ipsec_tncfg man page
ipsec_tncfg — lists IPSEC virtual interfaces attached to real interfaces
Note that tncfg is only supported on the KLIPS stack which uses ipsecX interfaces bound to physical interfaces
/proc/net/ipsec_tncfg is a read-only file which lists which IPSEC virtual interfaces are attached to which real interfaces, through which packets will be forwarded once processed by IPSEC.
Each line lists one ipsec I/F. A table entry consists of:
- an ipsec virtual I/F name
- a visual and machine parsable separator '->', separating the virtual I/F and the physical I/F,
- a physical I/F name, to which the ipsec virtual I/F is attached or NULL if it is not attached,
- the keyword mtu=,
- the MTU of the ipsec virtual I/F,
- the automatically adjusted effective MTU for PMTU discovery, in brackets,
- a visual and machine parsable separator '->', separating the virtual I/F MTU and the physical I/F MTU,
- the MTU of the attached physical I/F.
ipsec2 -> eth3 mtu=16260(1443) -> 1500
shows that virtual device ipsec2 with an MTU of 16260 is connected to physical device eth3 with an MTU of 1500 and that the effective MTU as a result of PMTU discovery has been automatically set to 1443.
ipsec0 -> wvlan0 mtu=1400(16260) -> 1500
shows that virtual device ipsec0 with an MTU of 1400 is connected to physical device wvlan0 with an MTU of 1500 and no PMTU packets have gotten far enough to bump down the effective MTU from its default of 16260.
ipsec3 -> NULL mtu=0(0) -> 0
shows that virtual device ipsec3 is not connected to any physical device.
ipsec(8), ipsec_eroute(5), ipsec_spi(5), ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_tncfg(8), ipsec_version(5), ipsec_pf_key(5)
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.
placeholder to suppress warning
ipsec_eroute(5), ipsec_spi(5), ipsec_spigrp(5), ipsec_tncfg(8).