mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-04 00:00:14 -04:00
man: Use configured path for config files in man pages
This commit is contained in:
Petr Menšík
Tobias Brunner
parent
ab4ed21b5c
commit
ee046552bb
@ -690,7 +690,7 @@ but for the second authentication round (IKEv2 only).
|
|||||||
.BR leftcert " = <path>"
|
.BR leftcert " = <path>"
|
||||||
the path to the left participant's X.509 certificate. The file can be encoded
|
the path to the left participant's X.509 certificate. The file can be encoded
|
||||||
either in PEM or DER format. OpenPGP certificates are supported as well.
|
either in PEM or DER format. OpenPGP certificates are supported as well.
|
||||||
Both absolute paths or paths relative to \fI/etc/ipsec.d/certs\fP
|
Both absolute paths or paths relative to \fI@sysconfdir@/ipsec.d/certs\fP
|
||||||
are accepted. By default
|
are accepted. By default
|
||||||
.B leftcert
|
.B leftcert
|
||||||
sets
|
sets
|
||||||
@ -871,7 +871,7 @@ prefix in front of 0x or 0s, the public key is expected to be in either
|
|||||||
the RFC 3110 (not the full RR, only RSA key part) or RFC 4253 public key format,
|
the RFC 3110 (not the full RR, only RSA key part) or RFC 4253 public key format,
|
||||||
respectively.
|
respectively.
|
||||||
Also accepted is the path to a file containing the public key in PEM, DER or SSH
|
Also accepted is the path to a file containing the public key in PEM, DER or SSH
|
||||||
encoding. Both absolute paths or paths relative to \fI/etc/ipsec.d/certs\fP
|
encoding. Both absolute paths or paths relative to \fI@sysconfdir@/ipsec.d/certs\fP
|
||||||
are accepted.
|
are accepted.
|
||||||
.TP
|
.TP
|
||||||
.BR leftsendcert " = never | no | " ifasked " | always | yes"
|
.BR leftsendcert " = never | no | " ifasked " | always | yes"
|
||||||
@ -1219,7 +1219,7 @@ of this connection will be used as peer ID.
|
|||||||
.SH "CA SECTIONS"
|
.SH "CA SECTIONS"
|
||||||
These are optional sections that can be used to assign special
|
These are optional sections that can be used to assign special
|
||||||
parameters to a Certification Authority (CA). Because the daemons
|
parameters to a Certification Authority (CA). Because the daemons
|
||||||
automatically import CA certificates from \fI/etc/ipsec.d/cacerts\fP,
|
automatically import CA certificates from \fI@sysconfdir@/ipsec.d/cacerts\fP,
|
||||||
there is no need to explicitly add them with a CA section, unless you
|
there is no need to explicitly add them with a CA section, unless you
|
||||||
want to assign special parameters (like a CRL) to a CA.
|
want to assign special parameters (like a CRL) to a CA.
|
||||||
.TP
|
.TP
|
||||||
@ -1235,7 +1235,7 @@ currently can have either the value
|
|||||||
.TP
|
.TP
|
||||||
.BR cacert " = <path>"
|
.BR cacert " = <path>"
|
||||||
defines a path to the CA certificate either relative to
|
defines a path to the CA certificate either relative to
|
||||||
\fI/etc/ipsec.d/cacerts\fP or as an absolute path.
|
\fI@sysconfdir@/ipsec.d/cacerts\fP or as an absolute path.
|
||||||
.br
|
.br
|
||||||
A value in the form
|
A value in the form
|
||||||
.B %smartcard[<slot nr>[@<module>]]:<keyid>
|
.B %smartcard[<slot nr>[@<module>]]:<keyid>
|
||||||
@ -1284,7 +1284,7 @@ section are:
|
|||||||
.BR cachecrls " = yes | " no
|
.BR cachecrls " = yes | " no
|
||||||
if enabled, certificate revocation lists (CRLs) fetched via HTTP or LDAP will
|
if enabled, certificate revocation lists (CRLs) fetched via HTTP or LDAP will
|
||||||
be cached in
|
be cached in
|
||||||
.I /etc/ipsec.d/crls/
|
.I @sysconfdir@/ipsec.d/crls/
|
||||||
under a unique file name derived from the certification authority's public key.
|
under a unique file name derived from the certification authority's public key.
|
||||||
.TP
|
.TP
|
||||||
.BR charondebug " = <debug list>"
|
.BR charondebug " = <debug list>"
|
||||||
@ -1463,12 +1463,12 @@ time equals zero and, thus, rekeying gets disabled.
|
|||||||
|
|
||||||
.SH FILES
|
.SH FILES
|
||||||
.nf
|
.nf
|
||||||
/etc/ipsec.conf
|
@sysconfdir@/ipsec.conf
|
||||||
/etc/ipsec.d/aacerts
|
@sysconfdir@/ipsec.d/aacerts
|
||||||
/etc/ipsec.d/acerts
|
@sysconfdir@/ipsec.d/acerts
|
||||||
/etc/ipsec.d/cacerts
|
@sysconfdir@/ipsec.d/cacerts
|
||||||
/etc/ipsec.d/certs
|
@sysconfdir@/ipsec.d/certs
|
||||||
/etc/ipsec.d/crls
|
@sysconfdir@/ipsec.d/crls
|
||||||
|
|
||||||
.SH SEE ALSO
|
.SH SEE ALSO
|
||||||
strongswan.conf(5), ipsec.secrets(5), ipsec(8)
|
strongswan.conf(5), ipsec.secrets(5), ipsec(8)
|
||||||
|
|||||||
@ -15,7 +15,7 @@ Here is an example.
|
|||||||
.LP
|
.LP
|
||||||
.RS
|
.RS
|
||||||
.nf
|
.nf
|
||||||
# /etc/ipsec.secrets - strongSwan IPsec secrets file
|
# @sysconfdir@/ipsec.secrets - strongSwan IPsec secrets file
|
||||||
192.168.0.1 %any : PSK "v+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL"
|
192.168.0.1 %any : PSK "v+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL"
|
||||||
|
|
||||||
: RSA moonKey.pem
|
: RSA moonKey.pem
|
||||||
@ -140,7 +140,7 @@ is interpreted as Base64 encoded binary data.
|
|||||||
.TQ
|
.TQ
|
||||||
.B : ECDSA <private key file> [ <passphrase> | %prompt ]
|
.B : ECDSA <private key file> [ <passphrase> | %prompt ]
|
||||||
For the private key file both absolute paths or paths relative to
|
For the private key file both absolute paths or paths relative to
|
||||||
\fI/etc/ipsec.d/private\fP are accepted. If the private key file is
|
\fI@sysconfdir@/ipsec.d/private\fP are accepted. If the private key file is
|
||||||
encrypted, the \fIpassphrase\fP must be defined. Instead of a passphrase
|
encrypted, the \fIpassphrase\fP must be defined. Instead of a passphrase
|
||||||
.B %prompt
|
.B %prompt
|
||||||
can be used which then causes the daemon to ask the user for the password
|
can be used which then causes the daemon to ask the user for the password
|
||||||
@ -148,7 +148,7 @@ whenever it is required to decrypt the key.
|
|||||||
.TP
|
.TP
|
||||||
.B : P12 <PKCS#12 file> [ <passphrase> | %prompt ]
|
.B : P12 <PKCS#12 file> [ <passphrase> | %prompt ]
|
||||||
For the PKCS#12 file both absolute paths or paths relative to
|
For the PKCS#12 file both absolute paths or paths relative to
|
||||||
\fI/etc/ipsec.d/private\fP are accepted. If the container is
|
\fI@sysconfdir@/ipsec.d/private\fP are accepted. If the container is
|
||||||
encrypted, the \fIpassphrase\fP must be defined. Instead of a passphrase
|
encrypted, the \fIpassphrase\fP must be defined. Instead of a passphrase
|
||||||
.B %prompt
|
.B %prompt
|
||||||
can be used which then causes the daemon to ask the user for the password
|
can be used which then causes the daemon to ask the user for the password
|
||||||
@ -182,7 +182,7 @@ can be specified, which causes the daemon to ask the user for the pin code.
|
|||||||
.LP
|
.LP
|
||||||
|
|
||||||
.SH FILES
|
.SH FILES
|
||||||
/etc/ipsec.secrets
|
@sysconfdir@/ipsec.secrets
|
||||||
.SH SEE ALSO
|
.SH SEE ALSO
|
||||||
ipsec.conf(5), strongswan.conf(5), ipsec(8)
|
ipsec.conf(5), strongswan.conf(5), ipsec(8)
|
||||||
.br
|
.br
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user