Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ipsec_ikeping(8) [debian man page]

IPSEC_IKEPING(8)						  [FIXME: manual]						  IPSEC_IKEPING(8)

NAME

       ipsec_ikeping - send/receive ISAKMP/IKE echo requests/replies

SYNOPSIS

       ipsec ikeping [--listen] [--verbose] [--wait time] [--exchangenum num] [--ikeport localport] [--ikeaddress address] [--inet] [--inet6]
	     destaddr [/dstport...]

DESCRIPTION

       Ikeping sends and receives ISAKMP/IKE echo request and echo reply packets. These packets are intended for diagnostics purposes, in a manner
       similar to ping(8) does for ICMP echo request/reply packets.

       At the time of this writing, the ISAKMP echo request/reply exchange is still an internet-draft (draft-richardson-ipsec-ikeping-00), and is
       therefore completely non-standard. The Openswan IKE daemon pluto does implement this draft, so ikeping can be used to test connectivity to
       an openswan ipsec server.

       Ikeping will bind to the local address given by --ikeaddress and the port number given by --ikeport defaulting to the wildcard address and
       the ISAKMP port 500. An ISAKMP exchange of type 244 (a private use number) is sent to each of the address/ports listed on the command line.
       The exchange number may be overridden by the --exchangenum option.

       Ikeping then listens for replies, printing them as they are received. Replies are of exchange type 245 or the specified exchange number
       plus 1.	Ikeping will keep listening until it either receives as many echo responses as it sent, or until the timeout period (5 seconds)
       has been reached. Receipt of a packet will reset the timer. The --wait option can be used to specify a different timeout period.

       If the --listen option is given, then ikeping will not send any packets. Instead, it will listen for them and reply to each request
       received.

       If the --natt option is given, then ikeping will set the socket to permit UDP encapsulated ESP packets. This is only useful in listen mode.

FILES

       no external files

SEE ALSO

       ping(8), ipsec_pluto(8)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Michael Richardson.

[FIXME: source] 						    10/06/2010							  IPSEC_IKEPING(8)

Check Out this Related Man Page

RACOON(8)						    BSD System Manager's Manual 						 RACOON(8)

NAME

     racoon -- IKE (ISAKMP/Oakley) key management daemon

SYNOPSIS

     racoon [-46BdFLVv] [-f configfile] [-l logfile] [-P isakmp-natt-port] [-p isakmp-port]

DESCRIPTION

     racoon speaks the IKE (ISAKMP/Oakley) key management protocol, to establish security associations with other hosts.  The SPD (Security Policy
     Database) in the kernel usually triggers racoon.  racoon usually sends all informational messages, warnings and error messages to syslogd(8)
     with the facility LOG_DAEMON and the priority LOG_INFO.  Debugging messages are sent with the priority LOG_DEBUG.	You should configure
     syslog.conf(5) appropriately to see these messages.

     -4

     -6      Specify the default address family for the sockets.

     -B      Install SA(s) from the file which is specified in racoon.conf(5).

     -d      Increase the debug level.	Multiple -d arguments will increase the debug level even more.

     -F      Run racoon in the foreground.

     -f configfile
	     Use configfile as the configuration file instead of the default.

     -L      Include file_name:line_number:function_name in all messages.

     -l logfile
	     Use logfile as the logging file instead of syslogd(8).

     -P isakmp-natt-port
	     Use isakmp-natt-port for NAT-Traversal port-floating.  The default is 4500.

     -p isakmp-port
	     Listen to the ISAKMP key exchange on port isakmp-port instead of the default port number, 500.

     -V      Print racoon version and compilation options and exit.

     -v      This flag causes the packet dump be more verbose, with higher debugging level.

     racoon assumes the presence of the kernel random number device rnd(4) at /dev/urandom.

RETURN VALUES

     The command exits with 0 on success, and non-zero on errors.

FILES

     /etc/racoon.conf  default configuration file.

SEE ALSO

     ipsec(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8)

HISTORY

     The racoon command first appeared in the ``YIPS'' Yokogawa IPsec implementation.

SECURITY CONSIDERATIONS

     The use of IKE phase 1 aggressive mode is not recommended, as described in http://www.kb.cert.org/vuls/id/886601.

BSD
								 January 23, 2009							       BSD
Man Page