'\" t
.\"     Title: IPSEC
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: 03/14/2024
.\"    Manual: Executable programs
.\"    Source: Libreswan 5.0~rc2
.\"  Language: English
.\"
.TH "IPSEC" "8" "03/14/2024" "Libreswan 5.0~rc2" "Executable programs"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ipsec \- invoke IPsec utilities
.SH "SYNOPSIS"
.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIcommand\fR [\fIargument\fR...]
.HP \w'\fBipsec\ help\fR\ 'u
\fBipsec help\fR
.HP \w'\fBipsec\ version\fR\ 'u
\fBipsec version\fR
.HP \w'\fBipsec\ directory\fR\ 'u
\fBipsec directory\fR
.SH "DESCRIPTION"
.PP
\fBipsec\fR
invokes any of several utilities involved in controlling the IPsec encryption/authentication system, running the specified
\fIcommand\fR
with the specified
\fIargument\fR
as if it had been invoked directly\&. This largely eliminates possible name collisions with other software, and also permits some centralized services\&.
.PP
\fBipsec help\fR
lists the available commands\&. Most have their own manual pages\&.
.PP
\fBipsec version\fR
outputs the software version\&.
.PP
\fBipsec directory\fR
reports where the
\fBipsec\fR
sub\-commands are stored\&.
.SH "COMMANDS"
.PP
To get a list of supported commands, use the command
\fBipsec \-\-help\fR\&. The full set of commands are listed below:
.PP
\fBipsec start\fR, \fBipsec stop\fR, \fBipsec restart\fR, \fBipsec listen\fR
.RS 4
Used to control the
\fBpluto\fR
daemon using the host init system\&. Supported init systems are sysv, systemd, upstart and openrc\&.
.sp
See
\fBipsec-start\fR(8),
\fBipsec-stop\fR(8),
\fBipsec-listen\fR(8), and
\fBipsec-restart\fR(8)\&.
.RE
.PP
\fBipsec add\fR, \fBipsec up\fR, \fBipsec start\fR, \fBipsec route\fR, \fBipsec unroute\fR, \fBipsec ondemand\fR, \fBipsec down\fR, \fBipsec delete\fR, \fBipsec redirect\fR, \fBipsec replace\fR
.RS 4
Used to manually add, remove and manipulate connections\&.
.sp
See
\fBipsec-add\fR(8),
\fBipsec-redirect\fR(8),
\fBipsec-up\fR(8),
\fBipsec-start\fR(8),
\fBipsec-route\fR(8),
\fBipsec-unroute\fR(8),
\fBipsec-ondemand\fR(8),
\fBipsec-down\fR(8),
\fBipsec-replace\fR(8), and
\fBipsec-delete\fR(8)\&.
.RE
.PP
\fBipsec status\fR, \fBipsec briefstatus\fR, \fBipsec connectionstatus\fR, \fBipsec briefconnectionstatus\fR, \fBipsec trafficstatus\fR, \fBipsec shuntstatus\fR
.RS 4
Used to display information about connections and their current status\&.
.sp
See
\fBipsec-status\fR(8),
\fBipsec-briefstatus\fR(8),
\fBipsec-trafficstatus\fR(8),
\fBipsec-connectionstatus\fR(8),
\fBipsec-shuntstatus\fR(8), and
\fBipsec-briefconnectionstatus\fR(8)\&.
.RE
.PP
\fBipsec initnss\fR, \fBipsec checknss\fR, \fBipsec import\fR, \fBipsec listall\fR, \fBipsec listcerts\fR, \fBipsec rereadsecrets\fR, \fBipsec listpubkeys\fR, \fBipsec rereadcerts\fR, \fBipsec listcacerts\fR, \fBipsec rereadall\fR, \fBipsec rereadsecrets\fR
.RS 4
Used to initialise, verify, and manipulate the NSS database that contains all the X\&.509 certificate information and private RSA keys\&.
.sp
See
\fBipsec-initnss\fR(8),
\fBipsec-rereadall\fR(8),
\fBipsec-rereadsecrets\fR(8),
\fBipsec-listall\fR(8),
\fBipsec-checknss\fR(8),
\fBipsec-import\fR(8),
\fBipsec-rereadcerts\fR(8),
\fBipsec-listcerts\fR(8),
\fBipsec-listcacerts\fR(8),
\fBipsec-fips\fR(8),
\fBipsec-rereadsecrets\fR(8),
\fBipsec-listpubkeys\fR(8), and
\fBipsec-pk12status\fR(8)\&.
.RE
.PP
\fBipsec fetchcrls\fR, \fBipsec listcrls\fR
.RS 4
Update and display the Certificate Revocation List\&.
.sp
See
\fBipsec-fetchcrls\fR(8), and
\fBipsec-listcrls\fR(8)\&.
.RE
.PP
\fBipsec certutil\fR, \fBipsec crlutil\fR, \fBipsec modutil\fR, \fBipsec pk12util\fR, \fBipsec vfychain\fR
.RS 4
Wrappers around the
NSS
\fBpk12util\fR,
\fBmodutil\fR,
\fBcertutil\fR, and
\fBcrlutil\fR
that can be used to directly manipulate
Libreswan\*(Aqs
NSS
database\&.
.sp
See
\fBipsec-certutil\fR(8),
\fBipsec-crlutil\fR(8)\&.
\fBipsec-modutil\fR(8),
\fBipsec-pk12util\fR(8), and
\fBipsec-vfychain\fR(8)\&.
.RE
.PP
\fBipsec checkconfig\fR, \fBipsec readwriteconf\fR
.RS 4
Used to validate and dump the ipsec file (default
/etc/ipsec.conf)\&.
.sp
See
\fBipsec-checkconfig\fR(8), and
\fBipsec-readwriteconf\fR(8)\&.
.RE
.PP
\fBipsec checknflog\fR, \fBipsec stopnflog\fR
.RS 4
Used to initialise and delete iptable rules for the nflog devices when specified via the nflog= or nflog\-all= configuration options\&.
.sp
See
\fBipsec-checknflog\fR(8), and
\fBipsec-stopnflog\fR(8)\&.
.RE
.PP
\fBipsec whack\fR
.RS 4
Low\-level utility for manipulating
Libreswan\*(Aqs
daemon
\fBpluto\fR\&.
.sp
See
\fBipsec-whack\fR(8)\&.
.RE
.PP
\fBipsec pluto\fR
.RS 4
Libreswan\*(Aqs
daemon that implements the Internet Key Exchange protocols\&.
.sp
See
\fBipsec-pluto\fR(8)\&.
.RE
.PP
\fBipsec showhostkey\fR, \fBipsec newhostkey\fR, \fBipsec ecdsasigkey\fR, \fBipsec rsasigkey\fR
.RS 4
Generate and display raw host keys stored in the
NSS
database\&.
.sp
See:
\fBipsec-showhostkey\fR(8),
\fBipsec-newhostkey\fR(8),
\fBipsec-ecdsasigkey\fR(8),
\fBipsec-rsasigkey\fR(8)\&.
.RE
.PP
\fBipsec algparse\fR
.RS 4
Utility for displaying and verifying cryptographic proposals\&.
.sp
See:
\fBipsec-algparse\fR(8)\&.
.RE
.PP
\fBipsec showroute\fR
.RS 4
Utility for displaying the routing information\&.
.sp
See:
\fBipsec-showroute\fR(8)\&.
.RE
.PP
\fBipsec letsencrypt\fR
.RS 4
Utility for generating
letsencrypt
keys\&.
.sp
See:
\fBipsec-letsencrypt\fR(8)\&.
.RE
.PP
\fBipsec fipsstatus\fR, \fBipsec cavp\fR
.RS 4
Display FIPS status and run FIPS crypto tests for CAVP complance\&.
.sp
See:
\fBipsec-fipsstatus\fR(8),
\fBipsec-cavp\fR(8)\&.
.RE
.SH "RETURN CODE"
.PP
The ipsec command passes the return code of the sub\-command back to the caller\&. The only exception is when
\fBipsec pluto\fR
is used without
\fB\-\-nofork\fR, as it will fork into the background and the ipsec command returns success while the pluto daemon may in fact exit with an error code after the fork\&.
.SH "FILES"
.PP
/usr/libexec/ipsec
usual utilities directory
.SH "SEE ALSO"
.PP
\fBipsec.conf\fR(5),
\fBipsec-add\fR(8),
\fBipsec-algparse\fR(8),
\fBipsec-briefconnectionstatus\fR(8),
\fBipsec-briefstatus\fR(8),
\fBipsec-certutil\fR(8),
\fBipsec-checkconfig\fR(8),
\fBipsec-checknflog\fR(8),
\fBipsec-checknss\fR(8),
\fBipsec-connectionstatus\fR(8),
\fBipsec-crlutil\fR(8),
\fBipsec-delete\fR(8),
\fBipsec-down\fR(8),
\fBipsec-ecdsasigkey\fR(8),
\fBipsec-fetchcrls\fR(8),
\fBipsec-fipsstatus\fR(8),
\fBipsec-globalstatus\fR(8),
\fBipsec-import\fR(8),
\fBipsec-initnss\fR(8),
\fBipsec-letsencrypt\fR(8),
\fBipsec-listall\fR(8),
\fBipsec-listcacerts\fR(8),
\fBipsec-listcerts\fR(8),
\fBipsec-listcrls\fR(8),
\fBipsec-listen\fR(8),
\fBipsec-listpubkeys\fR(8),
\fBipsec-modutil\fR(8),
\fBipsec-newhostkey\fR(8),
\fBipsec-ondemand\fR(8),
\fBipsec-pk12util\fR(8),
\fBipsec-pluto\fR(8),
\fBipsec-purgeocsp\fR(8),
\fBipsec-redirect\fR(8),
\fBipsec-replace\fR(8),
\fBipsec-rereadall\fR(8),
\fBipsec-rereadcerts\fR(8),
\fBipsec-rereadsecrets\fR(8),
\fBipsec-restart\fR(8),
\fBipsec-route\fR(8),
\fBipsec-rsasigkey\fR(8),
\fBipsec-setup\fR(8),
\fBipsec-showhostkey\fR(8),
\fBipsec-showroute\fR(8),
\fBipsec-showstates\fR(8),
\fBipsec-shuntstatus\fR(8),
\fBipsec-start\fR(8),
\fBipsec-status\fR(8),
\fBipsec-stop\fR(8),
\fBipsec-trafficstatus\fR(8),
\fBipsec-unroute\fR(8),
\fBipsec-up\fR(8),
\fBipsec-vfychain\fR(8),
\fBipsec-whack\fR(8)
.SH "AUTHOR"
.PP
Tuomo Soini
Andrew Cagney