strongSwan

= ipsec =

'''ipsec''' is actually an umbrella command comprising a collection of individual sub commands of the form 

  '''ipsec ''<command>'' [ ''<argument>'' ]  [ ''<options>'' ]'''

that can be used to control and monitor IPsec connections as well as the IKE daemons.

== Control Commands ==

'''ipsec start [ ''<starter options>'' ]'''

   calls [wiki:IpsecStarter ipsec starter] which in turn parses [wiki:IpsecConf ipsec.conf] and starts

   the IKEv1 pluto and IKEv2 charon daemons.

'''ipsec stop'''

   terminates all IPsec connection and stops the IKEv1 pluto and IKEv2 charon daemons by sending

   a ''TERM'' signal to [wiki:IpsecStarter ipsec starter].

'''ipsec restart [ ''<starter options>'' ]'''

   is equivalent to '''ipsec stop''' followed by '''ipsec start [ ''<starter options>'' ]''' after a

   guard period of 2 seconds.

'''ipsec update'''

   sends a ''HUP'' signal to [wiki:IpsecStarter ipsec starter] which in turn determines any changes

   in [wiki:IpsecConf ipsec.conf] and updates the configuration on the running IKEv1 pluto and IKEv2 

   charon daemons, correspondingly.

'''ipsec reload'''

   sends a ''USR1'' signal to [wiki:IpsecStarter ipsec starter] which in turn reloads the

   whole configuration on the running IKEv1 pluto and IKEv2 charon daemons based on the actual

   [wiki:IpsecConf ipsec.conf].

'''ipsec up  ''<name>'' '''

   tells the responsible IKE daemon to start up connection ''<name>''. Implemented by calling the 

   [wiki:IpsecWhack ipsec whack] --name ''<name>'' --initiate and/or [wiki:IpsecStroke ipsec stroke]

   up ''<name>'' commands.

'''ipsec down  ''<name>'' '''

   tells the responsible IKE daemon to terminate connection ''<name>''. Implemented by calling the 

   [wiki:IpsecWhack ipsec whack] --name ''<name>'' --terminate and/or [wiki:IpsecStroke ipsec stroke]

   down ''<name>'' commands.

'''ipsec route  ''<name>'' '''

   tells the responsible IKE daemon to insert an IPsec policy in the kernel for connection ''<name>''.

   The first payload packet matching the IPsec policy will automatically trigger an IKE connection setup.

   Implemented by calling the [wiki:IpsecWhack ipsec whack] --name ''<name>'' --route and/or

   [wiki:IpsecStroke ipsec stroke] route ''<name>'' commands.

'''ipsec unroute  ''<name>'' '''

   remove the IPsec policy in the kernel for connection ''<name>''. Implemented by calling the 

   [wiki:IpsecWhack ipsec whack] --name ''<name>'' --unroute and/or [wiki:IpsecStroke ipsec stroke]

   unroute ''<name>'' commands.

'''ipsec status [ ''<name>'' ] '''

   returns concise status information either on connection ''<name>'' or if the argument is lacking,

   on all connections. Implemented by calling the [wiki:IpsecWhack ipsec whack] [ --name ''<name>'' ]

   --status and/or [wiki:IpsecStroke ipsec stroke] status [ ''<name>'' ] commands.

'''ipsec statusall [ ''<name>'' ] '''

   returns detailed status information either on connection ''<name>'' or if the argument is lacking,

   on all connections. Implemented by calling the [wiki:IpsecWhack ipsec whack] [ --name ''<name>'' ]

   statusall and/or [wiki:IpsecStroke ipsec stroke] statusall [ ''<name>'' ] commands.

== Info Commands ==

'''ipsec version'''

   returns the strongSwan version in the form of ''Linux strongSwan U4.1.7/K2.6.20-16-generic''.

'''ipsec copyright'''

   returns the copyright information.

'''ipsec --confdir'''

'''ipsec --directory'''

'''ipsec --help'''

   returns the usage information for the ipsec command.

'''ipsec --versioncode'''

   returns the strongSwan version code in the form of ''U4.1.7/K2.6.20-16-generic''.

== List Commands ==

'''ipsec listaacerts [ --utc ]'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec listacerts [ --utc ]'''

  Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec listalgs'''

   lists all registered IKE and ESP encryption and authentication algorithms as well as the supported

   Diffie-Hellman groups. Supported by the IKEv1 pluto daemon only. Implemented by calling the

   [wiki:IpsecWhack ipsec whack] command.

'''ipsec listcacerts [ --utc ]'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec listcainfos [ --utc ]'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec listcards [ --utc ]'''

   lists all certificates found on attached smart cards. Supported by the IKEv1 pluto daemon only.

   Implemented by calling the [wiki:IpsecWhack ipsec whack] command.

'''ipsec listcrls [ --utc ]'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec listcerts [ --utc ]'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec listgroups [ --utc ]'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec listocsp [ --utc ]'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec listocspcerts [ --utc ]'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec listpubkeys [ --utc ]'''

   lists the cached RSA public keys. Supported by the IKEv1 pluto daemon only. Implemented by calling the

   [wiki:IpsecWhack ipsec whack] command.

'''ipsec listall [ --utc ]'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

== Reread Commands ==

'''ipsec rereadaacerts'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec rereadacerts'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec rereadcacerts'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec rereadcrls'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec rereadocspcerts'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec rereadsecrets'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

'''ipsec secrets'''

   is equivalent to '''ipsec rereadsecrets'''.

'''ipsec rereadall'''

  Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

== Purge Commands ==

'''ipsec purgeocsp'''

   Implemented by calling the [wiki:IpsecWhack ipsec whack] and [wiki:IpsecStroke ipsec stroke] commands.

== PKCS11 Proxy Commands ==

'''ipsec scencrypt'''

   Supported by the IKEv1 pluto daemon only. Implemented by calling the [wiki:IpsecWhack ipsec whack]

   command.

'''ipsec scdecrypt'''

   Supported by the IKEv1 pluto daemon only. Implemented by calling the [wiki:IpsecWhack ipsec whack]

   command.