Logo

Charles Steinkuehler's LEAF/LRP Website


 

FreeS/WAN manual pages

The various components of Linux FreeS/WAN are of course documented in standard Unix manual pages, accessible via the man(1) command.

Links here take you to an HTML version of the man pages.

If you have the world Wide Web Consortium's Amaya browser/editor, then you have another choice. Use Amaya to get all the manual pages in a single HTML document.

Files

ipsec.conf(5)
IPSEC configuration and connections
ipsec.secrets(5)
preshared secrets for IKE/IPsec authentication
These files are also discussed in the HTML setup and configuration documents.

Commands

Many users will never give most of the FreeS/WAN commands directly. Configure the files listed above correctly and everything should be automatic.

One exception is:

ipsec_rsasigkey(8)
generate RSA keys for use in Pluto authentication
Note that:
  • These keys are for authentication only. They are not secure for encryption.
  • RSA Data Security hold a US patent on the RSA algorithm, valid until September 20, 2000. Using this utility in the US before then may be illegal because it would violate that patent.
  • The utility uses random(4) as a source of random numbers. This may block for some time if there is not enough activity on the machine to provide the required entropy. You may want to give it some bogus activity such as random mouse movements or some command such as du /usr > dev/null &.

The following commands are fairly likely to be used, if only for testing and status checks:

ipsec(8)
invoke IPSEC utilities
ipsec_setup(8)
control IPSEC subsystem
ipsec_auto(8)
control automatically-keyed IPSEC connections
ipsec_manual(8)
take manually-keyed IPSEC connections up and down
ipsec_ranbits(8)
generate random bits in ASCII form
ipsec_look(8)
show minimal debugging information
ipsec_barf(8)
spew out collected IPSEC debugging information
The lower-level utilities listed below are normally invoked via scripts listed above, but they can also be used directly when required.
ipsec_eroute(8)
manipulate IPSEC extended routing tables
ipsec_klipsdebug(8)
set Klips (kernel IPSEC support) debug features and level
ipsec_pluto(8)
IPsec IKE keying daemon
ipsec_spi(8)
manage IPSEC Security Associations
ipsec_spigrp(8)
group/ungroup IPSEC Security Associations
ipsec_tncfg(8)
associate IPSEC virtual interface with real interface
ipsec_whack(8)
control interface for IPSEC keying daemon

Library routines

ipsec_atoaddr(3)
ipsec_addrtoa(3)
convert Internet addresses to and from ASCII
ipsec_atosubnet(3)
ipsec_subnettoa(3)
convert subnet/mask ASCII form to and from addresses
ipsec_atoasr(3)
convert ASCII to Internet address, subnet, or range
ipsec_rangetoa(3)
convert Internet address range to ASCII
ipsec_atodata(3)
ipsec_datatoa(3)
convert binary data from and to ASCII formats
ipsec_atosa(3)
ipsec_satoa(3)
convert IPSEC Security Association IDs to and from ASCII
ipsec_atoul(3)
ipsec_ultoa(3)
convert unsigned-long numbers to and from ASCII
ipsec_goodmask(3)
is this Internet subnet mask a valid one?
ipsec_masktobits(3)
convert Internet subnet mask to bit count
ipsec_bitstomask(3)
convert bit count to Internet subnet mask
ipsec_optionsfrom(3)
read additional ``command-line'' options from file
ipsec_subnetof(3)
given Internet address and subnet mask, return subnet number
ipsec_hostof(3)
given Internet address and subnet mask, return host part
ipsec_broadcastof(3)
given Internet address and subnet mask, return broadcast address