1 .\" $KAME: setkey.8,v 1.89 2003/09/07 22:17:41 itojun Exp $
3 .\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
4 .\" All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the project nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 .Nd "manually manipulate the IPsec SA/SP database"
60 utility adds, updates, dumps, or flushes
61 Security Association Database (SAD) entries
62 as well as Security Policy Database (SPD) entries in the kernel.
66 utility takes a series of operations from the standard input
73 .Bl -tag -width indent
78 the SPD entries are dumped.
80 Flush the SAD entries.
83 the SPD entries are flushed.
88 usually does not display dead SAD entries with
92 the dead SAD entries will be displayed as well.
93 A dead SAD entry means that
94 it has been expired but remains in the system
95 because it is referenced by some SPD entries.
97 Add hexadecimal dump on
101 Loop forever with short output on
105 The program will dump messages exchanged on
107 socket, including messages sent from other processes to the kernel.
109 Loop forever and dump all the messages transmitted to
113 makes each timestamps unformatted.
115 .Ss Configuration syntax
122 accepts the following configuration syntax.
123 Lines starting with hash signs
125 are treated as comment lines.
126 .Bl -tag -width indent
130 .Ar src Ar dst Ar protocol Ar spi
137 can fail with multiple reasons,
138 including when the key length does not match the specified algorithm.
143 .Ar src Ar dst Ar protocol Ar spi
151 .Ar src Ar dst Ar protocol Ar spi
159 .Ar src Ar dst Ar protocol
162 Remove all SAD entries that match the specification.
169 Clear all SAD entries matched by the options.
171 on the command line achieves the same functionality.
178 Dumps all SAD entries matched by the options.
180 on the command line achieves the same functionality.
185 .Ar src_range Ar dst_range Ar upperspec Ar policy
193 .Ar src_range Ar dst_range Ar upperspec Fl P Ar direction
202 Clear all SPD entries.
204 on the command line achieves the same functionality.
210 Dumps all SPD entries.
212 on the command line achieves the same functionality.
216 Meta-arguments are as follows:
218 .Bl -tag -compact -width indent
221 Source/destination of the secure communication is specified as
226 can resolve a FQDN into numeric addresses.
227 If the FQDN resolves into multiple addresses,
229 will install multiple SAD/SPD entries into the kernel
230 by trying all possible combinations.
235 restricts the address resolution of FQDN in certain ways.
239 restrict results into IPv4/v6 addresses only, respectively.
241 avoids FQDN resolution and requires addresses to be numeric addresses.
247 .Bl -tag -width Fl -compact
259 TCP-MD5 based on rfc2385
264 Security Parameter Index
266 for the SAD and the SPD.
268 must be a decimal number, or a hexadecimal number with
271 SPI values between 0 and 255 are reserved for future use by IANA
272 and they cannot be used.
273 TCP-MD5 associations must use 0x1000 and therefore only have per-host
274 granularity at this time.
278 take some of the following:
279 .Bl -tag -width Fl -compact
282 Specify a security protocol mode for use.
285 .Li transport , tunnel
292 Specify window size of bytes for replay prevention.
294 must be decimal number in 32-bit word.
297 is zero or not specified, replay check does not take place.
300 Specify the identifier of the policy entry in SPD.
304 .It Fl f Ar pad_option
305 defines the content of the ESP padding.
308 .Bl -tag -width random-pad -compact
310 All of the padding are zero.
312 A series of randomized values are set.
314 A series of sequential increasing numbers started from 1 are set.
317 .It Fl f Li nocyclic-seq
318 Do not allow cyclic sequence number.
322 Specify hard/soft life time duration of the SA.
327 .Bl -tag -width Fl -compact
328 .It Fl E Ar ealgo Ar key
329 Specify an encryption algorithm
333 .Fl E Ar ealgo Ar key
334 .Fl A Ar aalgo Ar key
336 Specify a encryption algorithm
338 as well as a payload authentication algorithm
341 .It Fl A Ar aalgo Ar key
342 Specify an authentication algorithm for AH.
343 .It Fl C Ar calgo Op Fl R
344 Specify a compression algorithm for IPComp.
349 field value will be used as the IPComp CPI
350 (compression parameter index)
355 the kernel will use well-known CPI on wire, and
357 field will be used only as an index for kernel internal usage.
361 must be double-quoted character string, or a series of hexadecimal digits
370 are specified in separate section.
375 These are selections of the secure communication specified as
376 IPv4/v6 address or IPv4/v6 address range, and it may accompany
377 TCP/UDP port specification.
378 This takes the following form:
381 .Ar address/prefixlen
383 .Ar address/prefixlen[port]
389 must be decimal number.
390 The square bracket around
393 They are not manpage metacharacters.
394 For FQDN resolution, the rules applicable to
402 Upper-layer protocol to be used.
403 You can use one of words in
416 Also you can use the protocol number.
417 You can specify a type and/or a code of ICMPv6 when
418 upper-layer protocol is ICMPv6.
419 The specification can be placed after
421 A type is separated with a code by single comma.
422 A code must be specified anytime.
423 When a zero is specified, the kernel deals with it as a wildcard.
424 Note that the kernel cannot distinguish a wildcard from that a type
426 For example, the following means the policy does not require IPsec
427 for any inbound Neighbor Solicitation:
429 .Dl "spdadd ::/0 ::/0 icmp6 135,0 -P in none;"
433 does not work against forwarding case at this moment,
434 as it requires extra reassembly at forwarding node
435 (not implemented at this moment).
436 We have many protocols in
438 but protocols except of TCP, UDP and ICMP may not be suitable to use with IPsec.
439 You have to consider and be careful to use them.
444 is the one of the following three formats:
445 .Bd -ragged -offset indent
446 .It Fl P Ar direction Li discard
447 .It Fl P Ar direction Li none
448 .It Xo Fl P Ar direction Li ipsec
449 .Ar protocol/mode/src-dst/level Op ...
453 You must specify the direction of its policy as
461 means the packet matching indexes will be discarded.
463 means that IPsec operation will not take place onto the packet.
465 means that IPsec operation will take place onto the packet.
467 .Ar protocol/mode/src-dst/level
468 specifies the rule how to process the packet.
485 you must specify the end-points addresses of the SA as
491 between these addresses which is used to specify the SA to use.
502 is to be one of the following:
503 .Li default , use , require
506 If the SA is not available in every level, the kernel will request
507 getting SA to the key exchange daemon.
509 means the kernel consults to the system wide default against protocol you
512 sysctl variable, when the kernel processes the packet.
514 means that the kernel use a SA if it is available,
515 otherwise the kernel keeps normal operation.
517 means SA is required whenever the kernel sends a packet matched
520 is the same to require.
521 In addition, it allows the policy to bind with the unique out-bound SA.
522 You just specify the policy level
525 will configure the SA for the policy.
526 If you configure the SA by manual keying for that policy,
527 you can put the decimal number as the policy identifier after
533 In order to bind this policy to the SA,
535 must be between 1 and 32767.
538 of the manual SA configuration.
539 When you want to use SA bundle, you can define multiple rules.
540 For example, if an IP header was followed by AH header followed by ESP header
541 followed by an upper layer protocol header, the rule
543 .Dl esp/transport//require ah/transport//require ;
544 The rule order is very important.
550 are not in the syntax described in
551 .Xr ipsec_set_policy 3 .
552 There are little differences in the syntax.
554 .Xr ipsec_set_policy 3
561 The following list shows the supported algorithms.
565 are almost orthogonal.
566 Followings are the list of authentication algorithms that can be used as
574 .Bd -literal -offset indent
575 algorithm keylen (bits) comment
576 hmac-md5 128 ah: rfc2403
578 hmac-sha1 160 ah: rfc2404
579 160 ah-old: 128bit ICV (no document)
580 keyed-md5 128 ah: 96bit ICV (no document)
582 keyed-sha1 160 ah: 96bit ICV (no document)
583 160 ah-old: 128bit ICV (no document)
584 null 0 to 2048 for debugging
585 hmac-sha2-256 256 ah: 96bit ICV
586 (draft-ietf-ipsec-ciph-sha-256-00)
587 256 ah-old: 128bit ICV (no document)
588 hmac-sha2-384 384 ah: 96bit ICV (no document)
589 384 ah-old: 128bit ICV (no document)
590 hmac-sha2-512 512 ah: 96bit ICV (no document)
591 512 ah-old: 128bit ICV (no document)
592 hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
593 ah-old: 128bit ICV (no document)
594 aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
595 128 ah-old: 128bit ICV (no document)
596 tcp-md5 8 to 640 tcp: rfc2385
599 Followings are the list of encryption algorithms that can be used as
607 .Bd -literal -offset indent
608 algorithm keylen (bits) comment
609 des-cbc 64 esp-old: rfc1829, esp: rfc2405
611 null 0 to 2048 rfc2410
612 blowfish-cbc 40 to 448 rfc2451
613 cast128-cbc 40 to 128 rfc2451
614 des-deriv 64 ipsec-ciph-des-derived-01
615 3des-deriv 192 no document
616 rijndael-cbc 128/192/256 rfc3602
617 aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03
620 Note that the first 128 bits of a key for
622 will be used as AES key, and remaining 32 bits will be used as nonce.
624 Followings are the list of compression algorithms that can be used as
632 .Bd -literal -offset indent
642 add 3ffe:501:4819::1 3ffe:501:481d::1 esp 123457
643 -E des-cbc 0x3ffe05014819ffff ;
645 add -6 myhost.example.com yourhost.example.com ah 123456
646 -A hmac-sha1 "AH SA configuration!" ;
648 add 10.0.11.41 10.0.11.33 esp 0x10001
649 -E des-cbc 0x3ffe05014819ffff
650 -A hmac-md5 "authentication!!" ;
652 get 3ffe:501:4819::1 3ffe:501:481d::1 ah 123456 ;
658 spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any
659 -P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ;
661 add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ;
666 .Xr ipsec_set_policy 3 ,
670 .%T "Changed manual key configuration for IPsec"
671 .%O "http://www.kame.net/newsletter/19991007/"
678 utility first appeared in WIDE Hydrangea IPv6 protocol stack kit.
679 The utility was completely re-designed in June 1998.
685 should report and handle syntax errors better.
687 For IPsec gateway configuration,
691 with TCP/UDP port number do not work, as the gateway does not reassemble
693 (cannot inspect upper-layer headers).