Print this page
9842 man page typos and spelling


 461 .ne 2
 462 .na
 463 \fBp2_idletime_secs \fInum\fR\fR
 464 .ad
 465 .sp .6
 466 .RS 4n
 467 The idle lifetime of a phase 2 SA, in seconds. If the value is specified, the
 468 value specifies the lifetime of the SA, if the security association is not used
 469 before the SA is revalidated.
 470 .RE
 471 
 472 .sp
 473 .ne 2
 474 .na
 475 \fBp2_lifetime_kb \fInum\fR\fR
 476 .ad
 477 .sp .6
 478 .RS 4n
 479 The lifetime of an SA can optionally be specified in kilobytes. This parameter
 480 specifies the default value. If lifetimes are specified in both seconds and
 481 kilobytes, the SA expires when either the seconds or kilobyte threshholds are
 482 passed.
 483 .RE
 484 
 485 .sp
 486 .ne 2
 487 .na
 488 \fBp2_softlife_kb \fInum\fR\fR
 489 .ad
 490 .sp .6
 491 .RS 4n
 492 This value is the number of kilobytes that can be protected by an SA before a
 493 soft expire occurs (see \fBp2_softlife_secs\fR, above).
 494 .sp
 495 This value is optional. If omitted, soft expiry occurs after 90% of the
 496 lifetime specified by \fBp2_lifetime_kb\fR. The value specified by
 497 \fBp2_softlife_kb\fR is ignored if \fBp2_lifetime_kb\fR is not specified.
 498 .RE
 499 
 500 .sp
 501 .ne 2


 653 .sp .6
 654 .RS 4n
 655 An encryption algorithm, as in \fBipsecconf\fR(1M). However, of the ciphers
 656 listed above, only \fBaes\fR and \fBaes-cbc\fR allow optional key-size setting,
 657 using the "low value-to-high value" syntax. To specify a single AES key size,
 658 the low value must equal the high value. If no range is specified, all three
 659 AES key sizes are allowed.
 660 .RE
 661 
 662 .sp
 663 .ne 2
 664 .na
 665 \fBauth_alg {md5, sha, sha1, sha256, sha384, sha512}\fR
 666 .ad
 667 .sp .6
 668 .RS 4n
 669 An authentication algorithm.
 670 .sp
 671 Use \fBipsecalgs\fR(1M) with the \fB-l\fR option to list the IPsec protocols
 672 and algorithms currently defined on a system. The \fBcryptoadm list\fR command
 673 diplays a list of installed providers and their mechanisms. See
 674 \fBcryptoadm\fR(1M).
 675 .RE
 676 
 677 .sp
 678 .ne 2
 679 .na
 680 \fBauth_method {preshared, rsa_sig, rsa_encrypt, dss_sig}\fR
 681 .ad
 682 .sp .6
 683 .RS 4n
 684 The authentication method used for IKE phase 1.
 685 .RE
 686 
 687 .sp
 688 .ne 2
 689 .na
 690 \fBp1_lifetime_secs \fInum\fR\fR
 691 .ad
 692 .sp .6
 693 .RS 4n




 461 .ne 2
 462 .na
 463 \fBp2_idletime_secs \fInum\fR\fR
 464 .ad
 465 .sp .6
 466 .RS 4n
 467 The idle lifetime of a phase 2 SA, in seconds. If the value is specified, the
 468 value specifies the lifetime of the SA, if the security association is not used
 469 before the SA is revalidated.
 470 .RE
 471 
 472 .sp
 473 .ne 2
 474 .na
 475 \fBp2_lifetime_kb \fInum\fR\fR
 476 .ad
 477 .sp .6
 478 .RS 4n
 479 The lifetime of an SA can optionally be specified in kilobytes. This parameter
 480 specifies the default value. If lifetimes are specified in both seconds and
 481 kilobytes, the SA expires when either the seconds or kilobyte thresholds are
 482 passed.
 483 .RE
 484 
 485 .sp
 486 .ne 2
 487 .na
 488 \fBp2_softlife_kb \fInum\fR\fR
 489 .ad
 490 .sp .6
 491 .RS 4n
 492 This value is the number of kilobytes that can be protected by an SA before a
 493 soft expire occurs (see \fBp2_softlife_secs\fR, above).
 494 .sp
 495 This value is optional. If omitted, soft expiry occurs after 90% of the
 496 lifetime specified by \fBp2_lifetime_kb\fR. The value specified by
 497 \fBp2_softlife_kb\fR is ignored if \fBp2_lifetime_kb\fR is not specified.
 498 .RE
 499 
 500 .sp
 501 .ne 2


 653 .sp .6
 654 .RS 4n
 655 An encryption algorithm, as in \fBipsecconf\fR(1M). However, of the ciphers
 656 listed above, only \fBaes\fR and \fBaes-cbc\fR allow optional key-size setting,
 657 using the "low value-to-high value" syntax. To specify a single AES key size,
 658 the low value must equal the high value. If no range is specified, all three
 659 AES key sizes are allowed.
 660 .RE
 661 
 662 .sp
 663 .ne 2
 664 .na
 665 \fBauth_alg {md5, sha, sha1, sha256, sha384, sha512}\fR
 666 .ad
 667 .sp .6
 668 .RS 4n
 669 An authentication algorithm.
 670 .sp
 671 Use \fBipsecalgs\fR(1M) with the \fB-l\fR option to list the IPsec protocols
 672 and algorithms currently defined on a system. The \fBcryptoadm list\fR command
 673 displays a list of installed providers and their mechanisms. See
 674 \fBcryptoadm\fR(1M).
 675 .RE
 676 
 677 .sp
 678 .ne 2
 679 .na
 680 \fBauth_method {preshared, rsa_sig, rsa_encrypt, dss_sig}\fR
 681 .ad
 682 .sp .6
 683 .RS 4n
 684 The authentication method used for IKE phase 1.
 685 .RE
 686 
 687 .sp
 688 .ne 2
 689 .na
 690 \fBp1_lifetime_secs \fInum\fR\fR
 691 .ad
 692 .sp .6
 693 .RS 4n