man/network-vpn-ipsec.txt

   1 = network-vpn-security-policies(8)
   2
   3 == NAME
   4 network-ipsec - Configure IPsec VPN connections
   5
   6 == SYNOPSIS
   7 [verse]
   8 'network vpn ipsec [new|destroy]' NAME...
   9 'network vpn ipsec' NAME COMMAND ...
  10
  11 == DESCRIPTION
  12 With help of the 'vpn ipsec', it is possible to create, destroy
  13 and edit IPsec VPN connections.
  14
  15
  16 == COMMANDS
  17 The following commands are understood:
  18
  19 'new NAME'::
  20         A new IPsec VPN connection may be created with the 'new' command.
  21         +
  22         NAME does not allow any spaces.
  23
  24 'destroy NAME'::
  25         A IPsec VPN connection can be destroyed with this command.
  26
  27 For all other commands, the name of the IPsec VPN connection needs to be passed first:
  28
  29 'NAME show'::
  30         Shows the configuration of the IPsec VPN connection
  31
  32 'NAME authentication mode'::
  33         Set the authentication mode out of the following available modes:
  34         * psk
  35
  36 'NAME authentication psk PSK'::
  37         Set the pre-shared-key to PSK, only useful when the authentication mode is psk:
  38
  39 include::include-color.txt[]
  40
  41 include::include-description.txt[]
  42
  43 'NAME down'::
  44         Shutdown a etablished IPsec VPN connection
  45
  46 'NAME inactivity-timeout TIME'::
  47         Set the inactivity timeout with TIME in seconds or in the format hh:mm:ss
  48
  49 'NAME local id ID'::
  50         Specify the identity of the local system.
  51         +
  52         The ID must be in one of the following formats:
  53         * IP address
  54         * FQDN
  55         * a string which starts with @
  56
  57 'NAME local prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]'::
  58         Specify the subnets of the local system which should be made available to the remote peer.
  59
  60 'NAME mode [transport|tunnel]'::
  61         Set the mode of the IPsec VPN connection.
  62
  63 'NAME peer PEER'::
  64         Set the peer to which the IPsec VPN connection should be etablished.
  65
  66 'NAME remote id ID'::
  67         Specify the identity of the remote machine.
  68         +
  69         The ID must be in one of the following formats:
  70         * IP address
  71         * FQDN
  72         * A string which starts with @
  73
  74 'NAME remote prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]'::
  75         Specify the subnets which the remote side makes available to us.
  76
  77 'NAME security-policy'::
  78         Set the security policy which the connection uses.
  79         +
  80         See link:network-vpn-security-policies[8] for details.
  81
  82 'NAME up'::
  83         Establishes the IPsec VPN connection to the remote peer.
  84
  85 'NAME zone'::
  86         When you specify a zone of type ip-tunnel here the IPsec connection is established over a vti tunnel.
  87         The remote and local prefixes are ignored. Imagine a fiber connection between this two machines, and how you would use it.
  88         The IPsec VPN connection works in the same way. You must configure routes and IP addresses of the ip-tunnel hook manually.
  89
  90
  91 == AUTHORS
  92 Michael Tremer,
  93 Jonatan Schlag
  94
  95 == SEE ALSO
  96 link:network[8],
  97 link:network-vpn[8]