xref: /freebsd/sbin/setkey/setkey.8 (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1.\"	$KAME: setkey.8,v 1.89 2003/09/07 22:17:41 itojun Exp $
2.\"
3.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\" 3. Neither the name of the project nor the names of its contributors
15.\"    may be used to endorse or promote products derived from this software
16.\"    without specific prior written permission.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28.\" SUCH DAMAGE.
29.\"
30.\" $FreeBSD$
31.\"
32.Dd May 13, 2006
33.Dt SETKEY 8
34.Os
35.\"
36.Sh NAME
37.Nm setkey
38.Nd "manually manipulate the IPsec SA/SP database"
39.\"
40.Sh SYNOPSIS
41.Nm
42.Op Fl v
43.Fl c
44.Nm
45.Op Fl v
46.Fl f Ar filename
47.Nm
48.Op Fl aPlv
49.Fl D
50.Nm
51.Op Fl Pv
52.Fl F
53.Nm
54.Op Fl h
55.Fl x
56.\"
57.Sh DESCRIPTION
58The
59.Nm
60utility adds, updates, dumps, or flushes
61Security Association Database (SAD) entries
62as well as Security Policy Database (SPD) entries in the kernel.
63.Pp
64The
65.Nm
66utility takes a series of operations from the standard input
67(if invoked with
68.Fl c )
69or the file named
70.Ar filename
71(if invoked with
72.Fl f Ar filename ) .
73.Bl -tag -width indent
74.It Fl D
75Dump the SAD entries.
76If with
77.Fl P ,
78the SPD entries are dumped.
79.It Fl F
80Flush the SAD entries.
81If with
82.Fl P ,
83the SPD entries are flushed.
84.It Fl a
85The
86.Nm
87utility
88usually does not display dead SAD entries with
89.Fl D .
90If with
91.Fl a ,
92the dead SAD entries will be displayed as well.
93A dead SAD entry means that
94it has been expired but remains in the system
95because it is referenced by some SPD entries.
96.It Fl h
97Add hexadecimal dump on
98.Fl x
99mode.
100.It Fl l
101Loop forever with short output on
102.Fl D .
103.It Fl v
104Be verbose.
105The program will dump messages exchanged on
106.Dv PF_KEY
107socket, including messages sent from other processes to the kernel.
108.It Fl x
109Loop forever and dump all the messages transmitted to
110.Dv PF_KEY
111socket.
112.Fl xx
113makes each timestamps unformatted.
114.El
115.Ss Configuration syntax
116With
117.Fl c
118or
119.Fl f
120on the command line,
121.Nm
122accepts the following configuration syntax.
123Lines starting with hash signs
124.Pq Ql #
125are treated as comment lines.
126.Bl -tag -width indent
127.It Xo
128.Li add
129.Op Fl 46n
130.Ar src Ar dst Ar protocol Ar spi
131.Op Ar extensions
132.Ar algorithm ...
133.Li ;
134.Xc
135Add an SAD entry.
136.Li add
137can fail with multiple reasons,
138including when the key length does not match the specified algorithm.
139.\"
140.It Xo
141.Li get
142.Op Fl 46n
143.Ar src Ar dst Ar protocol Ar spi
144.Li ;
145.Xc
146Show an SAD entry.
147.\"
148.It Xo
149.Li delete
150.Op Fl 46n
151.Ar src Ar dst Ar protocol Ar spi
152.Li ;
153.Xc
154Remove an SAD entry.
155.\"
156.It Xo
157.Li deleteall
158.Op Fl 46n
159.Ar src Ar dst Ar protocol
160.Li ;
161.Xc
162Remove all SAD entries that match the specification.
163.\"
164.It Xo
165.Li flush
166.Op Ar protocol
167.Li ;
168.Xc
169Clear all SAD entries matched by the options.
170.Fl F
171on the command line achieves the same functionality.
172.\"
173.It Xo
174.Li dump
175.Op Ar protocol
176.Li ;
177.Xc
178Dumps all SAD entries matched by the options.
179.Fl D
180on the command line achieves the same functionality.
181.\"
182.It Xo
183.Li spdadd
184.Op Fl 46n
185.Ar src_range Ar dst_range Ar upperspec Ar policy
186.Li ;
187.Xc
188Add an SPD entry.
189.\"
190.It Xo
191.Li spddelete
192.Op Fl 46n
193.Ar src_range Ar dst_range Ar upperspec Fl P Ar direction
194.Li ;
195.Xc
196Delete an SPD entry.
197.\"
198.It Xo
199.Li spdflush
200.Li ;
201.Xc
202Clear all SPD entries.
203.Fl FP
204on the command line achieves the same functionality.
205.\"
206.It Xo
207.Li spddump
208.Li ;
209.Xc
210Dumps all SPD entries.
211.Fl DP
212on the command line achieves the same functionality.
213.El
214.\"
215.Pp
216Meta-arguments are as follows:
217.Pp
218.Bl -tag -compact -width indent
219.It Ar src
220.It Ar dst
221Source/destination of the secure communication is specified as
222IPv4/v6 address.
223The
224.Nm
225utility
226can resolve a FQDN into numeric addresses.
227If the FQDN resolves into multiple addresses,
228.Nm
229will install multiple SAD/SPD entries into the kernel
230by trying all possible combinations.
231.Fl 4 ,
232.Fl 6
233and
234.Fl n
235restricts the address resolution of FQDN in certain ways.
236.Fl 4
237and
238.Fl 6
239restrict results into IPv4/v6 addresses only, respectively.
240.Fl n
241avoids FQDN resolution and requires addresses to be numeric addresses.
242.\"
243.Pp
244.It Ar protocol
245.Ar protocol
246is one of following:
247.Bl -tag -width Fl -compact
248.It Li esp
249ESP based on rfc2406
250.It Li esp-old
251ESP based on rfc1827
252.It Li ah
253AH based on rfc2402
254.It Li ah-old
255AH based on rfc1826
256.It Li ipcomp
257IPComp
258.It Li tcp
259TCP-MD5 based on rfc2385
260.El
261.\"
262.Pp
263.It Ar spi
264Security Parameter Index
265(SPI)
266for the SAD and the SPD.
267.Ar spi
268must be a decimal number, or a hexadecimal number with
269.Ql 0x
270prefix.
271SPI values between 0 and 255 are reserved for future use by IANA
272and they cannot be used.
273TCP-MD5 associations must use 0x1000 and therefore only have per-host
274granularity at this time.
275.\"
276.Pp
277.It Ar extensions
278take some of the following:
279.Bl -tag -width Fl -compact
280.\"
281.It Fl m Ar mode
282Specify a security protocol mode for use.
283.Ar mode
284is one of following:
285.Li transport , tunnel
286or
287.Li any .
288The default value is
289.Li any .
290.\"
291.It Fl r Ar size
292Specify window size of bytes for replay prevention.
293.Ar size
294must be decimal number in 32-bit word.
295If
296.Ar size
297is zero or not specified, replay check does not take place.
298.\"
299.It Fl u Ar id
300Specify the identifier of the policy entry in SPD.
301See
302.Ar policy .
303.\"
304.It Fl f Ar pad_option
305defines the content of the ESP padding.
306.Ar pad_option
307is one of following:
308.Bl -tag -width random-pad -compact
309.It Li zero-pad
310All of the padding are zero.
311.It Li random-pad
312A series of randomized values are set.
313.It Li seq-pad
314A series of sequential increasing numbers started from 1 are set.
315.El
316.\"
317.It Fl f Li nocyclic-seq
318Do not allow cyclic sequence number.
319.\"
320.It Fl lh Ar time
321.It Fl ls Ar time
322Specify hard/soft life time duration of the SA.
323.El
324.\"
325.Pp
326.It Ar algorithm
327.Bl -tag -width Fl -compact
328.It Fl E Ar ealgo Ar key
329Specify an encryption algorithm
330.Ar ealgo
331for ESP.
332.It Xo
333.Fl E Ar ealgo Ar key
334.Fl A Ar aalgo Ar key
335.Xc
336Specify a encryption algorithm
337.Ar ealgo ,
338as well as a payload authentication algorithm
339.Ar aalgo ,
340for ESP.
341.It Fl A Ar aalgo Ar key
342Specify an authentication algorithm for AH.
343.It Fl C Ar calgo Op Fl R
344Specify a compression algorithm for IPComp.
345If
346.Fl R
347is specified, the
348.Ar spi
349field value will be used as the IPComp CPI
350(compression parameter index)
351on wire as is.
352If
353.Fl R
354is not specified,
355the kernel will use well-known CPI on wire, and
356.Ar spi
357field will be used only as an index for kernel internal usage.
358.El
359.Pp
360.Ar key
361must be double-quoted character string, or a series of hexadecimal digits
362preceded by
363.Ql 0x .
364.Pp
365Possible values for
366.Ar ealgo ,
367.Ar aalgo
368and
369.Ar calgo
370are specified in separate section.
371.\"
372.Pp
373.It Ar src_range
374.It Ar dst_range
375These are selections of the secure communication specified as
376IPv4/v6 address or IPv4/v6 address range, and it may accompany
377TCP/UDP port specification.
378This takes the following form:
379.Bd -unfilled
380.Ar address
381.Ar address/prefixlen
382.Ar address[port]
383.Ar address/prefixlen[port]
384.Ed
385.Pp
386.Ar prefixlen
387and
388.Ar port
389must be a decimal number.
390The square brackets around
391.Ar port
392are necessary and are not manpage metacharacters.
393For FQDN resolution, the rules applicable to
394.Ar src
395and
396.Ar dst
397apply here as well.
398.\"
399.Pp
400.It Ar upperspec
401The upper layer protocol to be used.
402You can use one of the words in
403.Pa /etc/protocols
404as
405.Ar upperspec ,
406as well as
407.Li icmp6 ,
408.Li ip4 ,
409or
410.Li any .
411The word
412.Li any
413stands for
414.Dq any protocol .
415The protocol number may also be used to specify the
416.Ar upperspec .
417A type and code related to ICMPv6 may also be specified as an
418.Ar upperspec .
419The type is specified first, followed by a comma and then the relevant
420code.
421The specification must be placed after
422.Li icmp6 .
423The kernel considers a zero to be a wildcard but
424cannot distinguish between a wildcard and an ICMPv6
425type which is zero.
426The following example shows a policy where IPSec is not required for
427inbound Neighbor Solicitations:
428.Pp
429.Dl "spdadd ::/0 ::/0 icmp6 135,0 -P in none;"
430.Pp
431NOTE:
432.Ar upperspec
433does not work in the forwarding case at this moment,
434as it requires extra reassembly at forwarding node,
435which is not implemented at this moment.
436Although there are many protocols in
437.Pa /etc/protocols ,
438protocols other than TCP, UDP and ICMP may not be suitable to use with IPsec.
439.\"
440.Pp
441.It Ar policy
442.Ar policy
443is expressed in one of the following three formats:
444.Bd -ragged -offset indent
445.It Fl P Ar direction Li discard
446.It Fl P Ar direction Li none
447.It Xo Fl P Ar direction Li ipsec
448.Ar protocol/mode/src-dst/level Op ...
449.Xc
450.Ed
451.Pp
452The direction of a policy must be specified as
453one of:
454.Li out ,
455.Li in ,
456.Li discard ,
457.Li none ,
458or
459.Li ipsec .
460The
461.Li discard
462direction
463means that packets matching the supplied indices will be discarded
464while
465.Li none
466means that IPsec operations will not take place on the packet and
467.Li ipsec
468means that IPsec operation will take place onto the packet.
469The
470.Ar protocol/mode/src-dst/level
471statement gives the rule for how to process the packet.
472The
473.Ar protocol
474is specified as
475.Li ah ,
476.Li esp
477or
478.Li ipcomp
479The
480.Ar mode
481is either
482.Li transport
483or
484.Li tunnel .
485If
486.Ar mode
487is
488.Li tunnel ,
489you must specify the end-point addresses of the SA as
490.Ar src
491and
492.Ar dst
493with a dash,
494.Sq - ,
495between the addresses.
496If
497.Ar mode
498is
499.Li transport ,
500both
501.Ar src
502and
503.Ar dst
504can be omitted.
505The
506.Ar level
507is one of the following:
508.Li default , use , require
509or
510.Li unique .
511If the SA is not available in every level, the kernel will request
512the SA from the key exchange daemon.
513A value of
514.Li default
515tells the kernel to use the system wide default protocol
516e.g.\& the one from the
517.Li esp_trans_deflev
518sysctl variable, when the kernel processes the packet.
519A value of
520.Li use
521means that the kernel will use an SA if it is available,
522otherwise the kernel will pass the packet as it would normally.
523A value of
524.Li require
525means that an SA is required whenever the kernel sends a packet matched
526that matches the policy.
527The
528.Li unique
529level is the same as
530.Li require
531but, in addition, it allows the policy to bind with the unique out-bound SA.
532For example, if you specify the policy level
533.Li unique ,
534.Xr racoon 8
535will configure the SA for the policy.
536If you configure the SA by manual keying for that policy,
537you can put the decimal number as the policy identifier after
538.Li unique
539separated by colon
540.Ql :\&
541as in the following example:
542.Li unique:number .
543In order to bind this policy to the SA,
544.Li number
545must be between 1 and 32767,
546which corresponds to
547.Ar extensions Fl u
548of manual SA configuration.
549.Pp
550When you want to use an SA bundle, you can define multiple rules.
551For
552example, if an IP header was followed by an AH header followed by an
553ESP header followed by an upper layer protocol header, the rule would
554be:
555.Dl esp/transport//require ah/transport//require ;
556The rule order is very important.
557.Pp
558Note that
559.Dq Li discard
560and
561.Dq Li none
562are not in the syntax described in
563.Xr ipsec_set_policy 3 .
564There are small, but important, differences in the syntax.
565See
566.Xr ipsec_set_policy 3
567for details.
568.Pp
569.El
570.Pp
571.\"
572.Sh ALGORITHMS
573The following list shows the supported algorithms.
574The
575.Sy protocol
576and
577.Sy algorithm
578are almost completely orthogonal.
579The following list of authentication algorithms can be used as
580.Ar aalgo
581in the
582.Fl A Ar aalgo
583of the
584.Ar protocol
585parameter:
586.Pp
587.Bd -literal -offset indent
588algorithm	keylen (bits)	comment
589hmac-md5	128		ah: rfc2403
590		128		ah-old: rfc2085
591hmac-sha1	160		ah: rfc2404
592		160		ah-old: 128bit ICV (no document)
593keyed-md5	128		ah: 96bit ICV (no document)
594		128		ah-old: rfc1828
595keyed-sha1	160		ah: 96bit ICV (no document)
596		160		ah-old: 128bit ICV (no document)
597null		0 to 2048	for debugging
598hmac-sha2-256	256		ah: 96bit ICV
599				(draft-ietf-ipsec-ciph-sha-256-00)
600		256		ah-old: 128bit ICV (no document)
601hmac-sha2-384	384		ah: 96bit ICV (no document)
602		384		ah-old: 128bit ICV (no document)
603hmac-sha2-512	512		ah: 96bit ICV (no document)
604		512		ah-old: 128bit ICV (no document)
605hmac-ripemd160	160		ah: 96bit ICV (RFC2857)
606				ah-old: 128bit ICV (no document)
607aes-xcbc-mac	128		ah: 96bit ICV (RFC3566)
608		128		ah-old: 128bit ICV (no document)
609tcp-md5		8 to 640	tcp: rfc2385
610.Ed
611.Pp
612The following is the list of encryption algorithms that can be used as the
613.Ar ealgo
614in the
615.Fl E Ar ealgo
616of the
617.Ar protocol
618parameter:
619.Pp
620.Bd -literal -offset indent
621algorithm	keylen (bits)	comment
622des-cbc		64		esp-old: rfc1829, esp: rfc2405
6233des-cbc	192		rfc2451
624null		0 to 2048	rfc2410
625blowfish-cbc	40 to 448	rfc2451
626cast128-cbc	40 to 128	rfc2451
627des-deriv	64		ipsec-ciph-des-derived-01
6283des-deriv	192		no document
629rijndael-cbc	128/192/256	rfc3602
630aes-ctr		160/224/288	draft-ietf-ipsec-ciph-aes-ctr-03
631camllia-cbc	128/192/256	rfc4312
632.Ed
633.Pp
634Note that the first 128/192/256 bits of a key for
635.Li aes-ctr
636will be used as AES key, and remaining 32 bits will be used as nonce.
637.Pp
638The following are the list of compression algorithms that can be used
639as the
640.Ar calgo
641in the
642.Fl C Ar calgo
643of the
644.Ar protocol
645parameter:
646.Pp
647.Bd -literal -offset indent
648algorithm	comment
649deflate		rfc2394
650.Ed
651.\"
652.Sh EXIT STATUS
653.Ex -std
654.\"
655.Sh EXAMPLES
656Add an ESP SA between two IPv6 addresses using the
657des-cbc encryption algorithm.
658.Bd -literal -offset
659add 3ffe:501:4819::1 3ffe:501:481d::1 esp 123457
660	-E des-cbc 0x3ffe05014819ffff ;
661
662.Ed
663.\"
664Add an authentication SA between two FQDN specified hosts:
665.Bd -literal -offset
666add -6 myhost.example.com yourhost.example.com ah 123456
667	-A hmac-sha1 "AH SA configuration!" ;
668
669.Ed
670Use both ESP and AH between two numerically specified hosts:
671.Bd -literal -offset
672add 10.0.11.41 10.0.11.33 esp 0x10001
673	-E des-cbc 0x3ffe05014819ffff
674	-A hmac-md5 "authentication!!" ;
675
676.Ed
677Get the SA information assocaited with first example above:
678.Bd -literal -offset
679get 3ffe:501:4819::1 3ffe:501:481d::1 ah 123456 ;
680
681.Ed
682Flush all entries from the database:
683.Bd -literal -offset
684flush ;
685
686.Ed
687Dump the ESP entries from the database:
688.Bd -literal -offset
689dump esp ;
690
691.Ed
692Add a security policy between two networks that uses ESP in tunnel mode:
693.Bd -literal -offset
694spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any
695	-P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ;
696
697.Ed
698Use TCP MD5 between two numerically specified hosts:
699.Bd -literal -offset
700add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ;
701
702.Ed
703.\"
704.Sh SEE ALSO
705.Xr ipsec_set_policy 3 ,
706.Xr racoon 8 ,
707.Xr sysctl 8
708.Rs
709.%T "Changed manual key configuration for IPsec"
710.%O "http://www.kame.net/newsletter/19991007/"
711.%D "October 1999"
712.Re
713.\"
714.Sh HISTORY
715The
716.Nm
717utility first appeared in WIDE Hydrangea IPv6 protocol stack kit.
718The utility was completely re-designed in June 1998.
719.\"
720.Sh BUGS
721The
722.Nm
723utility
724should report and handle syntax errors better.
725.Pp
726For IPsec gateway configuration,
727.Ar src_range
728and
729.Ar dst_range
730with TCP/UDP port number do not work, as the gateway does not reassemble
731packets
732(cannot inspect upper-layer headers).
733