FreeS/WAN manual pages
The various components of Linux FreeS/WAN are of course
documented in standard Unix manual pages, accessible via
the man(1) command.
Links here take you to an HTML version of the man pages.
If you have the world Wide Web Consortium's Amaya
browser/editor, then you have another choice. Use Amaya to get all the manual pages in
a single HTML document.
Files
-
ipsec.conf(5)
-
IPSEC configuration and connections
-
ipsec.secrets(5)
-
preshared secrets for IKE/IPsec authentication
These files are also discussed in the HTML setup and
configuration documents.
Commands
Many users will never give most of the FreeS/WAN commands directly.
Configure the files listed above correctly and everything should be
automatic.
One exception is:
-
ipsec_rsasigkey(8)
-
generate RSA keys for use in Pluto authentication
Note that:
- These keys are for authentication only.
They are not secure for encryption.
- RSA Data Security hold a US patent on the
RSA algorithm, valid until September 20, 2000. Using this utility in the
US before then may be illegal because it would violate that patent.
- The utility uses random(4) as a source of
random numbers. This may block for some time
if there is not enough activity on the machine to provide the required entropy.
You may want to give it some bogus activity such as random mouse movements or
some command such as du /usr > dev/null &.
The following commands are fairly likely
to be used, if only for testing and status checks:
-
ipsec(8)
-
invoke IPSEC utilities
-
ipsec_setup(8)
-
control IPSEC subsystem
-
ipsec_auto(8)
-
control automatically-keyed IPSEC connections
-
ipsec_manual(8)
-
take manually-keyed IPSEC connections up and down
-
ipsec_ranbits(8)
-
generate random bits in ASCII form
-
ipsec_look(8)
-
show minimal debugging information
-
ipsec_barf(8)
-
spew out collected IPSEC debugging information
The lower-level utilities listed below are normally invoked via
scripts listed above, but they can also be
used directly when required.
-
ipsec_eroute(8)
-
manipulate IPSEC extended routing tables
-
ipsec_klipsdebug(8)
-
set Klips (kernel IPSEC support) debug features and level
-
ipsec_pluto(8)
-
IPsec IKE keying daemon
-
ipsec_spi(8)
-
manage IPSEC Security Associations
-
ipsec_spigrp(8)
-
group/ungroup IPSEC Security Associations
-
ipsec_tncfg(8)
-
associate IPSEC virtual interface with real interface
-
ipsec_whack(8)
-
control interface for IPSEC keying daemon
Library routines
ipsec_atoaddr(3)
ipsec_addrtoa(3)
convert Internet addresses to and from ASCII
ipsec_atosubnet(3)
ipsec_subnettoa(3)
convert subnet/mask ASCII form to and from addresses
ipsec_atoasr(3)
convert ASCII to Internet address, subnet, or range
ipsec_rangetoa(3)
convert Internet address range to ASCII
ipsec_atodata(3)
ipsec_datatoa(3)
convert binary data from and to ASCII formats
ipsec_atosa(3)
ipsec_satoa(3)
convert IPSEC Security Association IDs to and from ASCII
ipsec_atoul(3)
ipsec_ultoa(3)
convert unsigned-long numbers to and from ASCII
ipsec_goodmask(3)
is this Internet subnet mask a valid one?
ipsec_masktobits(3)
convert Internet subnet mask to bit count
ipsec_bitstomask(3)
convert bit count to Internet subnet mask
ipsec_optionsfrom(3)
read additional ``command-line'' options from file
ipsec_subnetof(3)
given Internet address and subnet mask, return subnet number
ipsec_hostof(3)
given Internet address and subnet mask, return host part
ipsec_broadcastof(3)
given Internet address and subnet mask, return broadcast address
|
