ipsec invokes any of several utilities involved in controlling the IPsec encryption/authentication system, running the specified command with the specified arguments as if it had been invoked directly. This largely eliminates possible name collisions with other software, and also permits some centralized services.
ipsec help
lists the available commands.
Most have their own manual pages.
ipsec version
outputs the software version.
ipsec directory
reports where
ipsec thinks the IPsec commands are stored.
To get a list of supported commands, use ipsec --help. A few of the commonly used commands are described below
ipsec start|stop|restart
maps to the
host init system. Supported init systems are sysv, systemd, upstart and openrc.
ipsec barf
dumps the internal system status
to stdout for debugging
ipsec {add|up|start|route|ondemand|down|delete}
are used
to manually add, remove, up or down connections.
ipsec whack
is used to communicate direct commands
to the pluto daemon using the whack interface. For more information see
'man ipsec_pluto'
ipsec initnss
initialises the NSS database that contains all the X.509 certificate information and private RSA keys
ipsec checknss [--settrusts]
is used to check the NSS database and initialize it when it is not present and optionally set trust bits for CA certificates.
ipsec import
is used to import PKCS#12 X.509 files into the NSS database
ipsec checknflog
is used to initialise iptables rules for the nflog devices when specified via the nflog= or nflog-all= configuration options.
ipsec stopnflog
is used to delete iptables rules for the nflog devices.
ipsec trafficstatus [connectionname]
is used to get tunnel traffic status.
The ipsec command passes the return code of the sub-command
back to the caller. The only exception is when
ipsec pluto
is used without --nofork,
as it will fork into the background and the ipsec command returns
success while the pluto daemon may in fact exit with an error code
after the fork.
ipsec.conf(5), ipsec_add(8), ipsec_algparse(8), ipsec_barf(8), ipsec_briefstatus(8), ipsec_certutil(8), ipsec_checknflog(8), ipsec_checknss(8), ipsec_connectionstatus(8), ipsec_crlutil(8), ipsec_delete(8), ipsec_down(8), ipsec_ecdsasigkey(8), ipsec_fetchcrls(8), ipsec_fipsstatus(8), ipsec_globalstatus(8), ipsec_import(8), ipsec_initnss(8), ipsec_letsencrypt(8), ipsec_listall(8), ipsec_listcacerts(8), ipsec_listcerts(8), ipsec_listcrls(8), ipsec_listen(8), ipsec_listpubkeys(8), ipsec_look(8), ipsec_modutil(8), ipsec_newhostkey(8), ipsec_ondemand(8), ipsec_pk12util(8), ipsec_pluto(8), ipsec_purgeocsp(8), ipsec_redirect(8), ipsec_replace(8), ipsec_rereadall(8), ipsec_rereadcerts(8), ipsec_rereadsecrets(8), ipsec_restart(8), ipsec_route(8), ipsec_rsasigkey(8), ipsec_setup(8), ipsec_showhostkey(8) ipsec_showroute(8), ipsec_showstates(8), ipsec_shuntstatus(8), ipsec_start(8), ipsec_status(8), ipsec_stop(8), ipsec_trafficstatus(8), ipsec_unroute(8), ipsec_up(8), ipsec_verify(8), ipsec_vfychain(8), ipsec_whack(8)