{"id":3746,"date":"2022-12-20T17:19:56","date_gmt":"2022-12-20T20:19:56","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/ipsec-man8\/"},"modified":"2022-12-20T17:19:56","modified_gmt":"2022-12-20T20:19:56","slug":"ipsec-man8","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/ipsec-man8\/","title":{"rendered":"IPSEC (man8)"},"content":{"rendered":"

IPSEC<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
COMMANDS<\/a>
RETURN CODE<\/a>
FILES<\/a>
SEE ALSO<\/a>
AUTHOR<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

ipsec \u2212 invoke IPsec utilities<\/p>\n

SYNOPSIS <\/a> <\/h2>\n\n\n
<\/td>\n\n

ipsec<\/b> command<\/i> [argument<\/i>…] ipsec<\/i> \u2212\u2212help<\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

ipsec<\/i> \u2212\u2212version
ipsec<\/i> \u2212\u2212directory<\/p>\n

DESCRIPTION <\/a> <\/h2>\n

ipsec<\/i> invokes any of several utilities involved in controlling the IPsec encryption\/authentication system, running the specified command<\/i> with the specified argument<\/i>s as if it had been invoked directly. This largely eliminates possible name collisions with other software, and also permits some centralized services.<\/p>\n

ipsec \u2212\u2212help<\/b> lists the available commands. Most have their own manual pages, e.g. ipsec_auto<\/b>(8) for auto<\/i>.<\/p>\n

ipsec \u2212\u2212version<\/b> outputs the software version. A version code of the form \u2018\u2018Uxxx<\/i>\/Kyyy<\/i>” indicates that the user\u2212level utilities are version xxx<\/i> but the kernel portion appears to be version yyy<\/i> (this form is used only if the two disagree). For the NETKEY\/XFRM stack, the kernel version is used, always displaying the U\/K split.<\/p>\n

ipsec \u2212\u2212directory<\/b> reports where ipsec<\/b> thinks the IPsec commands are stored.<\/p>\n

COMMANDS <\/a> <\/h2>\n

To get a list of supported commands, use ipsec \u2212\u2212help. A few of the commonly used commands are described below<\/p>\n

ipsec setup start|stop|restart<\/b> maps to the host init system. Supported init systems are sysv, systemd, upstart and openrc.<\/p>\n

ipsec barf<\/b> dumps the internal system status to stdout for debugging<\/p>\n

ipsec auto<\/b> is used to manually add, remove, up or down connections. For more information see ‘man ipsec_auto<\/p>\n

ipsec whack<\/b> is used to communicate direct commands to the pluto daemon using the whack interface. For more information see ‘man ipsec_pluto’<\/p>\n

ipsec initnss<\/b> initialises the NSS database that contains all the X.509 certificate information and private RSA keys<\/p>\n

ipsec checknss [\u2212\u2212settrusts]<\/b> is used to check the NSS database and initialize it when it is not present and optionally set trust bits for CA certificates.<\/p>\n

ipsec import<\/b> is used to import PKCS#12 X.509 files into the NSS database<\/p>\n

ipsec checknflog<\/b> is used to initialise iptables rules for the nflog devices when specified via the nflog= or nflog\u2212all= configuration options.<\/p>\n

ipsec stopnflog<\/b> is used to delete iptables rules for the nflog devices.<\/p>\n

RETURN CODE <\/a> <\/h2>\n

The ipsec command passes the return code of the sub\u2212command back to the caller. The only exception is when ipsec pluto<\/b> is used without \u2212\u2212nofork, as it will fork into the background and the ipsec command returns success while the pluto daemon may in fact exit with an error code after the fork.<\/p>\n

FILES <\/a> <\/h2>\n

\/usr\/libexec\/ipsec usual utilities directory<\/p>\n

SEE ALSO <\/a> <\/h2>\n

ipsec.conf<\/b>(5), ipsec.secrets<\/b>(5), ipsec_auto<\/b>(8), ipsec_checknss<\/b>(8), ipsec_initnss<\/b>(8), ipsec_setup<\/b>(8), ipsec_showhostkey<\/b>(8)<\/p>\n

AUTHOR <\/a> <\/h2>\n

Henry Spencer<\/b><\/p>\n

\n","protected":false},"excerpt":{"rendered":"

ipsec \u2212 invoke IPsec utilities <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,851,4],"class_list":["post-3746","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-ipsec","tag-man8"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=3746"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3746\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=3746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=3746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=3746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}