ipsec-algparse - Man Page
utility for verifying IKE and IPsec cryptographic proposal syntax
Synopsis
ipsec algparse [-v1 | -v2 | -v | -verbose | -debug | -p1 | -p2 | -pfs {yes | no} | -fips {yes | no} | -ignore | -impair | -nsspw password]
{-tp | -ta | ike=proposals | esp=proposals | ah=proposals | proposals}
Description
ipsec algparse is a utility that parses and expands and Internet Key Exchange cryptographic proposals using the same syntax as used in the file ipsec.conf (see the description of ike= and esp= in ipsec.conf (see ipsec.conf(5) for details). In addition, ipsec algparse can be used to run the proposal parser or the cryptographic algorithm testsuites.
The following options control what ipsec algparse will parse:
- ike=[proposals], esp=[proposals], ah=[proposals]
Parse the proposals using the IKE, ESP, or AH proposal parser. When proposals is omitted, display the default IKE, ESP, or AH proposals.
- proposal
Try to parse the proposal using all three of the IKE, ESP, and AH proposal parsers.
- -tp
run the proposal testsuite
- -ta
run the algorithm testsuite
The following options alter the parser behaviour:
- -v1, -v2
Parse the proposals using either the IKEv1 or IKEv2 proposal syntax.
The default is IKEv2.
- -pfs=yes|no
Specify PFS (Perfect Forward Privicy). When yes Diffi-Helman algorithms will be included in the proposal.
The default is --pfs=no.
- -fips=yes|no
Force NSS into FIPS mode.
The default is determined by the system environment.
- -p1, -p2
Specify the parser to use.
By default, IKEv1 uses the simple (p1) parser, and IKEv2 uses the more complex (p2) parser.
- -nsspw
Specify the NSS database password.
- -impair
Impair the parser, disabling all algorithm checks.
- -ignore
Ignore parser errors.
- -v, -verbose
Be more verbose when invoking proposal parser.
- -d, -debug
Enable full debug-logging when invoking the proposal parser.
History
Written for the Libreswan project by Andrew Cagney.
Author
Andrew Cagney
Referenced By
ipsec(8), ipsec-add(8), ipsec-briefconnectionstatus(8), ipsec-briefstatus(8), ipsec-certutil(8), ipsec-checknflog(8), ipsec-checknss(8), ipsec.conf(5), ipsec-connectionstatus(8), ipsec-crlutil(8), ipsec-delete(8), ipsec-down(8), ipsec-fetchcrls(8), ipsec-fipsstatus(8), ipsec-globalstatus(8), ipsec-import(8), ipsec-initnss(8), ipsec-listall(8), ipsec-listcacerts(8), ipsec-listcerts(8), ipsec-listcrls(8), ipsec-listen(8), ipsec-listpubkeys(8), ipsec-modutil(8), ipsec-ondemand(8), ipsec-pk12util(8), ipsec-purgeocsp(8), ipsec-redirect(8), ipsec-replace(8), ipsec-rereadall(8), ipsec-rereadcerts(8), ipsec-rereadsecrets(8), ipsec-restart(8), ipsec-route(8), ipsec-showstates(8), ipsec-shuntstatus(8), ipsec-start(8), ipsec-status(8), ipsec-stop(8), ipsec-trafficstatus(8), ipsec-unroute(8), ipsec-up(8), ipsec-vfychain(8).