Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New sentence, new line. Avoid marking up punctuation.

This commit is contained in:
wiz 2009-03-12 15:18:57 +00:00
parent 01bbe49d65
commit 2df943f931
1 changed files with 26 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: racoon.conf.5,v 1.54 2009/03/12 10:57:26 tteras Exp $
.\" $NetBSD: racoon.conf.5,v 1.55 2009/03/12 15:18:57 wiz Exp $
.\"
.\" Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp
.\"
@ -383,14 +383,16 @@ This problem is known to be fixed in Linux 2.6.25 and later.
Specifies the IKE phase 1 parameters for each remote node.
.Pp
If connection is initiated using racoonctl, a unique match using the
remote IP must be found or the remote block name has to be given. For
received acquires (kernel notices traffic requiring a new SA) the
remote IP must be found or the remote block name has to be given.
For received acquires (kernel notices traffic requiring a new SA) the
remote IP and remoteid from matching sainfo block are used to decide
the remoteblock. If no uniquely matching remoteblock is found using
the remoteblock.
If no uniquely matching remoteblock is found using
these criteria, no connection attempt is done.
.Pp
When acting as responder, racoon picks the first proposal that has one
or more acceptable remote configurations. When determining if a remote
or more acceptable remote configurations.
When determining if a remote
specification is matching the following information is checked:
.Bl -bullet -tag -width Ds -compact
.It
@ -411,7 +413,8 @@ if
is on.
.It
If a certificate request was received, it must match the issuer of
.Ic "certificate_type x509" certificate.
.Ic "certificate_type x509"
certificate.
If certificate request without issuer name was sent, the
.Ic match_empty_cr
parameter specifies whether or not remote block matches.
@ -968,10 +971,11 @@ command.
.Bq Ic inherit Ar parent
.Ic { Ar statements Ic }
.Xc
Deprecated format of specifying a remote block. This will be removed
in future. It is a remnant from time when remote block was decided
Deprecated format of specifying a remote block.
This will be removed in future.
It is a remnant from time when remote block was decided
solely based on the peers IP address.
.Pp
This is equivalent to:
.Bd -literal -offset
remote "address" [inherit "parent-address"] {