From 0a31681e96ee9ed656bf5ce531d4057079a897be Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 31 Mar 2019 16:30:26 +0200
Subject: [PATCH] man: Convert network-vpn-security-policies(8) to asciidoc

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 man/network-vpn-security-policies.txt | 111 +++++++++
 man/network-vpn-security-policies.xml | 313 --------------------------
 2 files changed, 111 insertions(+), 313 deletions(-)
 create mode 100644 man/network-vpn-security-policies.txt
 delete mode 100644 man/network-vpn-security-policies.xml

diff --git a/man/network-vpn-security-policies.txt b/man/network-vpn-security-policies.txt
new file mode 100644
index 00000000..f9dc91a4
--- /dev/null
+++ b/man/network-vpn-security-policies.txt
@@ -0,0 +1,111 @@
+= network-vpn-security-policies(8)
+Michael Tremer <michael.tremer@ipfire.org>
+
+== NAME
+network-vpn-security-policies - Configure VPN Security Policies
+
+== SYNOPSIS
+[verse]
+'network vpn security-policies [new|destroy]' NAME...
+'network vpn security-policies' NAME COMMAND ...
+
+== DESCRIPTION
+With help of the 'vpn security-policies', it is possible to create, destroy
+and edit VPN security policies.
+
+A security policy is a definition of ciphers and algorithms for integrity
+and key-exchanges for VPN connections.
+
+== COMMANDS
+The following commands are understood:
+
+'new NAME'::
+	A new security policy may be created with the 'new' command.
+	+
+	NAME does not allow any spaces.
+
+'destroy NAME'::
+	A security policy can be destroyed with this command.
+	+
+	If the policy is still in use, it cannot be deleted.
+
+For all other commands, the name of the security policy needs to be passed first:
+
+'NAME show'::
+	Shows the configuration of the security policy.
+
+'NAME key-exchange' [IKEv2|IKEv1]::
+	Defines the key exchange algorithm that should be used to initiate an
+	IPsec VPN connection.
+
+'NAME ciphers' [CIPHER-LIST|+CIPHER ...|-CIPHER ...]::
+	This command allows modifying the cipher list.
+	A new CIPHER-LIST can be passed which will replace the current configuration.
+	Alternatively, new ciphers can be added by prepending a + sign to the cipher
+	name and can removed likewise using -.
+	+
+	A cipher is an algorithm that encrypts and decrypts data to be able to
+	transmit it over an insecure channel.
+
+'NAME integrities' [INTEGRITY-LIST|+INTEGRITY ...|-INTEGRITY ...]::
+	This command allows modifying the integrity list similar to the
+	'ciphers' command.
+	+
+	Integrity algorithms are used to be able to determine if data has been
+	altered when being transferred over an untrusted channel.
+
+'NAME pseudo-random-functions' [PSEUDO-RANDOM-FUNCTION-LIST|+PSEUDO-RANDOM-FUNCTION...|-PSEUDO-RANDOM-FUNCTION]::
+	This command allows modifying the list of pseudo random functions
+	similar to the 'ciphers' command.
+	+
+	These functions are used in combination with an AEAD cipher only.
+
+'NAME group-types' [GROUP-TYPES-LIST|+GROUP-TYPE ...|-GROUP-TYPE]::
+	This command allows modifying the list of group types similar to the
+	'ciphers' command.
+	+
+	These algorithms are used to negotiate a shared secret of an insecure channel.
+
+'NAME pfs' [on|off]::
+	This command allows to enable or disable Perfect Forward Secrecy (PFS).
+	If PFS is enabled, the encrypted channels of a VPN connection will be
+	renegotiated regularly to avoid that the same keys are used for too long.
+	If an attacker is able to obtain a key that was used to encrypt the
+	data, it is only possible to decrypt a certain amount of data.
+	+
+	It is strongly recommended to enable PFS at all times.
+
+'NAME lifetime' LIFETIME::
+	This command allows to define how often the VPN connection is
+	renegotiated if PFS is enabled.
+
+'NAME compression' [on|off]::
+	This command allows to enable or disable compression.
+	If compression is enabled, all data is being compressed before being
+	sent through the VPN.
+	This setting is ignored if the peer does not support this.
+
+== System Policies
+
+The system comes with builtin policies that cannot be modified by the user.
+They are intended to provide good defaults for various situations.
+
+[horizontal]
+'system'::
+	This policy is the default for every VPN connection and allows using
+	all ciphers, integrity and key-exchange algorithms that are recommended
+	to use and have not been proven or assumed to be broken, yet.
+	+
+	Over time, this policy will change whenever an algorithm has been broken
+	and is not recommended to be used any more.
+
+'performance'::
+	This policy is recommended to be used on systems that are not very powerful.
+	Algorithms with smaller key lengths, but still considered to be secure
+	are being used.
+
+System policies cannot be deleted.
+
+== SEE ALSO
+link:network[8],
+link:network-vpn[8]
diff --git a/man/network-vpn-security-policies.xml b/man/network-vpn-security-policies.xml
deleted file mode 100644
index 40e62135..00000000
--- a/man/network-vpn-security-policies.xml
+++ /dev/null
@@ -1,313 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
-	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
-
-<refentry id="network-zone">
-	<refentryinfo>
-		<title>network-vpn-security-policies</title>
-		<productname>network</productname>
-
-		<authorgroup>
-			<author>
-				<contrib>Developer</contrib>
-				<firstname>Michael</firstname>
-				<surname>Tremer</surname>
-				<email>michael.tremer@ipfire.org</email>
-			</author>
-		</authorgroup>
-	</refentryinfo>
-
-	<refmeta>
-		<refentrytitle>network-vpn-security-policies</refentrytitle>
-		<manvolnum>8</manvolnum>
-	</refmeta>
-
-	<refnamediv>
-		<refname>network-vpn-security-policies</refname>
-		<refpurpose>Network Configuration Control Program</refpurpose>
-	</refnamediv>
-
-	<refsynopsisdiv>
-		<cmdsynopsis>
-			<command>network vpn security-policies <arg choice="plain">[new|destroy]</arg> <replaceable>NAME</replaceable> ...</command>
-		</cmdsynopsis>
-
-		<cmdsynopsis>
-			<command>network vpn security-policies <replaceable>NAME</replaceable> <arg choice="plain">command</arg> ...</command>
-		</cmdsynopsis>
-	</refsynopsisdiv>
-
-	<refsect1>
-		<title>Description</title>
-
-		<para>
-			With help of the <command>vpn security-policies</command>, it is possible
-			to create, destroy and edit VPN security policies.
-		</para>
-		<para>
-			A security policy is a definition of ciphers and algorithms for integrity
-			and key-exchanges for VPN connections.
-		</para>
-	</refsect1>
-
-	<refsect1>
-		<title>Commands</title>
-
-		<para>
-			The following commands are understood:
-		</para>
-
-		<variablelist>
-			<varlistentry>
-				<term>
-					<command>new <replaceable>NAME</replaceable></command>
-				</term>
-
-				<listitem>
-					<para>
-						A new security policy may be created with the
-						<command>new</command> command.
-					</para>
-
-					<para>
-						<replaceable>NAME</replaceable> does not allow any spaces.
-					</para>
-				</listitem>
-			</varlistentry>
-
-			<varlistentry>
-				<term>
-					<command>destroy <replaceable>NAME</replaceable></command>
-				</term>
-
-				<listitem>
-					<para>
-						A security policy can be destroyed with this command.
-					</para>
-					<para>
-						If the policy is still in use, it cannot be deleted.
-					</para>
-				</listitem>
-			</varlistentry>
-		</variablelist>
-
-		<para>
-			For all other commands, the name of the security policy needs to be passed first:
-		</para>
-
-		<variablelist>
-			<varlistentry>
-				<term>
-					<command><replaceable>NAME</replaceable> show</command>
-				</term>
-
-				<listitem>
-					<para>
-						Shows the configuration of the security policy.
-					</para>
-				</listitem>
-			</varlistentry>
-
-			<varlistentry>
-				<term>
-					<command><replaceable>NAME</replaceable> key-exchange <replaceable>[IKEv2|IKEv1]</replaceable></command>
-				</term>
-
-				<listitem>
-					<para>
-						Defines the key exchange algorithm that should be used to
-						initiate an IPsec VPN connection.
-					</para>
-				</listitem>
-			</varlistentry>
-
-			<varlistentry>
-				<term>
-					<command><replaceable>NAME</replaceable> ciphers <replaceable>[CIPHER-LIST|+CIPHER ...|-CIPHER ...]</replaceable></command>
-				</term>
-
-				<listitem>
-					<para>
-						This command allows modifying the cipher list.
-					</para>
-
-					<para>
-						A new <replaceable>CIPHER-LIST</replaceable> can be passed
-						which will replace the current configuration.
-						Alternatively, new ciphers can be added by prepending a
-						+ sign to the cipher name and can removed likewise
-						using -.
-					</para>
-
-					<para>
-						A cipher is an algorithm that encrypts and decrypts data
-						to be able to transmit it over an insecure channel.
-					</para>
-				</listitem>
-			</varlistentry>
-
-			<varlistentry>
-				<term>
-					<command><replaceable>NAME</replaceable> integrities <replaceable>[INTEGRITY-LIST|+INTEGRITY ...|-INTEGRITY ...]</replaceable></command>
-				</term>
-
-				<listitem>
-					<para>
-						This command allows modifying the integrity list
-						similar to the <command>ciphers</command> command.
-					</para>
-
-					<para>
-						Integrity algorithms are used to be able to determine
-						if data has been altered when being transfered over
-						an untrusted channel.
-					</para>
-				</listitem>
-			</varlistentry>
-
-			<varlistentry>
-				<term>
-					<command><replaceable>NAME</replaceable> pseudo-random-functions <replaceable>[PSEUDO-RANDOM-FUNCTION-LIST|+PSEUDO-RANDOM-FUNCTION...|-PSEUDO-RANDOM-FUNCTION]</replaceable>
-					</command>
-				</term>
-
-				<listitem>
-					<para>
-						This command allows modifying the list of pseudo random functions
-						similar to the <command>ciphers</command> command.
-					</para>
-
-					<para>
-						These functions are used in combination with an AEAD cipher only.
-					</para>
-				</listitem>
-			</varlistentry>
-
-			<varlistentry>
-				<term>
-					<command><replaceable>NAME</replaceable> group-types <replaceable>[GROUP-TYPES-LIST|+GROUP-TYPE ...|-GROUP-TYPE]</replaceable>
-					</command>
-				</term>
-
-				<listitem>
-					<para>
-						This command allows modifying the list of group types
-						similar to the <command>ciphers</command> command.
-					</para>
-
-					<para>
-						These algorithms are used to negotiate a shared secret
-						of an insecure channel.
-					</para>
-				</listitem>
-			</varlistentry>
-
-			<varlistentry>
-				<term>
-					<command><replaceable>NAME</replaceable> pfs <replaceable>[on|off]</replaceable></command>
-				</term>
-
-				<listitem>
-					<para>
-						This command allows to enable or disable Perfect Forward Secrecy (PFS).
-					</para>
-
-					<para>
-						If PFS is enabled, the encrypted channels of a VPN connection will be
-						renegotiated regularly to avoid that the same keys are used for too long.
-						If an attacker is able to obtain a key that was used to encrypt the
-						data, it is only possible to decrypt a certain amount of data.
-					</para>
-
-					<para>
-						It is strongly recommended to enable PFS at all times.
-					</para>
-				</listitem>
-			</varlistentry>
-
-			<varlistentry>
-				<term>
-					<command><replaceable>NAME</replaceable> lifetime <replaceable>LIFETIME</replaceable></command>
-				</term>
-
-				<listitem>
-					<para>
-						This command allows to define how often the VPN connection is
-						renegotiated if PFS is enabled.
-					</para>
-				</listitem>
-			</varlistentry>
-
-			<varlistentry>
-				<term>
-					<command><replaceable>NAME</replaceable> compression <replaceable>[on|off]</replaceable></command>
-				</term>
-
-				<listitem>
-					<para>
-						This command allows to enable or disable compression.
-					</para>
-
-					<para>
-						If compression is enabled, all data is being compressed before being
-						sent through the VPN.
-						This setting is ignored if the peer does not support this.
-					</para>
-				</listitem>
-			</varlistentry>
-		</variablelist>
-	</refsect1>
-
-	<refsect1>
-		<title>System Policies</title>
-
-		<para>
-			The system comes with builtin policies that cannot be modified by the user.
-			They are intended to provide good defaults for various situations.
-		</para>
-
-		<refsect2>
-			<title>system</title>
-
-			<para>
-				This policy is the default for every VPN connection and allows using
-				all ciphers, integrity and key-exchange algorithms that are recommended
-				to use and have not been proven or assumed to be broken, yet.
-			</para>
-
-			<para>
-				Over time, this policy will change whenever an algorithm has been broken
-				and is not recommended to be used any more.
-			</para>
-		</refsect2>
-
-		<refsect2>
-			<title>performance</title>
-
-			<para>
-				This policy is recommended to be used on systems that are not very powerful.
-				Algorithms with smaller key lengths, but still considered to be secure
-				are being used.
-			</para>
-		</refsect2>
-
-		<para>
-			System policies cannot be deleted.
-		</para>
-	</refsect1>
-
-	<refsect1>
-		<title>See Also</title>
-
-		<para>
-			<citerefentry>
-				<refentrytitle>network</refentrytitle>
-				<manvolnum>8</manvolnum>
-			</citerefentry>,
-			<citerefentry>
-				<refentrytitle>network-vpn</refentrytitle>
-				<manvolnum>8</manvolnum>
-			</citerefentry>
-		</para>
-	</refsect1>
-</refentry>
-- 
2.39.2