diff options
author | Tobias Brunner <tobias@strongswan.org> | 2013-06-16 19:06:40 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2013-06-21 16:04:45 +0200 |
commit | 0d60489bf8baed1ceaefccef7bc025a1eca4fe54 (patch) | |
tree | 6a1b2efed3460ee7c8b9c77906215b66f284748c /src | |
parent | 295d595b49a5263763040ba7f6e43df0d667be69 (diff) | |
download | strongswan-0d60489bf8baed1ceaefccef7bc025a1eca4fe54.tar.bz2 strongswan-0d60489bf8baed1ceaefccef7bc025a1eca4fe54.tar.xz |
charon-cmd: Add man page for charon-cmd(8)
Diffstat (limited to 'src')
-rw-r--r-- | src/charon-cmd/Makefile.am | 9 | ||||
-rw-r--r-- | src/charon-cmd/charon-cmd.8.in | 114 |
2 files changed, 123 insertions, 0 deletions
diff --git a/src/charon-cmd/Makefile.am b/src/charon-cmd/Makefile.am index 2c9f1ba1f..4539173a1 100644 --- a/src/charon-cmd/Makefile.am +++ b/src/charon-cmd/Makefile.am @@ -1,4 +1,7 @@ sbin_PROGRAMS = charon-cmd +CLEANFILES = charon-cmd.8 +dist_man8_MANS = charon-cmd.8 +EXTRA_DIST = charon-cmd.8.in charon_cmd_SOURCES = \ cmd/cmd_options.h cmd/cmd_options.c \ @@ -23,3 +26,9 @@ charon_cmd_LDADD = \ $(top_builddir)/src/libhydra/libhydra.la \ $(top_builddir)/src/libcharon/libcharon.la \ -lm $(PTHREADLIB) $(DLLIB) + +charon-cmd.8 : charon-cmd.8.in + $(AM_V_GEN) \ + sed \ + -e "s:@IPSEC_VERSION@:$(PACKAGE_VERSION):" \ + $(srcdir)/$@.in > $@ diff --git a/src/charon-cmd/charon-cmd.8.in b/src/charon-cmd/charon-cmd.8.in new file mode 100644 index 000000000..e0181ee50 --- /dev/null +++ b/src/charon-cmd/charon-cmd.8.in @@ -0,0 +1,114 @@ +.TH CHARON\-CMD 8 "2013-06-16" "@IPSEC_VERSION@" "strongSwan" +.SH "NAME" +charon\-cmd \- Simple IKE client (IPsec VPN client) +.SH SYNOPSIS +.B charon\-cmd +.B \-\-host +.I hostname +.B \-\-identity +.I identity +.B [ options ] +.PP +.SH "DESCRIPTION" +.B charon\-cmd +is a program for setting up IPsec VPN connections using the Internet Key +Exchange protocol (IKE) in version 1 and 2. It supports a number of different +road-warrior scenarios. +.PP +Like the IKE daemon +.BR charon , +.B charon\-cmd +has to be run as +.B root +(or more specifically as a user with +.B CAP_NET_ADMIN +capability). +.PP +Of the following options at least +.I \-\-host +and +.I \-\-identity +are required. Depending on the selected authentication +.I profile +credentials also have to be provided with their respective options. +.PP +.SH "OPTIONS" +.TP +.BI "\-\-host " hostname +DNS name or IP address to connect to. +.TP +.BI "\-\-identity " identity +Identity the client uses for the IKE exchange. +.TP +.BI "\-\-remote\-identity " identity +Server identity to expect, defaults to +.IR hostname . +.TP +.BI "\-\-cert " path +Trusted certificate, either for authentication or trust chain validation. +To provide more than one certificate multiple +.B \-\-cert +options can be used. +.TP +.BI "\-\-rsa " path +RSA private key to use for authentication (if a password is required, it will +be requested on demand). +.TP +.BI "\-\-p12 " path +PKCS#12 file with private key and certificates to use for authentication and +trust chain validation (if a password is required it will be requested on +demand). +.TP +.RI "\fB\-\-agent\fR[=" socket ] +Use SSH agent for authentication. If +.I socket +is not specified it is read from the +.B SSH_AUTH_SOCK +environment variable. +.TP +.BI "\-\-local\-ts " subnet +Additional traffic selector to propose for our side, the requested virtual IP +address will always be proposed. +.TP +.BI "\-\-remote\-ts " subnet +Traffic selector to propose for remote side, defaults to 0.0.0.0/0. +.TP +.BI "\-\-profile " name +Authentication profile to use, the list of supported profiles can be found +in the +.B Authentication Profiles +section below. Defaults to +.B ikev2\-pub +if a private key was supplied, and to +.B ikev2\-eap +otherwise. +.PP +.SS "Authentication Profiles" +.TP +.B "ikev2\-pub" +IKEv2 with public key client and server authentication +.TP +.B "ikev2\-eap" +IKEv2 with EAP client authentication and public key server authentication +.TP +.B "ikev2\-pub\-eap" +IKEv2 with public key and EAP client authentication (RFC 4739) and public key +server authentication +.TP +.B "ikev1\-pub" +IKEv1 with public key client and server authentication +.TP +.B "ikev1\-xauth" +IKEv1 with public key client and server authentication, followed by client XAuth +authentication +.TP +.B "ikev1\-xauth\-psk" +IKEv1 with pre-shared key (PSK) client and server authentication, followed by +client XAuth authentication (INSECURE!) +.TP +.B "ikev1\-hybrid" +IKEv1 with public key server authentication only, followed by client XAuth +authentication +.PP +.SH "SEE ALSO" +\fBipsec\fR(8) |