1 .\" $KAME: setkey.8,v 1.89 2003/09/07 22:17:41 itojun Exp $
3 .\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
4 .\" All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the project nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 .Nd "manually manipulate the IPsec SA/SP database"
60 utility adds, updates, dumps, or flushes
61 Security Association Database (SAD) entries
62 as well as Security Policy Database (SPD) entries in the kernel.
66 utility takes a series of operations from the standard input
73 .Bl -tag -width indent
78 the SPD entries are dumped.
80 Flush the SAD entries.
83 the SPD entries are flushed.
88 usually does not display dead SAD entries with
92 the dead SAD entries will be displayed as well.
93 A dead SAD entry means that
94 it has been expired but remains in the system
95 because it is referenced by some SPD entries.
97 Add hexadecimal dump on
101 Loop forever with short output on
105 The program will dump messages exchanged on
107 socket, including messages sent from other processes to the kernel.
109 Loop forever and dump all the messages transmitted to
113 makes each timestamp unformatted.
115 .Ss Configuration syntax
122 accepts the following configuration syntax.
123 Lines starting with hash signs
125 are treated as comment lines.
126 .Bl -tag -width indent
130 .Ar src Ar dst Ar protocol Ar spi
137 can fail with multiple reasons,
138 including when the key length does not match the specified algorithm.
143 .Ar src Ar dst Ar protocol Ar spi
151 .Ar src Ar dst Ar protocol Ar spi
159 .Ar src Ar dst Ar protocol
162 Remove all SAD entries that match the specification.
169 Clear all SAD entries matched by the options.
171 on the command line achieves the same functionality.
178 Dumps all SAD entries matched by the options.
180 on the command line achieves the same functionality.
185 .Ar src_range Ar dst_range Ar upperspec Ar policy
193 .Ar src_range Ar dst_range Ar upperspec Fl P Ar direction
202 Clear all SPD entries.
204 on the command line achieves the same functionality.
210 Dumps all SPD entries.
212 on the command line achieves the same functionality.
216 Meta-arguments are as follows:
218 .Bl -tag -compact -width indent
221 Source/destination of the secure communication is specified as
226 can resolve a FQDN into numeric addresses.
227 If the FQDN resolves into multiple addresses,
229 will install multiple SAD/SPD entries into the kernel
230 by trying all possible combinations.
235 restricts the address resolution of FQDN in certain ways.
239 restrict results into IPv4/v6 addresses only, respectively.
241 avoids FQDN resolution and requires addresses to be numeric addresses.
247 .Bl -tag -width Fl -compact
259 TCP-MD5 based on rfc2385
264 Security Parameter Index
266 for the SAD and the SPD.
268 must be a decimal number, or a hexadecimal number with
271 SPI values between 0 and 255 are reserved for future use by IANA
272 and they cannot be used.
276 take some of the following:
277 .Bl -tag -width Fl -compact
280 Specify a security protocol mode for use.
283 .Li transport , tunnel
290 Specify window size of bytes for replay prevention.
292 must be decimal number in 32-bit word.
295 is zero or not specified, replay check does not take place.
298 Specify the identifier of the policy entry in SPD.
302 .It Fl f Ar pad_option
303 defines the content of the ESP padding.
306 .Bl -tag -width random-pad -compact
308 All of the padding are zero.
310 A series of randomized values are set.
312 A series of sequential increasing numbers started from 1 are set.
315 .It Fl f Li nocyclic-seq
316 Do not allow cyclic sequence number.
320 Specify hard/soft life time duration of the SA.
325 .Bl -tag -width Fl -compact
326 .It Fl E Ar ealgo Ar key
327 Specify an encryption algorithm
331 .Fl E Ar ealgo Ar key
332 .Fl A Ar aalgo Ar key
334 Specify a encryption algorithm
336 as well as a payload authentication algorithm
339 .It Fl A Ar aalgo Ar key
340 Specify an authentication algorithm for AH.
341 .It Fl C Ar calgo Op Fl R
342 Specify a compression algorithm for IPComp.
347 field value will be used as the IPComp CPI
348 (compression parameter index)
353 the kernel will use well-known CPI on wire, and
355 field will be used only as an index for kernel internal usage.
359 must be double-quoted character string, or a series of hexadecimal digits
368 are specified in separate section.
373 These are selections of the secure communication specified as
374 IPv4/v6 address or IPv4/v6 address range, and it may accompany
375 TCP/UDP port specification.
376 This takes the following form:
379 .Ar address/prefixlen
381 .Ar address/prefixlen[port]
387 must be a decimal number.
388 The square brackets around
390 are necessary and are not manpage metacharacters.
391 For FQDN resolution, the rules applicable to
399 The upper layer protocol to be used.
400 You can use one of the words in
413 The protocol number may also be used to specify the
415 A type and code related to ICMPv6 may also be specified as an
417 The type is specified first, followed by a comma and then the relevant
419 The specification must be placed after
421 The kernel considers a zero to be a wildcard but
422 cannot distinguish between a wildcard and an ICMPv6
424 The following example shows a policy where IPSec is not required for
425 inbound Neighbor Solicitations:
427 .Dl "spdadd ::/0 ::/0 icmp6 135,0 -P in none;"
431 does not work in the forwarding case at this moment,
432 as it requires extra reassembly at forwarding node,
433 which is not implemented at this moment.
434 Although there are many protocols in
436 protocols other than TCP, UDP and ICMP may not be suitable to use with IPsec.
441 is expressed in one of the following three formats:
443 .Bl -tag -width 2n -compact
444 .It Fl P Ar direction Li discard
445 .It Fl P Ar direction Li none
446 .It Xo Fl P Ar direction Li ipsec
447 .Ar protocol/mode/src-dst/level Op ...
451 The direction of a policy must be specified as
462 means that packets matching the supplied indices will be discarded
465 means that IPsec operations will not take place on the packet and
467 means that IPsec operation will take place onto the packet.
469 .Ar protocol/mode/src-dst/level
470 statement gives the rule for how to process the packet.
488 you must specify the end-point addresses of the SA as
494 between the addresses.
506 is one of the following:
507 .Li default , use , require
510 If the SA is not available in every level, the kernel will request
511 the SA from the key exchange daemon.
514 tells the kernel to use the system wide default protocol
515 e.g.,\& the one from the
517 sysctl variable, when the kernel processes the packet.
520 means that the kernel will use an SA if it is available,
521 otherwise the kernel will pass the packet as it would normally.
524 means that an SA is required whenever the kernel sends a packet matched
525 that matches the policy.
530 but, in addition, it allows the policy to bind with the unique out-bound SA.
531 For example, if you specify the policy level
534 will configure the SA for the policy.
535 If you configure the SA by manual keying for that policy,
536 you can put the decimal number as the policy identifier after
540 as in the following example:
542 In order to bind this policy to the SA,
544 must be between 1 and 32767,
547 of manual SA configuration.
549 When you want to use an SA bundle, you can define multiple rules.
551 example, if an IP header was followed by an AH header followed by an
552 ESP header followed by an upper layer protocol header, the rule would
555 .Dl esp/transport//require ah/transport//require ;
557 The rule order is very important.
563 are not in the syntax described in
564 .Xr ipsec_set_policy 3 .
565 There are small, but important, differences in the syntax.
567 .Xr ipsec_set_policy 3
572 The following list shows the supported algorithms.
577 are almost completely orthogonal.
578 The following list of authentication algorithms can be used as
585 .Bd -literal -offset indent
586 algorithm keylen (bits) comment
587 hmac-md5 128 ah: rfc2403
589 hmac-sha1 160 ah: rfc2404
590 160 ah-old: 128bit ICV (no document)
591 keyed-md5 128 ah: 96bit ICV (no document)
593 keyed-sha1 160 ah: 96bit ICV (no document)
594 160 ah-old: 128bit ICV (no document)
595 null 0 to 2048 for debugging
596 hmac-sha2-256 256 ah: 128bit ICV (RFC4868)
597 256 ah-old: 128bit ICV (no document)
598 hmac-sha2-384 384 ah: 192bit ICV (RFC4868)
599 384 ah-old: 128bit ICV (no document)
600 hmac-sha2-512 512 ah: 256bit ICV (RFC4868)
601 512 ah-old: 128bit ICV (no document)
602 hmac-ripemd160 160 ah: 96bit ICV (RFC2857)
603 ah-old: 128bit ICV (no document)
604 aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
605 128 ah-old: 128bit ICV (no document)
606 tcp-md5 8 to 640 tcp: rfc2385
609 The following is the list of encryption algorithms that can be used as the
616 .Bd -literal -offset indent
617 algorithm keylen (bits) comment
618 des-cbc 64 esp-old: rfc1829, esp: rfc2405
620 null 0 to 2048 rfc2410
621 blowfish-cbc 40 to 448 rfc2451
622 cast128-cbc 40 to 128 rfc2451
623 des-deriv 64 ipsec-ciph-des-derived-01
624 rijndael-cbc 128/192/256 rfc3602
625 aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03
626 aes-gcm-16 160/224/288 rfc4106
627 camellia-cbc 128/192/256 rfc4312
630 Note that the first 128/192/256 bits of a key for
631 .Li aes-ctr or aes-gcm-16
632 will be used as AES key, and remaining 32 bits will be used as nonce.
634 The following are the list of compression algorithms that can be used
642 .Bd -literal -offset indent
651 Add an ESP SA between two IPv6 addresses using the
652 des-cbc encryption algorithm.
653 .Bd -literal -offset indent
654 add 3ffe:501:4819::1 3ffe:501:481d::1 esp 123457
655 -E des-cbc 0x3ffe05014819ffff ;
659 Add an authentication SA between two FQDN specified hosts:
660 .Bd -literal -offset indent
661 add -6 myhost.example.com yourhost.example.com ah 123456
662 -A hmac-sha1 "AH SA configuration!" ;
665 Use both ESP and AH between two numerically specified hosts:
666 .Bd -literal -offset indent
667 add 10.0.11.41 10.0.11.33 esp 0x10001
668 -E des-cbc 0x3ffe05014819ffff
669 -A hmac-md5 "authentication!!" ;
672 Get the SA information associated with first example above:
673 .Bd -literal -offset indent
674 get 3ffe:501:4819::1 3ffe:501:481d::1 ah 123456 ;
677 Flush all entries from the database:
678 .Bd -literal -offset indent
682 Dump the ESP entries from the database:
683 .Bd -literal -offset indent
687 Add a security policy between two networks that uses ESP in tunnel mode:
688 .Bd -literal -offset indent
689 spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any
690 -P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ;
693 Use TCP MD5 between two numerically specified hosts:
694 .Bd -literal -offset indent
695 add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ;
699 .Xr ipsec_set_policy 3 ,
703 .%T "Changed manual key configuration for IPsec"
704 .%U http://www.kame.net/newsletter/19991007/
711 utility first appeared in WIDE Hydrangea IPv6 protocol stack kit.
712 The utility was completely re-designed in June 1998.
720 should report and handle syntax errors better.
722 For IPsec gateway configuration,
726 with TCP/UDP port number do not work, as the gateway does not reassemble
728 (cannot inspect upper-layer headers).