'\" t .\" Title: IPSEC .\" Author: Henry Spencer .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 03/12/2024 .\" Manual: Executable programs .\" Source: libreswan .\" Language: English .\" .TH "IPSEC" "8" "03/12/2024" "libreswan" "Executable programs" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" ipsec \- invoke IPsec utilities .SH "SYNOPSIS" .HP \w'\fBipsec\fR\ 'u \fBipsec\fR \fIcommand\fR [\fIargument\fR...] \fIipsec\fR \-\-help .br \fIipsec\fR \-\-version .br \fIipsec\fR \-\-directory .SH "DESCRIPTION" .PP \fIipsec\fR invokes any of several utilities involved in controlling the IPsec encryption/authentication system, running the specified \fIcommand\fR with the specified \fIargument\fRs as if it had been invoked directly\&. This largely eliminates possible name collisions with other software, and also permits some centralized services\&. .PP \fBipsec \-\-help\fR lists the available commands\&. Most have their own manual pages, e\&.g\&. \fBipsec_auto\fR(8) for \fIauto\fR\&. .PP \fBipsec \-\-version\fR outputs the software version\&. A version code of the form ``U\fIxxx\fR/K\fIyyy\fR\*(Aq\*(Aq indicates that the user\-level utilities are version \fIxxx\fR but the kernel portion appears to be version \fIyyy\fR (this form is used only if the two disagree)\&. For the NETKEY/XFRM stack, the kernel version is used, always displaying the U/K split\&. .PP \fBipsec \-\-directory\fR reports where \fBipsec\fR thinks the IPsec commands are stored\&. .SH "COMMANDS" .PP To get a list of supported commands, use ipsec \-\-help\&. A few of the commonly used commands are described below .PP \fBipsec setup start|stop|restart\fR maps to the host init system\&. Supported init systems are sysv, systemd, upstart and openrc\&. .PP \fBipsec barf\fR dumps the internal system status to stdout for debugging .PP \fBipsec auto\fR is used to manually add, remove, up or down connections\&. For more information see \*(Aqman ipsec_auto .PP \fBipsec whack\fR is used to communicate direct commands to the pluto daemon using the whack interface\&. For more information see \*(Aqman ipsec_pluto\*(Aq .PP \fBipsec initnss\fR initialises the NSS database that contains all the X\&.509 certificate information and private RSA keys .PP \fBipsec checknss [\-\-settrusts]\fR is used to check the NSS database and initialize it when it is not present and optionally set trust bits for CA certificates\&. .PP \fBipsec import\fR is used to import PKCS#12 X\&.509 files into the NSS database .PP \fBipsec checknflog\fR is used to initialise iptables rules for the nflog devices when specified via the nflog= or nflog\-all= configuration options\&. .PP \fBipsec stopnflog\fR is used to delete iptables rules for the nflog devices\&. .SH "RETURN CODE" .PP The ipsec command passes the return code of the sub\-command back to the caller\&. The only exception is when \fBipsec pluto\fR is used without \-\-nofork, as it will fork into the background and the ipsec command returns success while the pluto daemon may in fact exit with an error code after the fork\&. .SH "FILES" .PP /usr/libexec/ipsec usual utilities directory .SH "SEE ALSO" .PP \fBipsec.conf\fR(5), \fBipsec.secrets\fR(5), \fBipsec_auto\fR(8), \fBipsec_checknss\fR(8), \fBipsec_initnss\fR(8), \fBipsec_setup\fR(8), \fBipsec_showroute\fR(8) \fBipsec_showhostkey\fR(8) .SH "AUTHOR" .PP \fBHenry Spencer\fR .RS 4 .RE