Package strongswan

An OpenSource IPsec-based VPN and TNC solution

http://www.strongswan.org/

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.

General Commands (Section 1)
strongswan_pki
pki is a suite of commands that allow you to manage a simple public key infrastructure (PKI). Generate RSA and ECDSA key pairs, create PKCS#10 certificate...
strongswan_pki---acert
This sub-command of pki(1) is used to issue an attribute certificate using an issuer certificate with its private key and the holder certificate.
strongswan_pki---dn
This sub-command of pki(1) extracts the ASN.1-encoded subject DistinguishedName (DN) of an X.509 certificate and exports it in different formats. This may be...
strongswan_pki---gen
This sub-command of pki(1) is used to generate a new RSA or ECDSA private key.
strongswan_pki---issue
This sub-command of pki(1) is used to issue a certificate using a CA certificate and private key.
strongswan_pki---keyid
This sub-command of pki(1) calculates key identifiers of private keys and certificates.
strongswan_pki---pkcs7
This sub-command of pki(1) provides functions to wrap/unwrap PKCS#7 containers.
strongswan_pki---print
This sub-command of pki(1) prints credentials (keys, certificates etc.) in human readable form.
strongswan_pki---pub
This sub-command of pki(1) extracts public keys from a private keys and certificates.
strongswan_pki---req
This sub-command of pki(1) is used to create a PKCS#10 certificate request.
strongswan_pki---self
This sub-command of pki(1) is used to create a self-signed certificate.
strongswan_pki---signcrl
This sub-command of pki(1) is used to issue a Certificate Revocation List (CRL) using a CA certificate and private key.
strongswan_pki---verify
This sub-command of pki(1) verifies a certificate using an optional CA certificate.
File Formats (Section 5)
strongswan.conf
While the ipsec.conf(5) configuration file is well suited to define IPsec related configuration parameters, it is not useful for other strongSwan applications...
strongswan_ipsec.conf
The optional ipsec.conf file specifies most configuration and control information for the strongSwan IPsec subsystem. The major exception is secrets for...
strongswan_ipsec.secrets
The file ipsec.secrets holds a table of secrets. These secrets are used by the strongSwan Internet Key Exchange (IKE) daemons pluto (IKEv1) and charon (IKEv2)...
strongswan_swanctl.conf
swanctl.conf is the configuration file used by the swanctl(8) tool to load configurations and credentials into the strongSwan IKE daemon. For a description of...
System Administration (Section 8)
strongswan
The ipsec utility invokes any of several utilities involved in controlling and monitoring the IPsec encryption/authentication system, running the specified...
strongswan_charon-cmd
charon-cmd is a program for setting up IPsec VPN connections using the Internet Key Exchange protocol (IKE) in version 1 and 2. It supports a number of...
strongswan_scepclient
scepclient is a client implementation of Cisco System's Simple Certificate Enrollment Protocol (SCEP) written for Linux strongSwan <http://www.strongswan.org>...
strongswan_swanctl
swanctl is a cross-platform command line utility to configure, control and monitor the strongSwan IKE daemon. It is a replacement for the aging starter, ipsec...