ipsec man page on SuSE

Man page or keyword search:  
man Server   14857 pages
apropos Keyword Search (all sections)
Output format
SuSE logo
[printable version]

IPSEC(8)							      IPSEC(8)

NAME
       ipsec - invoke IPsec utilities

SYNOPSIS
       ipsec command [ argument ...]

       ipsec start|update|reload|restart|stop

       ipsec up|down|route|unroute connectionname

       ipsec status|statusall [ connectionname ]

       ipsec listalgs|listpubkeys|listcerts [ --utc ]
       ipsec listcacerts|listaacerts|listocspcerts [ --utc ]
       ipsec listacerts|listgroups|listcainfos [ --utc ]
       ipsec listcrls|listocsp|listcards|listall [ --utc ]

       ipsec rereadsecrets|rereadgroups
       ipsec rereadcacerts|rereadaacerts|rereadocspcerts
       ipsec rereadacerts|rereadcrls|rereadall

       ipsec purgeocsp

       ipsec [ --help ] [ --version ] [ --versioncode ] [ --copyright ]
       ipsec [ --directory ] [ --confdir ]

DESCRIPTION
       Ipsec  invokes  any  of	several	 utilities involved in controlling the
       IPsec encryption/authentication system, running the  specified  command
       with  the specified arguments as if it had been invoked directly.  This
       largely eliminates possible name collisions with	 other	software,  and
       also permits some centralized services.

       The  commands start, update, reload, restart, and stop are built-in and
       are used to control  the	 ipsec	starter	 utility,  an  extremely  fast
       replacement for the traditional ipsec setup script.

       The  commands  up,  down,  route, unroute, status, statusall, listalgs,
       listpubkeys, listcerts, listcacerts, listaacerts,  listocspcerts,  lis‐
       tacerts,	  listgroups,	listcainfos,  listcrls,	 listocsp,  listcards,
       listall,	 rereadsecrets,	 rereadgroups,	rereadcacerts,	rereadaacerts,
       rereadocspcerts,	 rereadacerts,	rereadcrls,  and  rereadall  are  also
       built-in and completely replace the corresponding ipsec	auto  --opera‐
       tion"  commands.	 Communication	with  the pluto daemon happens via the
       ipsec whack socket interface.

       In particular, ipsec supplies the invoked command with a suitable  PATH
       environment  variable,  and  also  provides IPSEC_DIR, IPSEC_CONFS, and
       IPSEC_VERSION environment variables, containing respectively  the  full
       pathname	 of  the  directory  where the IPsec utilities are stored, the
       full pathname of the directory where the configuration files live,  and
       the IPsec version number.

       ipsec start calls ipsec starter which in turn starts pluto.

       ipsec  update  sends a HUP signal to ipsec starter which in turn deter‐
       mines any changes in ipsec.conf and updates the	configuration  on  the
       running pluto daemon, correspondingly.

       ipsec reload sends a USR1 signal to ipsec starter which in turn reloads
       the whole configuration on the running pluto daemon based on the actual
       ipsec.conf.

       ipsec restart executes ipsec stop followed by ipsec start.

       ipsec stop stops ipsec by sending a TERM signal to ipsec starter.

       ipsec up name tells the pluto daemon to start up connection name.

       ipsec down name tells the pluto daemon to take down connection name.

       ipsec  route name tells the pluto daemon to install a route for connec‐
       tion name.

       ipsec unroute name tells the pluto daemon to take down  the  route  for
       connection name.

       ipsec  status [ name ]  gives concise status information either on con‐
       nection name or if the name argument is lacking, on all connections.

       ipsec statusall [ name ]	 gives detailed status information  either  on
       connection name or if the name argument is lacking, on all connections.

       ipsec  listalgs	returns	 a  list all supported IKE encryption and hash
       algorithms, the available Diffie-Hellman groups, as well	 as  all  sup‐
       ported ESP encryption and authentication algorithms.

       ipsec  listpubkeys  returns  a list of RSA public keys that were either
       loaded in raw key format or extracted from X.509	 and|or	 OpenPGP  cer‐
       tificates.

       ipsec  listcerts	 returns  a  list of X.509 and|or OpenPGP certificates
       that were loaded locally by the pluto daemon.

       ipsec listcacerts returns a list of X.509 Certification Authority  (CA)
       certificates  that  were	 loaded	 locally  by the pluto daemon from the
       /etc/ipsec.d/cacerts/ directory or received in PKCS#7-wrapped  certifi‐
       cate payloads via the  IKE protocol.

       ipsec  listaacerts returns a list of X.509 Authorization Authority (AA)
       certificates that were loaded locally by	 the  pluto  daemon  from  the
       /etc/ipsec.d/aacerts/ directory.

       ipsec  listocspcerts  returns  a list of X.509 OCSP Signer certificates
       that  were  either  loaded  locally  by	the  pluto  daemon  from   the
       /etc/ipsec.d/ocspcerts/ directory or were sent by an OCSP server.

       ipsec  listacerts  returns  a list of X.509 Attribute certificates that
       were loaded locally by the pluto daemon from  the  /etc/ipsec.d/acerts/
       directory.

       ipsec  listgroups returns a list of groups that are used to define user
       authorization profiles.

       ipsec listcainfos returns certification authority information (CRL dis‐
       tribution points, OCSP URIs, LDAP servers) that were defined by ca sec‐
       tions in ipsec.conf.

       ipsec listcrls returns a list of Certificate Revocation Lists (CRLs).

       ipsec  listocsp	returns	 revocation  information  fetched  from	  OCSP
       servers.

       ipsec listcards returns a list of certificates residing on smartcards.

       ipsec  listall  returns	all information generated by the list commands
       above. Each list command can be called with the --url option which dis‐
       plays all dates in UTC instead of local time.

       ipsec   rereadsecrets  flushes  and  rereads  all  secrets  defined  in
       ipsec.conf.

       ipsec rereadcacerts  reads  all	certificate  files  contained  in  the
       /etc/ipsec.d/cacerts  directory and adds them to pluto's list of Certi‐
       fication Authority (CA) certificates.

       ipsec rereadaacerts  reads  all	certificate  files  contained  in  the
       /etc/ipsec.d/aacerts  directory and adds them to pluto's list of Autho‐
       rization Authority (AA) certificates.

       ipsec rereadocspcerts reads all	certificate  files  contained  in  the
       /etc/ipsec.d/ocspcerts/ directory and adds them to pluto's list of OCSP
       signer certificates.

       ipsec rereadacerts operation reads all certificate files	 contained  in
       the   /etc/ipsec.d/acerts/  directory  and adds them to pluto's list of
       attribute certificates.

       ipsec rereadcrls reads  all Certificate	Revocation Lists  (CRLs)  con‐
       tained  in  the	/etc/ipsec.d/crls/  directory and adds them to pluto's
       list of CRLs.

       ipsec rereadall is  equivalent  to  the	execution  of	rereadsecrets,
       rereadcacerts,	rereadaacerts,	 rereadocspcerts,   rereadacerts,  and
       rereadcrls.

       ipsec --help lists the available commands.  Most have their own	manual
       pages, e.g.  ipsec_auto(8) for auto.

       ipsec  --version outputs version information about Linux strongSwan.  A
       version code of the form ``Uxxx/Kyyy'' indicates	 that  the  user-level
       utilities  are version xxx but the kernel portion appears to be version
       yyy (this form is used only if the two disagree).

       ipsec --versioncode outputs just the version code, with none of	--ver‐
       sion's supporting information, for use by scripts.

       ipsec --copyright supplies boring copyright details.

       ipsec  --directory  reports  where ipsec thinks the IPsec utilities are
       stored.

       ipsec --confdir reports where  ipsec  thinks  the  IPsec	 configuration
       files are stored.

FILES
       /usr/local/lib/ipsec	usual utilities directory

ENVIRONMENT
       The  following environment variables control where strongSwan finds its
       components.  The ipsec command sets them if they are not already set.

       IPSEC_DIR	   directory containing ipsec programs and utilities
       IPSEC_SBINDIR	   directory containing ipsec command
       IPSEC_CONFDIR	   directory containing configuration files
       IPSEC_PIDDIR	   directory containing PID files
       IPSEC_NAME	   name of ipsec distribution
       IPSEC_VERSION	   version numer of ipsec userland and kernel
       IPSEC_STARTER_PID   PID file for ipsec starter
       IPSEC_PLUTO_PID	   PID file for IKEv1 keying daemon
       IPSEC_CHARON_PID	   PID file for IKEv2 keying daemon

SEE ALSO
       ipsec.conf(5), ipsec.secrets(5), ipsec_barf(8),

HISTORY
       Written for Linux FreeS/WAN <http://www.freeswan.org> by Henry Spencer.
       Updated	and  extended for Linux strongSwan <http://www.strongswan.org>
       by Andreas Steffen.

				9 February 2006			      IPSEC(8)
[top]

List of man pages available for SuSE

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net