From patchwork Mon Jun 24 21:30:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonatan Schlag X-Patchwork-Id: 2332 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 16BF0884610 for ; Mon, 24 Jun 2019 12:30:18 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 45XRt144CKz5M6GG; Mon, 24 Jun 2019 12:30:17 +0100 (BST) Received: from bockland.tremer.co.uk (unknown [88.215.19.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 45XRsz6trcz5M6GG; Mon, 24 Jun 2019 12:30:15 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1561375816; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=zU+KjTb9OaG5JHml/HcLt0P2p5l9xCo6kEY+VdmV3VA=; b=KgUbFjHiikjTtWsfR8aSkKzWRLge08wtVk8gEbZG03Wfyb2pqYW6J/ATCF4iwC96ANEGkD hf3MU0mAU2xfsHeqLzqeN9W0AEq0OrMObR0NML5c5jcqFYnmLcojjt22n8f3fVbGcatN6o 6+EYuNJn+rFZ1BSTQIWiAU/cyGxU6EuJRnOiLQwbvfsnJ2/tC/puWQFAELbA9hGE0Le1wQ mYkaoV5XR9tBoXlXJa0H4Nh4eIBezu+WaQcpLK138gOl6PzIrAwySUSf2KQmRa/6wLEW83 DMMWO5WgpTV4rInP7DHiKP4jhkWELC4OQKrenjOvPnbvlRC7DN7WgWeVohXPzg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1561375816; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=zU+KjTb9OaG5JHml/HcLt0P2p5l9xCo6kEY+VdmV3VA=; b=VAA2URkj0Kc47CfmQMuh82lKiHXj/hsHnXZmtX8v+W5F9PW5HYwDOAgHUROVBZYPw3oImw Ed7vbQ/1G7LfYOBg== From: Jonatan Schlag To: network@lists.ipfire.org Subject: [PATCH] Add documentation for the IPsec VPN Date: Mon, 24 Jun 2019 13:30:14 +0200 Message-Id: <20190624113014.21701-1-jonatan.schlag@ipfire.org> X-Mailer: git-send-email 2.11.0 Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=jschlag smtp.mailfrom=jonatan.schlag@ipfire.org X-BeenThere: network@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List for the network package List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: network-bounces@lists.ipfire.org Sender: "network" Signed-off-by: Jonatan Schlag --- man/network-vpn-ipsec.txt | 97 +++++++++++++++++++++++++++++++++++++++++++++++ man/network-vpn.txt | 5 +++ 2 files changed, 102 insertions(+) create mode 100644 man/network-vpn-ipsec.txt diff --git a/man/network-vpn-ipsec.txt b/man/network-vpn-ipsec.txt new file mode 100644 index 0000000..25347a8 --- /dev/null +++ b/man/network-vpn-ipsec.txt @@ -0,0 +1,97 @@ += network-vpn-security-policies(8) + +== NAME +network-ipsec - Configure IPsec VPN connections + +== SYNOPSIS +[verse] +'network vpn ipsec [new|destroy]' NAME... +'network vpn ipsec' NAME COMMAND ... + +== DESCRIPTION +With help of the 'vpn ipsec', it is possible to create, destroy +and edit IPsec VPN connections. + + +== COMMANDS +The following commands are understood: + +'new NAME':: + A new IPsec VPN connection may be created with the 'new' command. + + + NAME does not allow any spaces. + +'destroy NAME':: + A IPsec VPN connection can be destroyed with this command. + +For all other commands, the name of the IPsec VPN connection needs to be passed first: + +'NAME show':: + Shows the configuration of the IPsec VPN connection + +'NAME authentication mode':: + Set the authentication mode out of the following available modes: + * psk + +'NAME authentication psk PSK':: + Set the pre-shared-key to PSK, only useful when the authentication mode is psk: + +include::include-color.txt[] + +include::include-description.txt[] + +'NAME down':: + Shutdown a etablished IPsec VPN connection + +'NAME inactivity-timeout TIME':: + Set the inactivity timeout with TIME in seconds or in the format hh:mm:ss + +'NAME local id ID':: + Specify the identity of the local system. + + + The ID must be in one of the following formats: + * IP address + * FQDN + * a string which starts with @ + +'NAME local prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]':: + Specify the subnets of the local system which should be made available to the remote peer. + +'NAME mode [transport|tunnel]':: + Set the mode of the IPsec VPN connection. + +'NAME peer PEER':: + Set the peer to which the IPsec VPN connection should be etablished. + +'NAME remote id ID':: + Specify the identity of the remote machine. + + + The ID must be in one of the following formats: + * IP address + * FQDN + * A string which starts with @ + +'NAME remote prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]':: + Specify the subnets which the remote side makes available to us. + +'NAME security-policy':: + Set the security policy which the connection uses. + + + See link:network-vpn-security-policies[8] for details. + +'NAME up':: + Establishes the IPsec VPN connection to the remote peer. + +'NAME zone':: + When you specify a zone of type ip-tunnel here the IPsec connection is established over a vti tunnel. + The remote and local prefixes are ignored. Imagine a fiber connection between this two machines, and how you would use it. + The IPsec VPN connection works in the same way. You must configure routes and IP addresses of the ip-tunnel hook manually. + + +== AUTHORS +Michael Tremer, +Jonatan Schlag + +== SEE ALSO +link:network[8], +link:network-vpn[8] diff --git a/man/network-vpn.txt b/man/network-vpn.txt index 5a905db..be33606 100644 --- a/man/network-vpn.txt +++ b/man/network-vpn.txt @@ -19,6 +19,11 @@ The following commands are understood: + See link:network-vpn-security-policies[8] for details. +'ipsec' ...:: + Use this command to manage ipsec vpn connections. + + + See link:network-vpn-ipsec[8] for details. + == AUTHORS Michael Tremer