Package libreswan

IPsec implementation with IKEv1 and IKEv2 keying protocols

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Libreswan. To build KLIPS, see the kmod-libreswan.spec file.

Libreswan also supports IKEv2 (RFC4309) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

File Formats
File Description
ipsec.conf IPsec configuration and connections
ipsec.secrets secrets for IKE/IPsec authentication
ipsec_trap_count KLIPS statistic on number of ACQUIREs
ipsec_trap_sendcount KLIPS statistic on number of successful ACQUIREs
ipsec_version lists KLIPS version information
System Administration
Command Description
ipsec invoke IPsec utilities
ipsec__import_crl helper program for importing a crl to the NSS database
ipsec__plutorun internal script to (re)start pluto on old SYSV initscript systems
ipsec__secretcensor internal routing to sanitize files
ipsec__stackmanager internal script to bring up kernel components for Libreswan
ipsec__unbound-hook Opportunistic IPsec DNS unbound hook script
ipsec__updown kernel and routing manipulation script
ipsec__updown.netkey klips manipulation script
ipsec_addconn load a given policy into the pluto IKE daemon
ipsec_auto control automatically-keyed IPsec connections
ipsec_barf spew out collected IPsec debugging information
ipsec_checknss Initialise the IPsec NSS database
ipsec_import Import PKCS#12 (*.p12) files into the IPsec NSS database
ipsec_initnss Initialise the IPsec NSS database
ipsec_look get a quick summary of Libreswan status
ipsec_newhostkey generate a new raw RSA authentication key for a host
ipsec_pluto ipsec whack : IPsec IKE keying daemon and control interface
ipsec_readwriteconf validate and output an Libreswan IPsec configuration file
ipsec_rsasigkey generate RSA signature key
ipsec_setup wrapper routine to the Libreswan init system
ipsec_show see if a target IP address would get encrypted or not
ipsec_showhostkey show host's authentication key
ipsec_verify see if the IPsec subsystem has been installed correctly
ipsec_whack alias for ipsec_pluto
pluto alias for ipsec_pluto