IPsec implementation with IKEv1 and IKEv2 keying protocols
Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.
This package contains the daemons and userland tools for setting up
Libreswan. To build KLIPS, see the kmod-libreswan.spec file.
Libreswan also supports IKEv2 (RFC4309) and Secure Labeling
Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
| File | Description |
|---|---|
| ipsec.conf | IPsec configuration and connections |
| ipsec.secrets | secrets for IKE/IPsec authentication |
| ipsec_trap_count | KLIPS statistic on number of ACQUIREs |
| ipsec_trap_sendcount | KLIPS statistic on number of successful ACQUIREs |
| ipsec_version | lists KLIPS version information |
| Command | Description |
|---|---|
| ipsec | invoke IPsec utilities |
| ipsec__import_crl | helper program for importing a crl to the NSS database |
| ipsec__plutorun | internal script to (re)start pluto on old SYSV initscript systems |
| ipsec__secretcensor | internal routing to sanitize files |
| ipsec__stackmanager | internal script to bring up kernel components for Libreswan |
| ipsec__unbound-hook | Opportunistic IPsec DNS unbound hook script |
| ipsec__updown | kernel and routing manipulation script |
| ipsec__updown.netkey | klips manipulation script |
| ipsec_addconn | load a given policy into the pluto IKE daemon |
| ipsec_auto | control automatically-keyed IPsec connections |
| ipsec_barf | spew out collected IPsec debugging information |
| ipsec_checknss | Initialise the IPsec NSS database |
| ipsec_import | Import PKCS#12 (*.p12) files into the IPsec NSS database |
| ipsec_initnss | Initialise the IPsec NSS database |
| ipsec_look | get a quick summary of Libreswan status |
| ipsec_newhostkey | generate a new raw RSA authentication key for a host |
| ipsec_pluto | ipsec whack : IPsec IKE keying daemon and control interface |
| ipsec_readwriteconf | validate and output an Libreswan IPsec configuration file |
| ipsec_rsasigkey | generate RSA signature key |
| ipsec_setup | wrapper routine to the Libreswan init system |
| ipsec_show | see if a target IP address would get encrypted or not |
| ipsec_showhostkey | show host's authentication key |
| ipsec_verify | see if the IPsec subsystem has been installed correctly |
| ipsec_whack | alias for ipsec_pluto |
| pluto | alias for ipsec_pluto |