]>
Commit | Line | Data |
---|---|---|
fbe46265 | 1 | = network-vpn-ipsec(8) |
18bace57 JS |
2 | |
3 | == NAME | |
fbe46265 | 4 | network-vpn-ipsec - Configure IPsec VPN connections |
18bace57 JS |
5 | |
6 | == SYNOPSIS | |
7 | [verse] | |
8 | 'network vpn ipsec [new|destroy]' NAME... | |
9 | 'network vpn ipsec' NAME COMMAND ... | |
10 | ||
11 | == DESCRIPTION | |
12 | With help of the 'vpn ipsec', it is possible to create, destroy | |
13 | and edit IPsec VPN connections. | |
14 | ||
15 | ||
16 | == COMMANDS | |
17 | The following commands are understood: | |
18 | ||
19 | 'new NAME':: | |
20 | A new IPsec VPN connection may be created with the 'new' command. | |
21 | + | |
22 | NAME does not allow any spaces. | |
23 | ||
24 | 'destroy NAME':: | |
25 | A IPsec VPN connection can be destroyed with this command. | |
26 | ||
27 | For all other commands, the name of the IPsec VPN connection needs to be passed first: | |
28 | ||
29 | 'NAME show':: | |
fbe46265 | 30 | Shows the configuration of the IPsec VPN connection |
18bace57 JS |
31 | |
32 | 'NAME authentication mode':: | |
33 | Set the authentication mode out of the following available modes: | |
34 | * psk | |
35 | ||
36 | 'NAME authentication psk PSK':: | |
37 | Set the pre-shared-key to PSK, only useful when the authentication mode is psk: | |
38 | ||
39 | include::include-color.txt[] | |
40 | ||
41 | include::include-description.txt[] | |
42 | ||
43 | 'NAME down':: | |
44 | Shutdown a etablished IPsec VPN connection | |
45 | ||
46 | 'NAME inactivity-timeout TIME':: | |
47 | Set the inactivity timeout with TIME in seconds or in the format hh:mm:ss | |
48 | ||
49 | 'NAME local id ID':: | |
50 | Specify the identity of the local system. | |
51 | + | |
52 | The ID must be in one of the following formats: | |
53 | * IP address | |
54 | * FQDN | |
55 | * a string which starts with @ | |
56 | ||
57 | 'NAME local prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]':: | |
58 | Specify the subnets of the local system which should be made available to the remote peer. | |
59 | ||
60 | 'NAME mode [transport|tunnel]':: | |
fbe46265 | 61 | Set the mode of the IPsec VPN connection. |
18bace57 JS |
62 | |
63 | 'NAME peer PEER':: | |
64 | Set the peer to which the IPsec VPN connection should be etablished. | |
65 | ||
66 | 'NAME remote id ID':: | |
67 | Specify the identity of the remote machine. | |
68 | + | |
69 | The ID must be in one of the following formats: | |
70 | * IP address | |
71 | * FQDN | |
72 | * A string which starts with @ | |
73 | ||
74 | 'NAME remote prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]':: | |
75 | Specify the subnets which the remote side makes available to us. | |
76 | ||
77 | 'NAME security-policy':: | |
78 | Set the security policy which the connection uses. | |
79 | + | |
80 | See link:network-vpn-security-policies[8] for details. | |
81 | ||
82 | 'NAME up':: | |
83 | Establishes the IPsec VPN connection to the remote peer. | |
84 | ||
85 | 'NAME zone':: | |
86 | When you specify a zone of type ip-tunnel here the IPsec connection is established over a vti tunnel. | |
87 | The remote and local prefixes are ignored. Imagine a fiber connection between this two machines, and how you would use it. | |
88 | The IPsec VPN connection works in the same way. You must configure routes and IP addresses of the ip-tunnel hook manually. | |
89 | ||
90 | ||
91 | == AUTHORS | |
92 | Michael Tremer, | |
93 | Jonatan Schlag | |
94 | ||
95 | == SEE ALSO | |
96 | link:network[8], | |
97 | link:network-vpn[8] |