Package libreswan
Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.
This package contains the daemons and userland tools for setting up
Libreswan.
Libreswan also supports IKEv2 (RFC7296) and Secure Labeling
Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
Version: 5.2
File Formats | |
| ipsec.conf | IPsec configuration and connections |
| ipsec.secrets | secrets for IKE/IPsec authentication |
Miscellanea | |
| libreswan | Internet Key Exchange (IKE) Manager for IPsec |
System Administration | |
| ipsec | invoke IPsec utilities |
| ipsec-_plutorun | internal script to (re)start pluto on old SYSV initscript systems |
| ipsec-_stackmanager | internal script to bring up kernel components for Libreswan |
| ipsec-_updown | routing manipulation script |
| ipsec-_updown.xfrm | routing manipulation script |
| ipsec-add | Add a connection specification to pluto internal database from /etc/ipsec.conf |
| ipsec-addconn | load a given policy into the pluto IKE daemon |
| ipsec-algparse | utility for verifying IKE and IPsec cryptographic proposal syntax |
| ipsec-briefconnectionstatus | Get brief connection status from IPsec service |
| ipsec-briefstatus | Get brief status from IPsec service |
| ipsec-certutil | Helper to run NSS certutil on IPsec NSS database |
| ipsec-checkconfig | Validate ipsec configuration file, /etc/ipsec.conf |
| ipsec-checknflog | Initialise nftables or iptables rules for the nflog devices |
| ipsec-checknss | Check or initialize the IPsec NSS database |
| ipsec-connectionstatus | Get brief status from IPsec service |
| ipsec-crlutil | Helper to run NSS crlutil on IPsec NSS database |
| ipsec-delete | Delete a connection definition from IPsec service |
| ipsec-down | Down all tunnels sharing same IPsec connection. |
| ipsec-ecdsasigkey | generate ECDSA signature key |
| ipsec-fetchcrls | Signal IPsec daemon to fetch new certificate revocation lists. |
| ipsec-fipsstatus | Show IPsec daemon (pluto) FIPS status |
| ipsec-globalstatus | Get global status information from IPsec daemon (pluto) |
| ipsec-import | Import PKCS#12 (*.p12) files into the IPsec NSS database |
| ipsec-initnss | Initialise the IPsec NSS database |
| ipsec-letsencrypt | invoke Opportunistic Encryption utilities |
| ipsec-listall | List all public key information from IPsec daemon (pluto) |
| ipsec-listcacerts | List x.509 Certificate Authority (CA) certificates |
| ipsec-listcerts | List X.509 certificates loaded from NSS database |
| ipsec-listcrls | List X.509 certificates revocation lists from NSS database |
| ipsec-listen | Force pluto to re-listen all interfaces |
| ipsec-listpubkeys | List all public keys from pluto internal database. |
| ipsec-modutil | Helper to run NSS modutil on IPsec NSS database |
| ipsec-newhostkey | generate a new raw RSA authentication key for a host |
| ipsec-ondemand | Add and route a connection |
| ipsec-pk12util | Helper to run NSS pk12util on IPsec NSS database |
| ipsec-pluto | Internet Key Exchange daemon |
| ipsec-purgeocsp | Purgeocsp purges the NSS OCSP cache. |
| ipsec-readwriteconf | validate and output an Libreswan IPsec configuration file |
| ipsec-redirect | Redirect a connection definition with one from /etc/ipsec.conf. |
| ipsec-replace | Replace a connection definition with one from /etc/ipsec.conf |
| ipsec-rereadall | Reread IPsec secrets and certificates. |
| ipsec-rereadcerts | Reread IPsec certificates from IPsec NSS database |
| ipsec-rereadsecrets | Reread IPsec secrets from /etc/ipsec.secrets. |
| ipsec-restart | Restart the ipsec service via initsystem |
| ipsec-route | Add and route a connection |
| ipsec-rsasigkey | generate RSA signature key |
| ipsec-setup | wrapper routine to the Libreswan init system |
| ipsec-showhostkey | show host's authentication key |
| ipsec-showroute | show route to given address |
| ipsec-showstates | Show current IKE SA and Child SA states |
| ipsec-shuntstatus | Show current IPsec negotiation shunts |
| ipsec-start | Add, route, and up a connection |
| ipsec-status | Show connection status |
| ipsec-stop | Stop the ipsec service via initsystem |
| ipsec-trafficstatus | Show current Child SA states with traffic counters |
| ipsec-unroute | unroute a connection |
| ipsec-up | Establish a connection |
| ipsec-vfychain | Helper to run NSS vfychain on IPsec NSS database |
| ipsec-whack | ipsec whack : IPsec IKE keying daemon low-level control interface |
| pluto | alias for ipsec-pluto |