xref: /freebsd/sbin/setkey/setkey.8 (revision 87569f75a91f298c52a71823c04d41cf53c88889) 
1.\"	$KAME: setkey.8,v 1.89 2003/09/07 22:17:41 itojun Exp $
2.\"
3.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\" 3. Neither the name of the project nor the names of its contributors
15.\"    may be used to endorse or promote products derived from this software
16.\"    without specific prior written permission.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28.\" SUCH DAMAGE.
29.\"
30.\" $FreeBSD$
31.\"
32.Dd January 8, 2006
33.Dt SETKEY 8
34.Os
35.\"
36.Sh NAME
37.Nm setkey
38.Nd "manually manipulate the IPsec SA/SP database"
39.\"
40.Sh SYNOPSIS
41.Nm
42.Op Fl v
43.Fl c
44.Nm
45.Op Fl v
46.Fl f Ar filename
47.Nm
48.Op Fl aPlv
49.Fl D
50.Nm
51.Op Fl Pv
52.Fl F
53.Nm
54.Op Fl h
55.Fl x
56.\"
57.Sh DESCRIPTION
58The
59.Nm
60utility adds, updates, dumps, or flushes
61Security Association Database (SAD) entries
62as well as Security Policy Database (SPD) entries in the kernel.
63.Pp
64The
65.Nm
66utility takes a series of operations from the standard input
67(if invoked with
68.Fl c )
69or the file named
70.Ar filename
71(if invoked with
72.Fl f Ar filename ) .
73.Bl -tag -width indent
74.It Fl D
75Dump the SAD entries.
76If with
77.Fl P ,
78the SPD entries are dumped.
79.It Fl F
80Flush the SAD entries.
81If with
82.Fl P ,
83the SPD entries are flushed.
84.It Fl a
85The
86.Nm
87utility
88usually does not display dead SAD entries with
89.Fl D .
90If with
91.Fl a ,
92the dead SAD entries will be displayed as well.
93A dead SAD entry means that
94it has been expired but remains in the system
95because it is referenced by some SPD entries.
96.It Fl h
97Add hexadecimal dump on
98.Fl x
99mode.
100.It Fl l
101Loop forever with short output on
102.Fl D .
103.It Fl v
104Be verbose.
105The program will dump messages exchanged on
106.Dv PF_KEY
107socket, including messages sent from other processes to the kernel.
108.It Fl x
109Loop forever and dump all the messages transmitted to
110.Dv PF_KEY
111socket.
112.Fl xx
113makes each timestamps unformatted.
114.El
115.Ss Configuration syntax
116With
117.Fl c
118or
119.Fl f
120on the command line,
121.Nm
122accepts the following configuration syntax.
123Lines starting with hash signs
124.Pq Ql #
125are treated as comment lines.
126.Bl -tag -width indent
127.It Xo
128.Li add
129.Op Fl 46n
130.Ar src Ar dst Ar protocol Ar spi
131.Op Ar extensions
132.Ar algorithm ...
133.Li ;
134.Xc
135Add an SAD entry.
136.Li add
137can fail with multiple reasons,
138including when the key length does not match the specified algorithm.
139.\"
140.It Xo
141.Li get
142.Op Fl 46n
143.Ar src Ar dst Ar protocol Ar spi
144.Li ;
145.Xc
146Show an SAD entry.
147.\"
148.It Xo
149.Li delete
150.Op Fl 46n
151.Ar src Ar dst Ar protocol Ar spi
152.Li ;
153.Xc
154Remove an SAD entry.
155.\"
156.It Xo
157.Li deleteall
158.Op Fl 46n
159.Ar src Ar dst Ar protocol
160.Li ;
161.Xc
162Remove all SAD entries that match the specification.
163.\"
164.It Xo
165.Li flush
166.Op Ar protocol
167.Li ;
168.Xc
169Clear all SAD entries matched by the options.
170.Fl F
171on the command line achieves the same functionality.
172.\"
173.It Xo
174.Li dump
175.Op Ar protocol
176.Li ;
177.Xc
178Dumps all SAD entries matched by the options.
179.Fl D
180on the command line achieves the same functionality.
181.\"
182.It Xo
183.Li spdadd
184.Op Fl 46n
185.Ar src_range Ar dst_range Ar upperspec Ar policy
186.Li ;
187.Xc
188Add an SPD entry.
189.\"
190.It Xo
191.Li spddelete
192.Op Fl 46n
193.Ar src_range Ar dst_range Ar upperspec Fl P Ar direction
194.Li ;
195.Xc
196Delete an SPD entry.
197.\"
198.It Xo
199.Li spdflush
200.Li ;
201.Xc
202Clear all SPD entries.
203.Fl FP
204on the command line achieves the same functionality.
205.\"
206.It Xo
207.Li spddump
208.Li ;
209.Xc
210Dumps all SPD entries.
211.Fl DP
212on the command line achieves the same functionality.
213.El
214.\"
215.Pp
216Meta-arguments are as follows:
217.Pp
218.Bl -tag -compact -width indent
219.It Ar src
220.It Ar dst
221Source/destination of the secure communication is specified as
222IPv4/v6 address.
223The
224.Nm
225utility
226can resolve a FQDN into numeric addresses.
227If the FQDN resolves into multiple addresses,
228.Nm
229will install multiple SAD/SPD entries into the kernel
230by trying all possible combinations.
231.Fl 4 ,
232.Fl 6
233and
234.Fl n
235restricts the address resolution of FQDN in certain ways.
236.Fl 4
237and
238.Fl 6
239restrict results into IPv4/v6 addresses only, respectively.
240.Fl n
241avoids FQDN resolution and requires addresses to be numeric addresses.
242.\"
243.Pp
244.It Ar protocol
245.Ar protocol
246is one of following:
247.Bl -tag -width Fl -compact
248.It Li esp
249ESP based on rfc2406
250.It Li esp-old
251ESP based on rfc1827
252.It Li ah
253AH based on rfc2402
254.It Li ah-old
255AH based on rfc1826
256.It Li ipcomp
257IPComp
258.It Li tcp
259TCP-MD5 based on rfc2385
260.El
261.\"
262.Pp
263.It Ar spi
264Security Parameter Index
265(SPI)
266for the SAD and the SPD.
267.Ar spi
268must be a decimal number, or a hexadecimal number with
269.Ql 0x
270prefix.
271SPI values between 0 and 255 are reserved for future use by IANA
272and they cannot be used.
273TCP-MD5 associations must use 0x1000 and therefore only have per-host
274granularity at this time.
275.\"
276.Pp
277.It Ar extensions
278take some of the following:
279.Bl -tag -width Fl -compact
280.\"
281.It Fl m Ar mode
282Specify a security protocol mode for use.
283.Ar mode
284is one of following:
285.Li transport , tunnel
286or
287.Li any .
288The default value is
289.Li any .
290.\"
291.It Fl r Ar size
292Specify window size of bytes for replay prevention.
293.Ar size
294must be decimal number in 32-bit word.
295If
296.Ar size
297is zero or not specified, replay check does not take place.
298.\"
299.It Fl u Ar id
300Specify the identifier of the policy entry in SPD.
301See
302.Ar policy .
303.\"
304.It Fl f Ar pad_option
305defines the content of the ESP padding.
306.Ar pad_option
307is one of following:
308.Bl -tag -width random-pad -compact
309.It Li zero-pad
310All of the padding are zero.
311.It Li random-pad
312A series of randomized values are set.
313.It Li seq-pad
314A series of sequential increasing numbers started from 1 are set.
315.El
316.\"
317.It Fl f Li nocyclic-seq
318Do not allow cyclic sequence number.
319.\"
320.It Fl lh Ar time
321.It Fl ls Ar time
322Specify hard/soft life time duration of the SA.
323.El
324.\"
325.Pp
326.It Ar algorithm
327.Bl -tag -width Fl -compact
328.It Fl E Ar ealgo Ar key
329Specify an encryption algorithm
330.Ar ealgo
331for ESP.
332.It Xo
333.Fl E Ar ealgo Ar key
334.Fl A Ar aalgo Ar key
335.Xc
336Specify a encryption algorithm
337.Ar ealgo ,
338as well as a payload authentication algorithm
339.Ar aalgo ,
340for ESP.
341.It Fl A Ar aalgo Ar key
342Specify an authentication algorithm for AH.
343.It Fl C Ar calgo Op Fl R
344Specify a compression algorithm for IPComp.
345If
346.Fl R
347is specified, the
348.Ar spi
349field value will be used as the IPComp CPI
350(compression parameter index)
351on wire as is.
352If
353.Fl R
354is not specified,
355the kernel will use well-known CPI on wire, and
356.Ar spi
357field will be used only as an index for kernel internal usage.
358.El
359.Pp
360.Ar key
361must be double-quoted character string, or a series of hexadecimal digits
362preceded by
363.Ql 0x .
364.Pp
365Possible values for
366.Ar ealgo ,
367.Ar aalgo
368and
369.Ar calgo
370are specified in separate section.
371.\"
372.Pp
373.It Ar src_range
374.It Ar dst_range
375These are selections of the secure communication specified as
376IPv4/v6 address or IPv4/v6 address range, and it may accompany
377TCP/UDP port specification.
378This takes the following form:
379.Bd -unfilled
380.Ar address
381.Ar address/prefixlen
382.Ar address[port]
383.Ar address/prefixlen[port]
384.Ed
385.Pp
386.Ar prefixlen
387and
388.Ar port
389must be a decimal number.
390The square brackets around
391.Ar port
392are necessary and are not manpage metacharacters.
393For FQDN resolution, the rules applicable to
394.Ar src
395and
396.Ar dst
397apply here as well.
398.\"
399.Pp
400.It Ar upperspec
401The upper layer protocol to be used.
402You can use one of the words in
403.Pa /etc/protocols
404as
405.Ar upperspec ,
406as well as
407.Li icmp6 ,
408.Li ip4 ,
409or
410.Li any .
411.Li Any
412stands for
413.Dq any protocol .
414The protocol number may also be used to specify the
415.Ar upperspec .
416A type and code related to ICMPv6 may also be specified as an
417.Ar upperspec .
418The type is specified first, followed by a comma and then the relevant
419code.
420The specification must be placed after
421.Li icmp6 .
422The kernel considers a zero to be a wildcard but
423cannot distinguish between a wildcard and an ICMPv6
424type which is zero.
425The following example shows a policy where IPSec is not required for
426inbound Neighbor Solicitations:
427.Pp
428.Dl "spdadd ::/0 ::/0 icmp6 135,0 -P in none;"
429.Pp
430NOTE:
431.Ar upperspec
432does not work in the forwarding case at this moment,
433as it requires extra reassembly at forwarding node,
434which is not implemented at this moment.
435Although there are many protocols in
436.Pa /etc/protocols ,
437protocols other than TCP, UDP and ICMP may not be suitable to use with IPsec.
438.\"
439.Pp
440.It Ar policy
441.Ar policy
442is expressed in one of the following three formats:
443.Bd -ragged -offset indent
444.It Fl P Ar direction Li discard
445.It Fl P Ar direction Li none
446.It Xo Fl P Ar direction Li ipsec
447.Ar protocol/mode/src-dst/level Op ...
448.Xc
449.Ed
450.Pp
451The direction of a policy must be specified as
452one of:
453.Li out ,
454.Li in ,
455.Li discard
456.Li none ,
457or
458.Li ipsec .
459.Li Discard
460means that packets matching the supplied indices will be discarded
461while
462.Li none
463means that IPsec operations will not take place on the packet and
464.Li ipsec
465means that IPsec operation will take place onto the packet.
466The
467.Ar protocol/mode/src-dst/level
468statement gives the rule for how to process the packet.
469.Ar Protocol is specified as
470.Li ah ,
471.Li esp
472or
473.Li ipcomp
474The
475.Ar mode
476is either
477.Li transport
478or
479.Li tunnel .
480If
481.Ar mode
482is
483.Li tunnel ,
484you must specify the end-point addresses of the SA as
485.Ar src
486and
487.Ar dst
488with a dash,
489.Sq - ,
490between the addresses.
491If
492.Ar mode
493is
494.Li transport ,
495both
496.Ar src
497and
498.Ar dst
499can be omitted.
500The
501.Ar level
502is one of the following:
503.Li default , use , require
504or
505.Li unique .
506If the SA is not available in every level, the kernel will request
507the SA from the key exchange daemon.
508A value of
509.Li default
510tells the kernel to use the system wide default protocol
511e.g. the one from the
512.Li esp_trans_deflev
513sysctl variable, when the kernel processes the packet.
514.Li Use
515means that the kernel will use an SA if it is available,
516otherwise the kernel will pass the packet as it would normally.
517.Li Require
518means that an SA is required whenever the kernel sends a packet matched
519that matches the policy.
520The
521.Li unique
522level is the same as
523.Li require
524but, in addition, it allows the policy to bind with the unique out-bound SA.
525For example, if you specify the policy level
526.Li unique ,
527.Xr racoon 8
528will configure the SA for the policy.
529If you configure the SA by manual keying for that policy,
530you can put the decimal number as the policy identifier after
531.Li unique
532separated by colon
533.Ql :\&
534as in the following example:
535.Li unique:number .
536In order to bind this policy to the SA,
537.Li number
538must be between 1 and 32767,
539which corresponds to
540.Ar extensions Fl u
541of manual SA configuration.
542.Pp
543When you want to use an SA bundle, you can define multiple rules.  For
544example, if an IP header was followed by an AH header followed by an
545ESP header followed by an upper layer protocol header, the rule would
546be:
547.Dl esp/transport//require ah/transport//require ;
548The rule order is very important.
549.Pp
550Note that
551.Dq Li discard
552and
553.Dq Li none
554are not in the syntax described in
555.Xr ipsec_set_policy 3 .
556There are small, but important, differences in the syntax.
557See
558.Xr ipsec_set_policy 3
559for details.
560.Pp
561.El
562.Pp
563.\"
564.Sh ALGORITHMS
565The following list shows the supported algorithms.
566The
567.Sy protocol
568and
569.Sy algorithm
570are almost completely orthogonal.
571The following list of authentication algorithms can be used as
572.Ar aalgo
573in the
574.Fl A Ar aalgo
575of the
576.Ar protocol
577parameter:
578.Pp
579.Bd -literal -offset indent
580algorithm	keylen (bits)	comment
581hmac-md5	128		ah: rfc2403
582		128		ah-old: rfc2085
583hmac-sha1	160		ah: rfc2404
584		160		ah-old: 128bit ICV (no document)
585keyed-md5	128		ah: 96bit ICV (no document)
586		128		ah-old: rfc1828
587keyed-sha1	160		ah: 96bit ICV (no document)
588		160		ah-old: 128bit ICV (no document)
589null		0 to 2048	for debugging
590hmac-sha2-256	256		ah: 96bit ICV
591				(draft-ietf-ipsec-ciph-sha-256-00)
592		256		ah-old: 128bit ICV (no document)
593hmac-sha2-384	384		ah: 96bit ICV (no document)
594		384		ah-old: 128bit ICV (no document)
595hmac-sha2-512	512		ah: 96bit ICV (no document)
596		512		ah-old: 128bit ICV (no document)
597hmac-ripemd160	160		ah: 96bit ICV (RFC2857)
598				ah-old: 128bit ICV (no document)
599aes-xcbc-mac	128		ah: 96bit ICV (RFC3566)
600		128		ah-old: 128bit ICV (no document)
601tcp-md5		8 to 640	tcp: rfc2385
602.Ed
603.Pp
604The following is the list of encryption algorithms that can be used as the
605.Ar ealgo
606in the
607.Fl E Ar ealgo
608of the
609.Ar protocol
610parameter:
611.Pp
612.Bd -literal -offset indent
613algorithm	keylen (bits)	comment
614des-cbc		64		esp-old: rfc1829, esp: rfc2405
6153des-cbc	192		rfc2451
616null		0 to 2048	rfc2410
617blowfish-cbc	40 to 448	rfc2451
618cast128-cbc	40 to 128	rfc2451
619des-deriv	64		ipsec-ciph-des-derived-01
6203des-deriv	192		no document
621rijndael-cbc	128/192/256	rfc3602
622aes-ctr		160/224/288	draft-ietf-ipsec-ciph-aes-ctr-03
623.Ed
624.Pp
625Note that the first 128 bits of a key for
626.Li aes-ctr
627will be used as AES key, and remaining 32 bits will be used as nonce.
628.Pp
629The following are the list of compression algorithms that can be used
630as the
631.Ar calgo
632in the
633.Fl C Ar calgo
634of the
635.Ar protocol
636parameter:
637.Pp
638.Bd -literal -offset indent
639algorithm	comment
640deflate		rfc2394
641.Ed
642.\"
643.Sh EXIT STATUS
644.Ex -std
645.\"
646.Sh EXAMPLES
647Add an ESP SA between two IPv6 addresses using the
648des-cbc encryption algorithm.
649.Bd -literal -offset
650add 3ffe:501:4819::1 3ffe:501:481d::1 esp 123457
651	-E des-cbc 0x3ffe05014819ffff ;
652
653.Ed
654.\"
655Add an authentication SA between two FQDN specified hosts:
656.Bd -literal -offset
657add -6 myhost.example.com yourhost.example.com ah 123456
658	-A hmac-sha1 "AH SA configuration!" ;
659
660.Ed
661Use both ESP and AH between two numerically specified hosts:
662.Bd -literal -offset
663add 10.0.11.41 10.0.11.33 esp 0x10001
664	-E des-cbc 0x3ffe05014819ffff
665	-A hmac-md5 "authentication!!" ;
666
667.Ed
668Get the SA information assocaited with first example above:
669.Bd -literal -offset
670get 3ffe:501:4819::1 3ffe:501:481d::1 ah 123456 ;
671
672.Ed
673Flush all entries from the database:
674.Bd -literal -offset
675flush ;
676
677.Ed
678Dump the ESP entries from the database:
679.Bd -literal -offset
680dump esp ;
681
682.Ed
683Add a security policy between two networks that uses ESP in tunnel mode:
684.Bd -literal -offset
685spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any
686	-P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ;
687
688.Ed
689Use TCP MD5 between two numerically specified hosts:
690.Bd -literal -offset
691add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ;
692
693.Ed
694.\"
695.Sh SEE ALSO
696.Xr ipsec_set_policy 3 ,
697.Xr racoon 8 ,
698.Xr sysctl 8
699.Rs
700.%T "Changed manual key configuration for IPsec"
701.%O "http://www.kame.net/newsletter/19991007/"
702.%D "October 1999"
703.Re
704.\"
705.Sh HISTORY
706The
707.Nm
708utility first appeared in WIDE Hydrangea IPv6 protocol stack kit.
709The utility was completely re-designed in June 1998.
710.\"
711.Sh BUGS
712The
713.Nm
714utility
715should report and handle syntax errors better.
716.Pp
717For IPsec gateway configuration,
718.Ar src_range
719and
720.Ar dst_range
721with TCP/UDP port number do not work, as the gateway does not reassemble
722packets
723(cannot inspect upper-layer headers).
724