Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ipsec_tncfg(8) [debian man page]

IPSEC_TNCFG(8)							  [FIXME: manual]						    IPSEC_TNCFG(8)

NAME
ipsec_tncfg - manipulate KLIPS virtual interfaces SYNOPSIS
ipsec tncfg ipsec tncfg --create virtual ipsec tncfg --delete virtual ipsec tncfg --attach --virtual virtual --physical physical ipsec tncfg --detach --virtual virtual ipsec tncfg --clear ipsec tncfg --version ipsec tncfg --help OBSOLETE
Note that tncfg is only supported on the classic KLIPS stack. It is not supported on any other stack and will be completely removed in future versions. A replacement command still needs to be designed DESCRIPTION
The historical use of tncfg is to attach/detach IPsec virtual interfaces (e.g. ipsec0) to/from physical interfaces (e.g. eth0) through which packets will be forwarded once processed by KLIPS. The modern use of tncfg is to create and delete virtual interfaces known as mastXXX. mast stands for Mooring and XXX. The form with no additional arguments lists the contents of /proc/net/ipsec_tncfg. The format of /proc/net/ipsec_tncfg is discussed in ipsec_tncfg(5). The --attach form attaches the virtual interface to the physical one. The --detach form detaches the virtual interface from whichever physical interface it is attached to. The --clear form clears all the virtual interfaces from whichever physical interfaces they were attached to. Virtual interfaces typically have names like ipsec0 or mast0 while physical interfaces typically have names like eth0 or ppp0. EXAMPLES
ipsec tncfg --create mast12 creates the mast12 device. ipsec tncfg --create ipsec4 creates an ipsec4 device, but does not attach it. ipsec tncfg --attach --virtual ipsec0 --physical eth0 attaches the ipsec0 virtual device to the eth0 physical device. FILES
/proc/net/ipsec_tncfg, /usr/local/bin/ipsec SEE ALSO
ipsec(8), ipsec_manual(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(8), ipsec_tncfg(5) HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs. [FIXME: source] 10/06/2010 IPSEC_TNCFG(8)

Check Out this Related Man Page

IPSEC_KLIPSDEBUG(8)						  [FIXME: manual]					       IPSEC_KLIPSDEBUG(8)

NAME
ipsec_klipsdebug - set KLIPS and MAST debug features and level. Other stacks are not supported. SYNOPSIS
ipsec klipsdebug ipsec klipsdebug --set flagname ipsec klipsdebug --clear flagname ipsec klipsdebug --all ipsec klipsdebug --none ipsec klipsdebug --help ipsec klipsdebug --version DESCRIPTION
Klipsdebug sets and clears flags that control various parts of the debugging output of Klips (the kernel portion of FreeS/WAN IPSEC). The form with no additional arguments lists the present contents of /proc/net/ipsec_klipsdebug. The --set form turns the specified flag on, while the --clear form turns the specified flag off. The --all form turns all flags on except verbose, while the --none form turns all flags off. The current flag names are: tunnel tunnelling code tunnel-xmit tunnelling transmit only code pfkey userspace communication code xform transform selection and manipulation code eroute eroute table manipulation code spi SA table manipulation code radij radij tree manipulation code esp encryptions transforms code ah authentication transforms code rcv receive code ipcomp ip compression transforms code verbose give even more information, BEWARE: a)this will print authentication and encryption keys in the logs b)this will probably trample the 4k kernel printk buffer giving inaccurate output All Klips debug output appears as kernel.info messages to syslogd(8). Most systems are set up to log these messages to /var/log/messages. Beware that klipsdebug --all produces a lot of output and the log file will grow quickly. The file format for /proc/net/ipsec_klipsdebug is discussed in ipsec_klipsdebug(5). EXAMPLES
klipsdebug --all turns on all KLIPS debugging except verbose. klipsdebug --clear tunnel turns off only the tunnel debugging messages. FILES
/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec SEE ALSO
ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5) HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs. BUGS
It really ought to be possible to set or unset selective combinations of flags. [FIXME: source] 10/06/2010 IPSEC_KLIPSDEBUG(8)
Man Page

Featured Tech Videos