IPsec implementation with IKEv1 and IKEv2 keying protocols
Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.
This package contains the daemons and userland tools for setting up
Libreswan. To build KLIPS, see the kmod-libreswan.spec file.
Libreswan also supports IKEv2 (RFC4309) and Secure Labeling
Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
| File | Description |
|---|---|
| ipsec.conf | IPsec configuration and connections |
| ipsec_eroute | list of existing eroutes |
| ipsec_klipsdebug | list KLIPS (kernel IPSEC support) debug features and level |
| ipsec_pf_key | lists PF_KEY sockets registered with KLIPS |
| ipsec.secrets | secrets for IKE/IPsec authentication |
| ipsec_spi | list IPSEC Security Associations |
| ipsec_spigrp | list IPSEC Security Association groupings |
| ipsec_tncfg | lists IPSEC virtual interfaces attached to real interfaces |
| ipsec_trap_count | KLIPS statistic on number of ACQUIREs |
| ipsec_trap_sendcount | KLIPS statistic on number of successful ACQUIREs |
| ipsec_version | lists KLIPS version information |
| Command | Description |
|---|---|
| ipsec | invoke IPsec utilities |
| ipsec_addconn | load a given policy into the pluto IKE daemon |
| ipsec_auto | control automatically-keyed IPsec connections |
| ipsec_barf | spew out collected IPsec debugging information |
| ipsec_eroute | manipulate IPSEC extended routing tables |
| ipsec_import | Import PKCS#12 (*.p12) files into the IPsec NSS database |
| ipsec__import_crl | helper program for importing a crl to the NSS database |
| ipsec_initnss | Initialise the IPsec NSS database |
| ipsec__keycensor | internal routine to remove sensitive information |
| ipsec_klipsdebug | set KLIPS and MAST debug features and level. Other stacks are not supported. |
| ipsec_look | get a quick summary of Libreswan status |
| ipsec_newhostkey | generate a new raw RSA authentication key for a host |
| ipsec_pf_key | shows pfkey messages emitted by the kernel when using the KLIPS or MAST stack. |
| ipsec_pluto | ipsec whack : IPsec IKE keying daemon and control interface |
| ipsec__plutorun | internal script to (re)start pluto on old SYSV initscript systems |
| ipsec_readwriteconf | validate and output an Libreswan IPsec configuration file |
| ipsec_rsasigkey | generate RSA signature key |
| ipsec__secretcensor | internal routing to sanitize files |
| ipsec_setup | wrapper routine to the Libreswan init system |
| ipsec_show | see if a target IP address would get encrypted or not |
| ipsec_showhostkey | show host's authentication key |
| ipsec_spi | manage IPSEC Security Associations |
| ipsec_spigrp | group/ungroup IPSEC Security Associations |
| ipsec__stackmanager | internal script to bring up kernel components for Libreswan |
| ipsec_tncfg | manipulate KLIPS virtual interfaces |
| ipsec__unbound-hook | Opportunistic IPsec DNS unbound hook script |
| ipsec__updown | kernel and routing manipulation script |
| ipsec__updown.klips | klips manipulation script |
| ipsec__updown.netkey | klips manipulation script |
| ipsec_verify | see if the IPsec subsystem has been installed correctly |