Package libreswan

IPsec implementation with IKEv1 and IKEv2 keying protocols

https://libreswan.org/

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Libreswan. To build KLIPS, see the kmod-libreswan.spec file.

Libreswan also supports IKEv2 (RFC4309) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

File Formats
File Description
ipsec.conf IPsec configuration and connections
ipsec_eroute list of existing eroutes
ipsec_klipsdebug list KLIPS (kernel IPSEC support) debug features and level
ipsec_pf_key lists PF_KEY sockets registered with KLIPS
ipsec.secrets secrets for IKE/IPsec authentication
ipsec_spi list IPSEC Security Associations
ipsec_spigrp list IPSEC Security Association groupings
ipsec_tncfg lists IPSEC virtual interfaces attached to real interfaces
ipsec_trap_count KLIPS statistic on number of ACQUIREs
ipsec_trap_sendcount KLIPS statistic on number of successful ACQUIREs
ipsec_version lists KLIPS version information
System Administration
Command Description
ipsec invoke IPsec utilities
ipsec_addconn load a given policy into the pluto IKE daemon
ipsec_auto control automatically-keyed IPsec connections
ipsec_barf spew out collected IPsec debugging information
ipsec_eroute manipulate IPSEC extended routing tables
ipsec_import Import PKCS#12 (*.p12) files into the IPsec NSS database
ipsec__import_crl helper program for importing a crl to the NSS database
ipsec_initnss Initialise the IPsec NSS database
ipsec__keycensor internal routine to remove sensitive information
ipsec_klipsdebug set KLIPS and MAST debug features and level. Other stacks are not supported.
ipsec_look get a quick summary of Libreswan status
ipsec_newhostkey generate a new raw RSA authentication key for a host
ipsec_pf_key shows pfkey messages emitted by the kernel when using the KLIPS or MAST stack.
ipsec_pluto ipsec whack : IPsec IKE keying daemon and control interface
ipsec__plutorun internal script to (re)start pluto on old SYSV initscript systems
ipsec_readwriteconf validate and output an Libreswan IPsec configuration file
ipsec_rsasigkey generate RSA signature key
ipsec__secretcensor internal routing to sanitize files
ipsec_setup wrapper routine to the Libreswan init system
ipsec_showhostkey show host's authentication key
ipsec_spi manage IPSEC Security Associations
ipsec_spigrp group/ungroup IPSEC Security Associations
ipsec__stackmanager internal script to bring up kernel components for Libreswan
ipsec_tncfg manipulate KLIPS virtual interfaces
ipsec__updown kernel and routing manipulation script
ipsec__updown.klips klips manipulation script
ipsec__updown.netkey klips manipulation script
ipsec_verify see if the IPsec subsystem has been installed correctly