xref: /freebsd/share/man/man4/ipsec.4 (revision efe3b0de1438e7a8473d92f2be57072394559e3c)
1.\"	$KAME: ipsec.4,v 1.17 2001/06/27 15:25:10 itojun Exp $
2.\"
3.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\" 3. Neither the name of the project nor the names of its contributors
15.\"    may be used to endorse or promote products derived from this software
16.\"    without specific prior written permission.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28.\" SUCH DAMAGE.
29.\"
30.\" $FreeBSD$
31.\"
32.Dd February 6, 2017
33.Dt IPSEC 4
34.Os
35.Sh NAME
36.Nm ipsec
37.Nd Internet Protocol Security protocol
38.Sh SYNOPSIS
39.Cd "options IPSEC"
40.Cd "options IPSEC_SUPPORT"
41.Cd "device crypto"
42.Pp
43.In sys/types.h
44.In netinet/in.h
45.In netipsec/ipsec.h
46.In netipsec/ipsec6.h
47.Sh DESCRIPTION
48.Nm
49is a security protocol implemented within the Internet Protocol layer
50of the networking stack.
51.Nm
52is defined for both IPv4 and IPv6
53.Xr ( inet 4
54and
55.Xr inet6 4 ) .
56.Nm
57is a set of protocols,
58.Tn ESP
59(for Encapsulating Security Payload)
60.Tn AH
61(for Authentication Header),
62and
63.Tn IPComp
64(for IP Payload Compression Protocol)
65that provide security services for IP datagrams.
66AH both authenticates and guarantees the integrity of an IP packet
67by attaching a cryptographic checksum computed using one-way hash functions.
68ESP, in addition, prevents unauthorized parties from reading the payload of
69an IP packet by also encrypting it.
70IPComp tries to increase communication performance by compressing IP payload,
71thus reducing the amount of data sent.
72This will help nodes on slow links but with enough computing power.
73.Nm
74operates in one of two modes: transport mode or tunnel mode.
75Transport mode is used to protect peer-to-peer communication between end nodes.
76Tunnel mode encapsulates IP packets within other IP packets
77and is designed for security gateways such as VPN endpoints.
78.Pp
79System configuration requires the
80.Xr crypto 4
81subsystem.
82.Pp
83The packets can be passed to a virtual
84.Xr enc 4
85interface,
86to perform packet filtering before outbound encryption and after decapsulation
87inbound.
88.Pp
89To properly filter on the inner packets of an
90.Nm
91tunnel with firewalls, you can change the values of the following sysctls
92.Bl -column net.inet6.ipsec6.filtertunnel default enable
93.It Sy "Name	Default	Enable"
94.It "net.inet.ipsec.filtertunnel	0	1"
95.It "net.inet6.ipsec6.filtertunnel	0	1"
96.El
97.\"
98.Ss Kernel interface
99.Nm
100is controlled by a key management and policy engine,
101that reside in the operating system kernel.
102Key management
103is the process of associating keys with security associations, also
104know as SAs.
105Policy management dictates when new security
106associations created or destroyed.
107.Pp
108The key management engine can be accessed from userland by using
109.Dv PF_KEY
110sockets.
111The
112.Dv PF_KEY
113socket API is defined in RFC2367.
114.Pp
115The policy engine is controlled by an extension to the
116.Dv PF_KEY
117API,
118.Xr setsockopt 2
119operations, and
120.Xr sysctl 3
121interface.
122The kernel implements
123an extended version of the
124.Dv PF_KEY
125interface and allows the programmer to define IPsec policies
126which are similar to the per-packet filters.
127The
128.Xr setsockopt 2
129interface is used to define per-socket behavior, and
130.Xr sysctl 3
131interface is used to define host-wide default behavior.
132.Pp
133The kernel code does not implement a dynamic encryption key exchange protocol
134such as IKE
135(Internet Key Exchange).
136Key exchange protocols are beyond what is necessary in the kernel and
137should be implemented as daemon processes which call the
138.Nm APIs.
139.\"
140.Ss Policy management
141IPsec policies can be managed in one of two ways, either by
142configuring per-socket policies using the
143.Xr setsockopt 2
144system calls, or by configuring kernel level packet filter-based
145policies using the
146.Dv PF_KEY
147interface, via the
148.Xr setkey 8
149you can define IPsec policies against packets using rules similar to packet
150filtering rules.
151Refer to
152.Xr setkey 8
153on how to use it.
154.Pp
155Depending on the socket's address family, IPPROTO_IP or IPPROTO_IPV6
156transport level and IP_IPSEC_POLICY or IPV6_IPSEC_POLICY socket options
157may be used to configure per-socket security policies.
158A properly-formed IPsec policy specification structure can be
159created using
160.Xr ipsec_set_policy 3
161function and used as socket option value for the
162.Xr setsockopt 2
163call.
164.Pp
165When setting policies using the
166.Xr setkey 8
167command, the
168.Dq Li default
169option instructs the system to use its default policy, as
170explained below, for processing packets.
171The following sysctl variables are available for configuring the
172system's IPsec behavior.
173The variables can have one of two values.
174A
175.Li 1
176means
177.Dq Li use ,
178which means that if there is a security association then use it but if
179there is not then the packets are not processed by IPsec.
180The value
181.Li 2
182is synonymous with
183.Dq Li require ,
184which requires that a security association must exist for the packets
185to move, and not be dropped.
186These terms are defined in
187.Xr ipsec_set_policy 8 .
188.Bl -column net.inet6.ipsec6.esp_trans_deflev integerxxx
189.It Sy "Name	Type	Changeable"
190.It "net.inet.ipsec.esp_trans_deflev	integer	yes"
191.It "net.inet.ipsec.esp_net_deflev	integer	yes"
192.It "net.inet.ipsec.ah_trans_deflev	integer	yes"
193.It "net.inet.ipsec.ah_net_deflev	integer	yes"
194.It "net.inet6.ipsec6.esp_trans_deflev	integer	yes"
195.It "net.inet6.ipsec6.esp_net_deflev	integer	yes"
196.It "net.inet6.ipsec6.ah_trans_deflev	integer	yes"
197.It "net.inet6.ipsec6.ah_net_deflev	integer	yes"
198.El
199.Pp
200If the kernel does not find a matching, system wide, policy then the
201default value is applied.
202The system wide default policy is specified
203by the following
204.Xr sysctl 8
205variables.
206.Li 0
207means
208.Dq Li discard
209which asks the kernel to drop the packet.
210.Li 1
211means
212.Dq Li none .
213.Bl -column net.inet6.ipsec6.def_policy integerxxx
214.It Sy "Name	Type	Changeable"
215.It "net.inet.ipsec.def_policy	integer	yes"
216.It "net.inet6.ipsec6.def_policy	integer	yes"
217.El
218.\"
219.Ss Miscellaneous sysctl variables
220When the
221.Nm
222protocols are configured for use, all protocols are included in the system.
223To selectively enable/disable protocols, use
224.Xr sysctl 8 .
225.Bl -column net.inet.ipcomp.ipcomp_enable
226.It Sy "Name	Default"
227.It "net.inet.esp.esp_enable	On"
228.It "net.inet.ah.ah_enable	On"
229.It "net.inet.ipcomp.ipcomp_enable	On"
230.El
231.Pp
232In addition the following variables are accessible via
233.Xr sysctl 8 ,
234for tweaking the kernel's IPsec behavior:
235.Bl -column net.inet6.ipsec6.inbonud_call_ike integerxxx
236.It Sy "Name	Type	Changeable"
237.It "net.inet.ipsec.ah_cleartos	integer	yes"
238.It "net.inet.ipsec.ah_offsetmask	integer	yes"
239.It "net.inet.ipsec.dfbit	integer	yes"
240.It "net.inet.ipsec.ecn	integer	yes"
241.It "net.inet.ipsec.debug	integer	yes"
242.It "net.inet.ipsec.natt_cksum_policy	integer	yes"
243.It "net.inet.ipsec.check_policy_history	integer	yes"
244.It "net.inet6.ipsec6.ecn	integer	yes"
245.It "net.inet6.ipsec6.debug	integer	yes"
246.El
247.Pp
248The variables are interpreted as follows:
249.Bl -tag -width 6n
250.It Li ipsec.ah_cleartos
251If set to non-zero, the kernel clears the type-of-service field in the IPv4 header
252during AH authentication data computation.
253This variable is used to get current systems to inter-operate with devices that
254implement RFC1826 AH.
255It should be set to non-zero
256(clear the type-of-service field)
257for RFC2402 conformance.
258.It Li ipsec.ah_offsetmask
259During AH authentication data computation, the kernel will include a
26016bit fragment offset field
261(including flag bits)
262in the IPv4 header, after computing logical AND with the variable.
263The variable is used for inter-operating with devices that
264implement RFC1826 AH.
265It should be set to zero
266(clear the fragment offset field during computation)
267for RFC2402 conformance.
268.It Li ipsec.dfbit
269This variable configures the kernel behavior on IPv4 IPsec tunnel encapsulation.
270If set to 0, the DF bit on the outer IPv4 header will be cleared while
2711 means that the outer DF bit is set regardless from the inner DF bit and
2722 indicates that the DF bit is copied from the inner header to the
273outer one.
274The variable is supplied to conform to RFC2401 chapter 6.1.
275.It Li ipsec.ecn
276If set to non-zero, IPv4 IPsec tunnel encapsulation/decapsulation behavior will
277be friendly to ECN
278(explicit congestion notification),
279as documented in
280.Li draft-ietf-ipsec-ecn-02.txt .
281.Xr gif 4
282talks more about the behavior.
283.It Li ipsec.debug
284If set to non-zero, debug messages will be generated via
285.Xr syslog 3 .
286.It Li ipsec.natt_cksum_policy
287Controls how the kernel handles TCP and UDP checksums when ESP in UDP
288encapsulation is used for IPsec transport mode.
289If set to a non-zero value, the kernel fully recomputes checksums for
290inbound TCP segments and UDP datagrams after they are decapsulated and
291decrypted.
292If set to 0 and original addresses were configured for corresponding SA
293by the IKE daemon, the kernel incrementally recomputes checksums for
294inbound TCP segments and UDP datagrams.
295If addresses were not configured, the checksums are ignored.
296.It Li ipsec.check_policy_history
297Enables strict policy checking for inbound packets.
298By default, inbound security policies check that packets handled by IPsec
299have been decrypted and authenticated.
300If this variable is set to a non-zero value, each packet handled by IPsec
301is checked against the history of IPsec security associations.
302The IPsec security protocol, mode, and SA addresses must match.
303.El
304.Pp
305Variables under the
306.Li net.inet6.ipsec6
307tree have similar meanings to those described above.
308.\"
309.Sh PROTOCOLS
310The
311.Nm
312protocol acts as a plug-in to the
313.Xr inet 4
314and
315.Xr inet6 4
316protocols and therefore supports most of the protocols defined upon
317those IP-layer protocols.
318The
319.Xr icmp 4
320and
321.Xr icmp6 4
322protocols may behave differently with
323.Nm
324because
325.Nm
326can prevent
327.Xr icmp 4
328or
329.Xr icmp6 4
330routines from looking into the IP payload.
331.\"
332.Sh SEE ALSO
333.Xr ioctl 2 ,
334.Xr socket 2 ,
335.Xr ipsec_set_policy 3 ,
336.Xr crypto 4 ,
337.Xr enc 4 ,
338.Xr if_ipsec 4 ,
339.Xr icmp6 4 ,
340.Xr intro 4 ,
341.Xr ip6 4 ,
342.Xr setkey 8 ,
343.Xr sysctl 8
344.\".Xr racoon 8
345.Rs
346.%A "S. Kent"
347.%A "R. Atkinson"
348.%T "IP Authentication Header"
349.%O "RFC 2404"
350.Re
351.Rs
352.%A "S. Kent"
353.%A "R. Atkinson"
354.%T "IP Encapsulating Security Payload (ESP)"
355.%O "RFC 2406"
356.Re
357.Sh STANDARDS
358.Rs
359.%A Daniel L. McDonald
360.%A Craig Metz
361.%A Bao G. Phan
362.%T "PF_KEY Key Management API, Version 2"
363.%R RFC
364.%N 2367
365.Re
366.Pp
367.Rs
368.%A "D. L. McDonald"
369.%T "A Simple IP Security API Extension to BSD Sockets"
370.%R internet draft
371.%N "draft-mcdonald-simple-ipsec-api-03.txt"
372.%O work in progress material
373.Re
374.Sh HISTORY
375The original
376.Nm
377implementation appeared in the WIDE/KAME IPv6/IPsec stack.
378.Pp
379For
380.Fx 5.0
381a fully locked IPsec implementation called fast_ipsec was brought in.
382The protocols drew heavily on the
383.Ox
384implementation of the
385.Tn IPsec
386protocols.
387The policy management code was derived from the
388.Tn KAME
389implementation found
390in their
391.Tn IPsec
392protocols.
393The fast_ipsec implementation lacked
394.Xr ip6 4
395support but made use of the
396.Xr crypto 4
397subsystem.
398.Pp
399For
400.Fx 7.0
401.Xr ip6 4
402support was added to fast_ipsec.
403After this the old KAME IPsec implementation was dropped and fast_ipsec
404became what now is the only
405.Nm
406implementation in
407.Fx .
408.Sh BUGS
409There is no single standard for the policy engine API,
410so the policy engine API described herein is just for this implementation.
411.Pp
412AH and tunnel mode encapsulation may not work as you might expect.
413If you configure inbound
414.Dq require
415policy with an AH tunnel or any IPsec encapsulating policy with AH
416(like
417.Dq Li esp/tunnel/A-B/use ah/transport/A-B/require ) ,
418tunnelled packets will be rejected.
419This is because the policy check is enforced on the inner packet on reception,
420and AH authenticates encapsulating
421(outer)
422packet, not the encapsulated
423(inner)
424packet
425(so for the receiving kernel there is no sign of authenticity).
426The issue will be solved when we revamp our policy engine to keep all the
427packet decapsulation history.
428.Pp
429When a large database of security associations or policies is present
430in the kernel the
431.Dv SADB_DUMP
432and
433.Dv SADB_SPDDUMP
434operations on
435.Dv PF_KEY
436sockets may fail due to lack of space.
437Increasing the socket buffer
438size may alleviate this problem.
439.Pp
440The
441.Tn IPcomp
442protocol may occasionally error because of
443.Xr zlib 3
444problems.
445.Pp
446This documentation needs more review.
447