Install Now
ipseckey - Generate IPSECKEY records on libreswan IPsec servers
Contents
Bugs
Some other IPsec software is not yet supported
Copyright
Copyright 2015 Paul Wouters
This program is free software; you can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation; either version 2 of the License, or
(at your option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License (file COPYING in the distribution) for more details.
Paul Wouters January 5, 2015 IPSECKEY(1)
Description
ipseckey generates RFC-4025 IPSECKEY DNS records based on the public key of the IPsec server. Supported
IPsec software is libreswan and some versions of openswan (depending on its implementation of
showhostkey). The record is displayed will have the label of the hostname. This can be manually changed.
(TODO: allow specifying --hostname and allow --reverse for creating in-addr.arpa. entries)
Files
The NSS IPsec database in /etc/ipsec.d/*.db or for older openswan without NSS /etc/ipsec.secrets
Name
ipseckey - Generate IPSECKEY records on libreswan IPsec servers
Options
-h/--help
Output help information and exit.
-v/--version
Output version information and exit.
Requirements
ipseckey MUST be run on the IPsec gateway itself because unlike TLS, IPsec servers do not present their
public RSA key any client. Currently, only libreswan IPsec is supported (https://libreswan.org) although
some versions of openswan might work as well. Root access is needed because the public key is pulled from
/etc/ipsec.secrets which can contain secrets and is therefor only readable by root (even though with
libreswan, ipsec.secrets does not contain the any private RSA keys)
See Also
ipsec_showhostkey(8) and RFC-4025
Syntax
ipseckey
PNG Icons