Your company here — click to reach over 10,000 unique daily visitors

Package libreswan

Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec


Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up

Libreswan also supports IKEv2 (RFC7296) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

Version: 4.15

File Formats

ipsec.conf IPsec configuration and connections
ipsec.secrets secrets for IKE/IPsec authentication

System Administration

ipsec invoke IPsec utilities
ipsec__import_crl helper program for importing a crl to the NSS database
ipsec__plutorun internal script to (re)start pluto on old SYSV initscript systems
ipsec__secretcensor internal routing to sanitize files
ipsec__stackmanager internal script to bring up kernel components for Libreswan
ipsec__unbound-hook Opportunistic IPsec DNS unbound hook script
ipsec__updown kernel and routing manipulation script
ipsec__updown.xfrm klips manipulation script
ipsec_addconn load a given policy into the pluto IKE daemon
ipsec_auto control automatically-keyed IPsec connections
ipsec_barf spew out collected IPsec debugging information
ipsec_checknss Initialise the IPsec NSS database
ipsec_ecdsasigkey generate ECDSA signature key
ipsec_import Import PKCS#12 (*.p12) files into the IPsec NSS database
ipsec_initnss Initialise the IPsec NSS database
ipsec_letsencrypt invoke Opportunistic Encryption utilities
ipsec_look get a quick summary of Libreswan status
ipsec_newhostkey generate a new raw RSA authentication key for a host
ipsec_pluto ipsec whack : IPsec IKE keying daemon and control interface
ipsec_readwriteconf validate and output an Libreswan IPsec configuration file
ipsec_rsasigkey generate RSA signature key
ipsec_setup wrapper routine to the Libreswan init system
ipsec_show see if a target IP address would get encrypted or not
ipsec_showhostkey show host's authentication key
ipsec_showroute show route to given address
ipsec_vendorid list Vendor IDs known to libreswan
ipsec_verify see if the IPsec subsystem has been installed correctly
ipsec_whack alias for ipsec_pluto
pluto alias for ipsec_pluto