From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jonatan Schlag To: network@lists.ipfire.org Subject: [PATCH] Add documentation for the IPsec VPN Date: Mon, 24 Jun 2019 13:30:14 +0200 Message-ID: <20190624113014.21701-1-jonatan.schlag@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0587208602256994110==" List-Id: --===============0587208602256994110== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Signed-off-by: Jonatan Schlag --- man/network-vpn-ipsec.txt | 97 +++++++++++++++++++++++++++++++++++++++++++++= ++ man/network-vpn.txt | 5 +++ 2 files changed, 102 insertions(+) create mode 100644 man/network-vpn-ipsec.txt diff --git a/man/network-vpn-ipsec.txt b/man/network-vpn-ipsec.txt new file mode 100644 index 0000000..25347a8 --- /dev/null +++ b/man/network-vpn-ipsec.txt @@ -0,0 +1,97 @@ +=3D network-vpn-security-policies(8) + +=3D=3D NAME +network-ipsec - Configure IPsec VPN connections=20 + +=3D=3D SYNOPSIS +[verse] +'network vpn ipsec [new|destroy]' NAME... +'network vpn ipsec' NAME COMMAND ... + +=3D=3D DESCRIPTION +With help of the 'vpn ipsec', it is possible to create, destroy +and edit IPsec VPN connections. + + +=3D=3D COMMANDS +The following commands are understood: + +'new NAME':: + A new IPsec VPN connection may be created with the 'new' command. + + + NAME does not allow any spaces. + +'destroy NAME':: + A IPsec VPN connection can be destroyed with this command. + +For all other commands, the name of the IPsec VPN connection needs to be pas= sed first: + +'NAME show':: + Shows the configuration of the IPsec VPN connection=20 + +'NAME authentication mode':: + Set the authentication mode out of the following available modes: + * psk + +'NAME authentication psk PSK':: + Set the pre-shared-key to PSK, only useful when the authentication mode is = psk: + +include::include-color.txt[] + +include::include-description.txt[] + +'NAME down':: + Shutdown a etablished IPsec VPN connection + +'NAME inactivity-timeout TIME':: + Set the inactivity timeout with TIME in seconds or in the format hh:mm:ss + +'NAME local id ID':: + Specify the identity of the local system. + + + The ID must be in one of the following formats: + * IP address + * FQDN + * a string which starts with @ + +'NAME local prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]':: + Specify the subnets of the local system which should be made available to t= he remote peer. + +'NAME mode [transport|tunnel]':: + Set the mode of the IPsec VPN connection.=20 + +'NAME peer PEER':: + Set the peer to which the IPsec VPN connection should be etablished. + +'NAME remote id ID':: + Specify the identity of the remote machine. + + + The ID must be in one of the following formats: + * IP address + * FQDN + * A string which starts with @ + +'NAME remote prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]':: + Specify the subnets which the remote side makes available to us. + +'NAME security-policy':: + Set the security policy which the connection uses. + + + See link:network-vpn-security-policies[8] for details. + +'NAME up':: + Establishes the IPsec VPN connection to the remote peer. + +'NAME zone':: + When you specify a zone of type ip-tunnel here the IPsec connection is esta= blished over a vti tunnel. + The remote and local prefixes are ignored. Imagine a fiber connection betwe= en this two machines, and how you would use it. + The IPsec VPN connection works in the same way. You must configure routes a= nd IP addresses of the ip-tunnel hook manually. + + +=3D=3D AUTHORS +Michael Tremer, +Jonatan Schlag + +=3D=3D SEE ALSO +link:network[8], +link:network-vpn[8] diff --git a/man/network-vpn.txt b/man/network-vpn.txt index 5a905db..be33606 100644 --- a/man/network-vpn.txt +++ b/man/network-vpn.txt @@ -19,6 +19,11 @@ The following commands are understood: + See link:network-vpn-security-policies[8] for details. =20 +'ipsec' ...:: + Use this command to manage ipsec vpn connections. + + + See link:network-vpn-ipsec[8] for details. + =3D=3D AUTHORS Michael Tremer =20 --=20 2.11.0 --===============0587208602256994110==--