a etablished IPsec VPN connection + +'NAME inactivity-timeout TIME':: + Set the inactivity timeout with TIME in seconds or in the format hh:mm:ss + +'NAME local id ID':: + Specify the identity of the local system. + + + The ID must be in one of the following formats: + * IP address + * FQDN + * a string which starts with @ + +'NAME local prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]':: + Specify the subnets of the local system which should be made available to the remote peer. + +'NAME mode [transport|tunnel]':: + Set the mode of the IPsec VPN connection. + +'NAME peer PEER':: + Set the peer to which the IPsec VPN connection should be etablished. + +'NAME remote id ID':: + Specify the identity of the remote machine. + + + The ID must be in one of the following formats: + * IP address + * FQDN + * A string which starts with @ + +'NAME remote prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]':: + Specify the subnets which the remote side makes available to us. + +'NAME security-policy':: + Set the security policy which the connection uses. + + + See link:network-vpn-security-policies[8] for details. + +'NAME up':: + Establishes the IPsec VPN connection to the remote peer. + +'NAME zone':: + When you specify a zone of type ip-tunnel here the IPsec connection is established over a vti tunnel. + The remote and local prefixes are ignored. Imagine a fiber connection between this two machines, and how you would use it. + The IPsec VPN connection works in the same way. You must configure routes and IP addresses of the ip-tunnel hook manually. + + +== AUTHORS +Michael Tremer, +Jonatan Schlag + +== SEE ALSO +link:network[8], +link:network-vpn[8] diff --git a/man/network-vpn.txt b/man/network-vpn.txt index 5a905db..be33606 100644 --- a/man/network-vpn.txt +++ b/man/network-vpn.txt @@ -19,6 +19,11 @@ The following commands are understood: + See link:network-vpn-security-policies[8] for details.
+'ipsec' ...:: + Use this command to manage ipsec vpn connections. + + + See link:network-vpn-ipsec[8] for details. + == AUTHORS Michael Tremer
-
Jonatan Schlag