This file is part of the documentation for the Linux FreeS/WAN project.|
See the documentation index or project home
page for more information.
FreeS/WAN manual pages
The various components of Linux FreeS/WAN are of course documented in standard
Unix manual pages, accessible via the man(1) command.
Links here take you to an HTML version of the man pages.
If you have the world Wide Web Consortium's Amaya
browser/editor, then you have another choice. Use Amaya to get all the manual
pages in a single HTML document.
These files are also discussed in the HTML setup and configuration
- IPSEC configuration and connections
- preshared secrets for IKE/IPsec authentication
Many users will never give most of the FreeS/WAN commands directly. Configure
the files listed above correctly and everything should be automatic.
One exception is:
- generate RSA keys for use in Pluto
- These keys are for authentication only. They are not
secure for encryption.
- RSA Data Security hold a US patent on
the RSA algorithm, valid until September 20, 2000. Using this
utility in the US before then may be illegal because it would
violate that patent.
- The utility uses random(4) as a source of random
numbers. This may block for some time if there is not enough activity on
the machine to provide the required entropy. You may want to give it some
bogus activity such as random mouse movements or some command such as du
/usr > dev/null &.
The following commands are fairly likely to be used, if only for testing and
The lower-level utilities listed below are normally invoked via scripts listed
above, but they can also be used directly when required.
- invoke IPSEC utilities
- control IPSEC subsystem
- control automatically-keyed IPSEC connections
- take manually-keyed IPSEC connections up and down
- generate random bits in ASCII form
- show minimal debugging information
- spew out collected IPSEC debugging information
- manipulate IPSEC extended routing tables
- set Klips (kernel IPSEC support) debug features and level
- IPsec IKE keying daemon
- manage IPSEC Security Associations
- group/ungroup IPSEC Security Associations
- associate IPSEC virtual interface with real interface
- control interface for IPSEC keying daemon
- convert Internet addresses to and from ASCII
- convert subnet/mask ASCII form to and from addresses
- convert ASCII to Internet address, subnet, or range
- convert Internet address range to ASCII
- convert binary data from and to ASCII formats
- convert IPSEC Security Association IDs to and from ASCII
- convert unsigned-long numbers to and from ASCII
- is this Internet subnet mask a valid one?
- convert Internet subnet mask to bit count
- convert bit count to Internet subnet mask
- read additional ``command-line'' options from file
- given Internet address and subnet mask, return subnet number
- given Internet address and subnet mask, return host part
- given Internet address and subnet mask, return broadcast address