Package strongswan

An OpenSource IPsec-based VPN and TNC solution

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.

General Commands (Section 1)
pki is a suite of commands that allow you to manage a simple public key infrastructure (PKI). Generate RSA and ECDSA key pairs, create PKCS#10 certificate...
This sub-command of pki(1) is used to issue an attribute certificate using an issuer certificate with its private key and the holder certificate.
This sub-command of pki(1) extracts the ASN.1-encoded subject DistinguishedName (DN) of an X.509 certificate and exports it in different formats. This may be...
This sub-command of pki(1) is used to generate a new RSA or ECDSA private key.
This sub-command of pki(1) is used to issue a certificate using a CA certificate and private key.
This sub-command of pki(1) calculates key identifiers of private keys and certificates.
This sub-command of pki(1) provides functions to wrap/unwrap PKCS#7 containers.
This sub-command of pki(1) prints credentials (keys, certificates etc.) in human readable form.
This sub-command of pki(1) extracts public keys from a private keys and certificates.
This sub-command of pki(1) is used to create a PKCS#10 certificate request.
This sub-command of pki(1) is used to create a self-signed certificate.
This sub-command of pki(1) is used to issue a Certificate Revocation List (CRL) using a CA certificate and private key.
This sub-command of pki(1) verifies a certificate using an optional CA certificate.
File Formats (Section 5)
While the ipsec.conf(5) configuration file is well suited to define IPsec related configuration parameters, it is not useful for other strongSwan applications...
The optional ipsec.conf file specifies most configuration and control information for the strongSwan IPsec subsystem. The major exception is secrets for...
The file ipsec.secrets holds a table of secrets. These secrets are used by the strongSwan Internet Key Exchange (IKE) daemons pluto (IKEv1) and charon (IKEv2)...
swanctl.conf is the configuration file used by the swanctl(8) tool to load configurations and credentials into the strongSwan IKE daemon. For a description of...
System Administration (Section 8)
The ipsec utility invokes any of several utilities involved in controlling and monitoring the IPsec encryption/authentication system, running the specified...
charon-cmd is a program for setting up IPsec VPN connections using the Internet Key Exchange protocol (IKE) in version 1 and 2. It supports a number of...
scepclient is a client implementation of Cisco System's Simple Certificate Enrollment Protocol (SCEP) written for Linux strongSwan <>...
swanctl is a cross-platform command line utility to configure, control and monitor the strongSwan IKE daemon. It is a replacement for the aging starter, ipsec...