10 More Discussions You Might Find Interesting
1. AIX
Hello All,
Need to transfer 2 Terabyte of data from Solaris 10 to Aix 7.1 (One time complete transfer and then incremental during upgrade ). Please suggest best approach (4 Replies)
Discussion started by: kumgy01
4 Replies
2. Cybersecurity
hello,
after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration!
I also generate different key for AH and ESP as i have shown below.
what is my problem and what should i do to have ping and test the configuration?
code:
... (0 Replies)
Discussion started by: elinaz
0 Replies
3. UNIX for Advanced & Expert Users
How can i implement Ipsec between two machines in linux_ ubuntu?
any link?? suggestion?? (0 Replies)
Discussion started by: elinaz
0 Replies
4. BSD
Hi, this is my first post...:p
Hello Admin :)
Can I have an ask for something with my configuration ?
I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely.
I have a simulation with a local design topology with two PC's (FreeBSD ... (0 Replies)
Discussion started by: aulia
0 Replies
5. UNIX for Dummies Questions & Answers
Hi,
I'm puzzled at how this could be.
I'm trying to transfer some files from an Sun box to an AIX box via FTP. The file transfer goes fine until it reaches a file of about 150k then times out and fails.
The FTP Does not seem to be able to transfer files of more than 150k! However, I can... (5 Replies)
Discussion started by: bbbngowc
5 Replies
6. AIX
I work for a fairly large organization who recently tasked me with securing our telnet services with IPsec. We have a large mixed environment where most of our servers are running unsecured telnet. ssh was my first suggestion but because of the cost of purchasing an enterprise license for a fips... (2 Replies)
Discussion started by: dgaixsysadm
2 Replies
7. AIX
Hi all,
We (AIX) currently mount to a ZFS on the Mainframe. When one of our local users wants to transfer a file to the Mainframe, they must first run binary MVSLOGIN passing user name and password. Our mainframe will be retired soon and business processes will be transferring to an... (2 Replies)
Discussion started by: cruiser
2 Replies
8. AIX
How to transfer a directory from my windows machine to my AIX server??
Plz give me a detailed step wise solution...
Thanks in Advance.... (0 Replies)
Discussion started by: abhishek27
0 Replies
9. AIX
If I use SSh Secure File Transfer tool on Windows, I want to transfer file from windows to AIX without password, how to do it? (6 Replies)
Discussion started by: rainbow_bean
6 Replies
10. UNIX for Advanced & Expert Users
Hai all,
I have a Question based on Websphere MQ and AIX.
How can i get the output of following command in a file ? :confused:
echo "DISPLAY QMSTATUS ALL " | runmqsc QM1
runmqsc is a MQ command, through which we can get into the QM (QueueManager) and see its properties and properties of... (1 Reply)
Discussion started by: varungupta
1 Replies
IPSEC(8) strongSwan IPSEC(8)
NAME
ipsec - invoke IPsec utilities
SYNOPSIS
ipsec command [arguments] [options]
DESCRIPTION
The ipsec utility invokes any of several utilities involved in controlling and monitoring the IPsec encryption/authentication system, run-
ning the specified command with the specified arguments and options as if it had been invoked directly. This largely eliminates possible
name collisions with other software, and also permits some centralized services.
All the commands described in this manual page are built-in and are used to control and monitor IPsec connections as well as the IKE dae-
mon.
For other commands ipsec supplies the invoked command with a suitable PATH environment variable, and also provides the environment vari-
ables listed under ENVIRONMENT.
CONTROL COMMANDS
start [starter options]
calls starter which in turn parses ipsec.conf and starts the IKE daemon charon.
update sends a HUP signal to starter which in turn determines any changes in ipsec.conf and updates the configuration on the running IKE
daemon charon.
reload sends a USR1 signal to starter which in turn reloads the whole configuration of the running IKE daemon charon based on the actual
ipsec.conf.
restart
is equivalent to stop followed by start after a guard of 2 seconds.
stop terminates all IPsec connections and stops the IKE daemon charon by sending a TERM signal to starter.
up name
tells the IKE daemon to start up connection name.
down name
tells the IKE daemon to terminate connection name.
down name{n}
terminates IKEv1 Quick Mode and IKEv2 CHILD SA instance n of connection name.
down name{*}
terminates all IKEv1 Quick Mode and IKEv2 CHILD SA instances of connection name.
down name[n]
terminates IKE SA instance n of connection name.
down name[*]
terminates all IKE SA instances of connection name.
route name
tells the IKE daemon to insert an IPsec policy in the kernel for connection name. The first payload packet matching the IPsec policy
will automatically trigger an IKE connection setup.
unroute name
remove the IPsec policy in the kernel for connection name.
status [name]
returns concise status information either on connection name or if the argument is lacking, on all connections.
statusall [name]
returns detailed status information either on connection name or if the argument is lacking, on all connections.
LIST COMMANDS
listalgs
returns a list supported cryptographic algorithms usable for IKE, and their corresponding plugin.
listpubkeys [--utc]
returns a list of RSA public keys that were either loaded in raw key format or extracted from X.509 and|or OpenPGP certificates.
listcerts [--utc]
returns a list of X.509 and|or OpenPGP certificates that were either loaded locally by the IKE daemon or received via the IKE proto-
col.
listcacerts [--utc]
returns a list of X.509 Certification Authority (CA) certificates that were loaded locally by the IKE daemon from the
/etc/ipsec.d/cacerts/ directory or received via the IKE protocol.
listaacerts [--utc]
returns a list of X.509 Authorization Authority (AA) certificates that were loaded locally by the IKE daemon from the
/etc/ipsec.d/aacerts/ directory.
listocspcerts [--utc]
returns a list of X.509 OCSP Signer certificates that were either loaded locally by the IKE daemon from the /etc/ipsec.d/ocspcerts/
directory or were sent by an OCSP server.
listacerts [--utc]
returns a list of X.509 Attribute certificates that were loaded locally by the IKE daemon from the /etc/ipsec.d/acerts/ directory.
listgroups [--utc]
returns a list of groups that are used to define user authorization profiles.
listcainfos [--utc]
returns certification authority information (CRL distribution points, OCSP URIs, LDAP servers) that were defined by ca sections in
ipsec.conf.
listcrls [--utc]
returns a list of Certificate Revocation Lists (CRLs) that were either loaded by the IKE daemon from the /etc/ipsec.d/crls directory
or fetched from an HTTP- or LDAP-based CRL distribution point.
listocsp [--utc]
returns revocation information fetched from OCSP servers.
listplugins
returns a list of all loaded plugin features.
listcounters [name]
returns a list of global or connection specific IKE counter values collected since daemon startup.
listall [--utc]
returns all information generated by the list commands above. Each list command can be called with the --utc option which displays
all dates in UTC instead of local time.
REREAD COMMANDS
rereadsecrets
flushes and rereads all secrets defined in ipsec.secrets.
rereadcacerts
reads all certificate files contained in the /etc/ipsec.d/cacerts directory and adds them to the list of Certification Authority
(CA) certificates.
rereadaacerts
reads all certificate files contained in the /etc/ipsec.d/aacerts directory and adds them to the list of Authorization Authority
(AA) certificates.
rereadocspcerts
reads all certificate files contained in the /etc/ipsec.d/ocspcerts/ directory and adds them to the list of OCSP signer certifi-
cates.
rereadacerts
reads all certificate files contained in the /etc/ipsec.d/acerts/ directory and adds them to the list of attribute certificates.
rereadcrls
reads all Certificate Revocation Lists (CRLs) contained in the /etc/ipsec.d/crls/ directory and adds them to the list of CRLs.
rereadall
executes all reread commands listed above.
RESET COMMANDS
resetcounters [name]
resets global or connection specific counters.
PURGE COMMANDS
purgecerts
purges all cached certificates.
purgecrl
purges all cached CRLs.
purgeike
purges IKE SAs that don't have a Quick Mode or CHILD SA.
purgeocsp
purges all cached OCSP information records.
INFO COMMANDS
--help returns the usage information for the ipsec command.
--version
returns the version in the form of Linux strongSwan U<strongSwan userland version>/K<Linux kernel version> if strongSwan uses the
native NETKEY IPsec stack of the Linux kernel it is running on.
--versioncode
returns the version number in the form of U<strongSwan userland version>/K<Linux kernel version> if strongSwan uses the native
NETKEY IPsec stack of the Linux kernel it is running on.
--copyright
returns the copyright information.
--directory
returns the LIBEXECDIR directory as defined by the configure options.
--confdir
returns the SYSCONFDIR directory as defined by the configure options.
--piddir
returns the PIDDIR directory as defined by the configure options.
FILES
/usr/libexec/ipsec utilities directory
ENVIRONMENT
When calling other commands the ipsec command supplies the following environment variables.
IPSEC_DIR directory containing ipsec programs and utilities
IPSEC_BINDIR directory containing pki command
IPSEC_SBINDIR directory containing ipsec command
IPSEC_CONFDIR directory containing configuration files
IPSEC_PIDDIR directory containing PID/socket files
IPSEC_SCRIPT name of the ipsec script
IPSEC_NAME name of ipsec distribution
IPSEC_VERSION version numer of ipsec userland and kernel
IPSEC_STARTER_PID PID file for ipsec starter
IPSEC_CHARON_PID PID file for IKE keying daemon
SEE ALSO
ipsec.conf(5), ipsec.secrets(5)
HISTORY
Originally written for the FreeS/WAN project by Henry Spencer. Updated and extended for the strongSwan project <http://www.strongswan.org>
by Tobias Brunner and Andreas Steffen.
5.1.1 2013-10-29 IPSEC(8)