*** UNIX MANUAL PAGE BROWSER ***

A Nergahak database for man pages research.

Navigation

Location: Home > OpenBSD > Section 4 > sec
Quick Actions: [Home] [Up]

Directory Browser

1Browse 4.4BSD4.4BSD
1Browse Digital UNIXDigital UNIX 4.0e
1Browse FreeBSDFreeBSD 14.3
1Browse MINIXMINIX 3.4.0rc6-d5e4fc0
1Browse NetBSDNetBSD 10.1
1Browse OpenBSDOpenBSD 7.7
1Browse UNIX v7Version 7 UNIX
1Browse UNIX v10Version 10 UNIX

Manual Page Search

Manual Page Result

0 Command: sec | Section: 4 | Source: OpenBSD | File: sec.4
SEC(4) FreeBSD Kernel Interfaces Manual SEC(4) NAME sec - route based IPsec VPN tunnel interface pseudo-device SYNOPSIS pseudo-device sec DESCRIPTION The sec driver provides point-to-point tunnel interfaces for IPv4 and IPv6 protected by the ipsec(4) Encapsulating Security Payload (ESP) protocol. Traffic is encapsulated in the ESP protocol and forwarded to the remote endpoint by routing over a sec interface rather than matching policy in the IPsec Security Policy Database (SPD). sec interfaces require the configuration of IPsec Security Associations (SAs) between the local and remote endpoints. Negotiation of interface SAs is supported by iked(8) and isakmpd(8) (the latter via ipsecctl(8)). sec interfaces can be created at runtime using the ifconfig secN create command or by setting up a hostname.if(5) configuration file for netstart(8). The interface itself can be configured with ifconfig(8); see its manual page for more information. EXAMPLES sec can be used to provide secure and confidential IP connectivity between sites over the public internet. For example, a cloud provider may provide connectivity between networks they host for a customer, and that customers own "on premises" networks using IPsec tunnels. OpenBSD can be set up on the customer side given the following parameters: Pre-Shared Key 7kA7evdkd50Q5YdCCF9t8eftgEgL4vk2 Outside IP Addresses: Customer Gateway 192.0.2.8 Provider Gateway 198.51.100.14 Inside IP Addresses: Customer Gateway 169.254.229.42/30 Provider Gateway 169.254.229.41/30 A sec interface can be configured on the customer gateway: # ifconfig sec0 create # ifconfig sec0 inet 169.254.229.42/30 169.254.229.41 # ifconfig sec0 up iked(8) can be used for IKEv2 negotiation of the IPsec tunnel with the following iked.conf(5) configuration: ikev2 "s2s" active \ from any to any \ local 192.0.2.8 peer 198.51.100.14 \ psk "7kA7evdkd50Q5YdCCF9t8eftgEgL4vk2" \ iface sec0 Alternatively, IKEv1 negotiation of the IPsec tunnel SAs is supported by isakmpd(8) and ipsecctl(8). The equivalent ipsec.conf(5) configuration for the given parameters follows: ike interface sec0 \ local 192.0.2.8 peer 198.51.100.14 \ psk "7kA7evdkd50Q5YdCCF9t8eftgEgL4vk2" Once the Security Associations are established, communication between the customer and provider gateways is enabled. Routes to networks hosted by the provider can be added using the providers "inside IP" address as the gateway address, or negotiated using a dynamic routing protocol. Multiple sec interfaces may be configured to talk to separate provider gateways, providing redundancy or multiple paths between sites. SEE ALSO ipsec(4), netintro(4), hostname.if(5), pf.conf(5), ifconfig(8), iked(8), ipsecctl(8), isakmpd(8), netstart(8) HISTORY The sec driver first appeared in OpenBSD 7.4. AUTHORS David Gwynne <[email protected]>. FreeBSD 14.1-RELEASE-p8 September 20, 2024 FreeBSD 14.1-RELEASE-p8

Navigation Options

Actions: [Home] [Back] [New Search]
Browse: [Browse OpenBSD] [Section 4]
Print/Export: [Print] [Raw Text]
Date: 2025-08-18 Time: 19:25:16 SAST |
Page generated in 0.1195 seconds
Nergahak ManpageViewer v1.4
[Back to Top]