461 .ne 2
462 .na
463 \fBp2_idletime_secs \fInum\fR\fR
464 .ad
465 .sp .6
466 .RS 4n
467 The idle lifetime of a phase 2 SA, in seconds. If the value is specified, the
468 value specifies the lifetime of the SA, if the security association is not used
469 before the SA is revalidated.
470 .RE
471
472 .sp
473 .ne 2
474 .na
475 \fBp2_lifetime_kb \fInum\fR\fR
476 .ad
477 .sp .6
478 .RS 4n
479 The lifetime of an SA can optionally be specified in kilobytes. This parameter
480 specifies the default value. If lifetimes are specified in both seconds and
481 kilobytes, the SA expires when either the seconds or kilobyte threshholds are
482 passed.
483 .RE
484
485 .sp
486 .ne 2
487 .na
488 \fBp2_softlife_kb \fInum\fR\fR
489 .ad
490 .sp .6
491 .RS 4n
492 This value is the number of kilobytes that can be protected by an SA before a
493 soft expire occurs (see \fBp2_softlife_secs\fR, above).
494 .sp
495 This value is optional. If omitted, soft expiry occurs after 90% of the
496 lifetime specified by \fBp2_lifetime_kb\fR. The value specified by
497 \fBp2_softlife_kb\fR is ignored if \fBp2_lifetime_kb\fR is not specified.
498 .RE
499
500 .sp
501 .ne 2
653 .sp .6
654 .RS 4n
655 An encryption algorithm, as in \fBipsecconf\fR(1M). However, of the ciphers
656 listed above, only \fBaes\fR and \fBaes-cbc\fR allow optional key-size setting,
657 using the "low value-to-high value" syntax. To specify a single AES key size,
658 the low value must equal the high value. If no range is specified, all three
659 AES key sizes are allowed.
660 .RE
661
662 .sp
663 .ne 2
664 .na
665 \fBauth_alg {md5, sha, sha1, sha256, sha384, sha512}\fR
666 .ad
667 .sp .6
668 .RS 4n
669 An authentication algorithm.
670 .sp
671 Use \fBipsecalgs\fR(1M) with the \fB-l\fR option to list the IPsec protocols
672 and algorithms currently defined on a system. The \fBcryptoadm list\fR command
673 diplays a list of installed providers and their mechanisms. See
674 \fBcryptoadm\fR(1M).
675 .RE
676
677 .sp
678 .ne 2
679 .na
680 \fBauth_method {preshared, rsa_sig, rsa_encrypt, dss_sig}\fR
681 .ad
682 .sp .6
683 .RS 4n
684 The authentication method used for IKE phase 1.
685 .RE
686
687 .sp
688 .ne 2
689 .na
690 \fBp1_lifetime_secs \fInum\fR\fR
691 .ad
692 .sp .6
693 .RS 4n
|
461 .ne 2
462 .na
463 \fBp2_idletime_secs \fInum\fR\fR
464 .ad
465 .sp .6
466 .RS 4n
467 The idle lifetime of a phase 2 SA, in seconds. If the value is specified, the
468 value specifies the lifetime of the SA, if the security association is not used
469 before the SA is revalidated.
470 .RE
471
472 .sp
473 .ne 2
474 .na
475 \fBp2_lifetime_kb \fInum\fR\fR
476 .ad
477 .sp .6
478 .RS 4n
479 The lifetime of an SA can optionally be specified in kilobytes. This parameter
480 specifies the default value. If lifetimes are specified in both seconds and
481 kilobytes, the SA expires when either the seconds or kilobyte thresholds are
482 passed.
483 .RE
484
485 .sp
486 .ne 2
487 .na
488 \fBp2_softlife_kb \fInum\fR\fR
489 .ad
490 .sp .6
491 .RS 4n
492 This value is the number of kilobytes that can be protected by an SA before a
493 soft expire occurs (see \fBp2_softlife_secs\fR, above).
494 .sp
495 This value is optional. If omitted, soft expiry occurs after 90% of the
496 lifetime specified by \fBp2_lifetime_kb\fR. The value specified by
497 \fBp2_softlife_kb\fR is ignored if \fBp2_lifetime_kb\fR is not specified.
498 .RE
499
500 .sp
501 .ne 2
653 .sp .6
654 .RS 4n
655 An encryption algorithm, as in \fBipsecconf\fR(1M). However, of the ciphers
656 listed above, only \fBaes\fR and \fBaes-cbc\fR allow optional key-size setting,
657 using the "low value-to-high value" syntax. To specify a single AES key size,
658 the low value must equal the high value. If no range is specified, all three
659 AES key sizes are allowed.
660 .RE
661
662 .sp
663 .ne 2
664 .na
665 \fBauth_alg {md5, sha, sha1, sha256, sha384, sha512}\fR
666 .ad
667 .sp .6
668 .RS 4n
669 An authentication algorithm.
670 .sp
671 Use \fBipsecalgs\fR(1M) with the \fB-l\fR option to list the IPsec protocols
672 and algorithms currently defined on a system. The \fBcryptoadm list\fR command
673 displays a list of installed providers and their mechanisms. See
674 \fBcryptoadm\fR(1M).
675 .RE
676
677 .sp
678 .ne 2
679 .na
680 \fBauth_method {preshared, rsa_sig, rsa_encrypt, dss_sig}\fR
681 .ad
682 .sp .6
683 .RS 4n
684 The authentication method used for IKE phase 1.
685 .RE
686
687 .sp
688 .ne 2
689 .na
690 \fBp1_lifetime_secs \fInum\fR\fR
691 .ad
692 .sp .6
693 .RS 4n
|