ipsec - invoke IPsec utilities

HenrySpencer

libreswan                                          03/31/2024                                           IPSEC(8)

       To get a list of supported commands, use ipsec --help. A few of the commonly used commands are described
       below

       ipsecsetupstart|stop|restart maps to the host init system. Supported init systems are sysv, systemd,
       upstart and openrc.

       ipsecbarf dumps the internal system status to stdout for debugging

       ipsecauto is used to manually add, remove, up or down connections. For more information see 'man
       ipsec_auto

       ipsecwhack is used to communicate direct commands to the pluto daemon using the whack interface. For
       more information see 'man ipsec_pluto'

       ipsecinitnss initialises the NSS database that contains all the X.509 certificate information and
       private RSA keys

       ipsecchecknss[--settrusts] is used to check the NSS database and initialize it when it is not present
       and optionally set trust bits for CA certificates.

       ipsecimport is used to import PKCS#12 X.509 files into the NSS database

       ipsecchecknflog is used to initialise iptables rules for the nflog devices when specified via the nflog=
       or nflog-all= configuration options.

       ipsecstopnflog is used to delete iptables rules for the nflog devices.

ipsec invokes any of several utilities involved in controlling the IPsec encryption/authentication
       system, running the specified command with the specified arguments as if it had been invoked directly.
       This largely eliminates possible name collisions with other software, and also permits some centralized
       services.

       ipsec--help lists the available commands. Most have their own manual pages, e.g.  ipsec_auto(8) for
       auto.

       ipsec--version outputs the software version. A version code of the form ``Uxxx/Kyyy'' indicates that the
       user-level utilities are version xxx but the kernel portion appears to be version yyy (this form is used
       only if the two disagree). For the NETKEY/XFRM stack, the kernel version is used, always displaying the
       U/K split.

       ipsec--directory reports where ipsec thinks the IPsec commands are stored.

       /usr/libexec/ipsec usual utilities directory

       ipsec - invoke IPsec utilities

       The ipsec command passes the return code of the sub-command back to the caller. The only exception is
       when ipsecpluto is used without --nofork, as it will fork into the background and the ipsec command
       returns success while the pluto daemon may in fact exit with an error code after the fork.

ipsec.conf(5), ipsec.secrets(5), ipsec_auto(8), ipsec_checknss(8), ipsec_initnss(8), ipsec_setup(8),
       ipsec_showroute(8) ipsec_showhostkey(8)

ipseccommand [argument...] ipsec --help
             ipsec --version
             ipsec --directory