Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ipsec_tncfg(8) [debian man page]

IPSEC_TNCFG(8)							  [FIXME: manual]						    IPSEC_TNCFG(8)

NAME
ipsec_tncfg - manipulate KLIPS virtual interfaces SYNOPSIS
ipsec tncfg ipsec tncfg --create virtual ipsec tncfg --delete virtual ipsec tncfg --attach --virtual virtual --physical physical ipsec tncfg --detach --virtual virtual ipsec tncfg --clear ipsec tncfg --version ipsec tncfg --help OBSOLETE
Note that tncfg is only supported on the classic KLIPS stack. It is not supported on any other stack and will be completely removed in future versions. A replacement command still needs to be designed DESCRIPTION
The historical use of tncfg is to attach/detach IPsec virtual interfaces (e.g. ipsec0) to/from physical interfaces (e.g. eth0) through which packets will be forwarded once processed by KLIPS. The modern use of tncfg is to create and delete virtual interfaces known as mastXXX. mast stands for Mooring and XXX. The form with no additional arguments lists the contents of /proc/net/ipsec_tncfg. The format of /proc/net/ipsec_tncfg is discussed in ipsec_tncfg(5). The --attach form attaches the virtual interface to the physical one. The --detach form detaches the virtual interface from whichever physical interface it is attached to. The --clear form clears all the virtual interfaces from whichever physical interfaces they were attached to. Virtual interfaces typically have names like ipsec0 or mast0 while physical interfaces typically have names like eth0 or ppp0. EXAMPLES
ipsec tncfg --create mast12 creates the mast12 device. ipsec tncfg --create ipsec4 creates an ipsec4 device, but does not attach it. ipsec tncfg --attach --virtual ipsec0 --physical eth0 attaches the ipsec0 virtual device to the eth0 physical device. FILES
/proc/net/ipsec_tncfg, /usr/local/bin/ipsec SEE ALSO
ipsec(8), ipsec_manual(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(8), ipsec_tncfg(5) HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs. [FIXME: source] 10/06/2010 IPSEC_TNCFG(8)

Check Out this Related Man Page

IPSEC_TNCFG(5)							  [FIXME: manual]						    IPSEC_TNCFG(5)

NAME
ipsec_tncfg - lists IPSEC virtual interfaces attached to real interfaces SYNOPSIS
ipsec tncfg cat/proc/net/ipsec_tncfg OBSOLETE
Note that tncfg is only supported on the classic KLIPS stack. It is not supported on any other stack and will be completely removed in future versions. A replacement command still needs to be designed DESCRIPTION
/proc/net/ipsec_tncfg is a read-only file which lists which IPSEC virtual interfaces are attached to which real interfaces, through which packets will be forwarded once processed by IPSEC. Each line lists one ipsec I/F. A table entry consists of: + an ipsec virtual I/F name + a visual and machine parsable separator '->', separating the virtual I/F and the physical I/F, + a physical I/F name, to which the ipsec virtual I/F is attached or NULL if it is not attached, + the keyword mtu=, + the MTU of the ipsec virtual I/F, + the automatically adjusted effective MTU for PMTU discovery, in brackets, + a visual and machine parsable separator '->', separating the virtual I/F MTU and the physical I/F MTU, + the MTU of the attached physical I/F. EXAMPLES
ipsec2 -> eth3 mtu=16260(1443) -> 1500 shows that virtual device ipsec2 with an MTU of 16260 is connected to physical device eth3 with an MTU of 1500 and that the effective MTU as a result of PMTU discovery has been automatically set to 1443. ipsec0 -> wvlan0 mtu=1400(16260) -> 1500 shows that virtual device ipsec0 with an MTU of 1400 is connected to physical device wvlan0 with an MTU of 1500 and no PMTU packets have gotten far enough to bump down the effective MTU from its default of 16260. ipsec3 -> NULL mtu=0(0) -> 0 shows that virtual device ipsec3 is not connected to any physical device. FILES
/proc/net/ipsec_tncfg, /usr/local/bin/ipsec SEE ALSO
ipsec(8), ipsec_manual(8), ipsec_eroute(5), ipsec_spi(5), ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_tncfg(8), ipsec_version(5), ipsec_pf_key(5) HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs. [FIXME: source] 10/06/2010 IPSEC_TNCFG(5)
Man Page