1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<!-- lifted from troff+man by doclifter -->
<refentry>
<refentryinfo>
<author><firstname>Henry</firstname><surname>Spencer</surname><authorblurb><para></para> </authorblurb></author>
</refentryinfo>
<refmeta>
<refentrytitle>IPSEC</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class='date'>27 April 2018</refmiscinfo>
<refmiscinfo class="source">libreswan</refmiscinfo>
<refmiscinfo class="manual">Executable programs</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>ipsec</refname>
<refpurpose>invoke IPsec utilities</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>ipsec</command>
<arg choice='plain'><replaceable>command</replaceable></arg>
<arg choice='opt' rep='repeat'><replaceable>argument</replaceable></arg>
<arg choice='plain'><replaceable>ipsec</replaceable></arg>
<arg choice='plain'>--help </arg>
<sbr/>
<arg choice='plain'><replaceable>ipsec</replaceable></arg>
<arg choice='plain'>--version </arg>
<sbr/>
<arg choice='plain'><replaceable>ipsec</replaceable></arg>
<arg choice='plain'>--directory </arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'><title>DESCRIPTION</title>
<para><emphasis remap='I'>ipsec</emphasis>
invokes any of several utilities involved in controlling the IPsec
encryption/authentication system,
running the specified
<emphasis remap='I'>command</emphasis>
with the specified
<emphasis remap='I'>argument</emphasis>s
as if it had been invoked directly.
This largely eliminates possible name collisions with other software,
and also permits some centralized services.</para>
<para><userinput>ipsec --help</userinput>
lists the available commands.
Most have their own manual pages, e.g.
<citerefentry><refentrytitle>ipsec_auto</refentrytitle><manvolnum>8</manvolnum></citerefentry>
for
<emphasis remap='I'>auto</emphasis>.</para>
<para><userinput>ipsec --version</userinput>
outputs the software version.
A version code of the form ``U<emphasis remap='I'>xxx</emphasis>/K<emphasis remap='I'>yyy</emphasis>''
indicates that the user-level utilities are version <emphasis remap='I'>xxx</emphasis>
but the kernel portion appears to be version <emphasis remap='I'>yyy</emphasis>
(this form is used only if the two disagree). For the NETKEY/XFRM stack, the kernel version is used, always displaying the U/K split.</para>
<para><userinput>ipsec --directory</userinput>
reports where
<command>ipsec</command>
thinks the IPsec commands are stored.</para>
</refsect1>
<refsect1 id='commands'><title>COMMANDS</title>
<para>To get a list of supported commands, use ipsec --help. A few of the
commonly used commands are described below</para>
<para><userinput>ipsec setup start|stop|restart</userinput> maps to the
host init system. Supported init systems are sysv, systemd, upstart and openrc.
</para>
<para><userinput>ipsec barf</userinput> dumps the internal system status
to stdout for debugging</para>
<para><userinput>ipsec auto</userinput> is used to manually add, remove, up or down connections. For more information see 'man ipsec_auto </para>
<para><userinput>ipsec whack</userinput> is used to communicate direct commands to the pluto daemon using the whack interface. For more information see 'man ipsec_pluto' </para>
<para><userinput>ipsec initnss</userinput> initialises the NSS database that contains all the X.509 certificate information and private RSA keys</para>
<para><userinput>ipsec checknss [--settrusts]</userinput> is used to check the NSS database and initialize it when it is not present and optionally set trust bits for CA certificates.</para>
<para><userinput>ipsec import</userinput> is used to import PKCS#12 X.509 files into the NSS database</para>
<para><userinput>ipsec checknflog</userinput> is used to initialise iptables rules for the nflog devices when specified via the nflog= or nflog-all= configuration options.</para>
<para><userinput>ipsec stopnflog</userinput> is used to delete iptables rules for the nflog devices.</para>
</refsect1>
<refsect1 id='returncode'><title>RETURN CODE</title>
<para>The ipsec command passes the return code of the sub-command
back to the caller. The only exception is when <userinput>ipsec pluto</userinput>
is used without --nofork, as it will fork into the background
and the ipsec command returns success while the pluto daemon
may in fact exit with an error code after the fork. </para>
</refsect1>
<refsect1 id='files'><title>FILES</title>
<para>/usr/libexec/ipsec usual utilities directory</para>
</refsect1>
<refsect1 id='see_also'><title>SEE ALSO</title>
<para>
<citerefentry><refentrytitle>ipsec.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ipsec.secrets</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ipsec_auto</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ipsec_checknss</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ipsec_initnss</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ipsec_setup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ipsec_showhostkey</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>
|
