IPSEC_SECRETS(8) [FIXME: manual] IPSEC_SECRETS(8)NAME
ipsec_secrets - prompt for PIN codes and passphrases
SYNOPSIS
ipsec secrets
DESCRIPTION
Secrets is an alias for ipsec auto --rereadsecrets and rereads all the secrets in the ipsec.secrets file. The user will be prompted for all
private RSA keys protected by PIN codes and passphrases.
SEE ALSO ipsec.secrets(5)HISTORY
Written for Openswan <http://www.openswan.org> by Andreas Steffen.
BUGS
None
[FIXME: source] 10/06/2010 IPSEC_SECRETS(8)
Check Out this Related Man Page
IPSEC_RANBITS(8) Executable programs IPSEC_RANBITS(8)NAME
ipsec_newhostkey - generate a new raw RSA authentication key for a host
SYNOPSIS
ipsec newhostkey [[--configdirnssdbdir] | [--password password]] [[--quiet] | [--verbose]] [--bits bits] [--random device]
[--hostname hostname] [--output filename]
DESCRIPTION
newhostkey outputs (into filename, which can be '-' for standard output) an RSA private key suitable for this host, in /etc/ipsec.secrets
format (see ipsec.secrets(5)) using the --quiet option per default.
The --output option is mandatory. The specified filename is created under umask 077 if nonexistent; if it already exists and is non-empty,
a warning message about that is sent to standard error, and the output is appended to the file.
The --quiet option suppresses both the rsasigkey narrative and the existing-file warning message.
When compiled with NSS support (the default), --configdir specifies the nss configuration directory where the certificate key, and modsec
databases reside. There is no default value, though /etc/ipsec.d might be sensible choice.
When compiled with NSS support (the default), --password specifies a module authentication password that may be required if FIPS mode is
enabled
The --bits option specifies the number of bits in the RSA key; the current default is a random (multiple of 16) value between 3072 and
4096. The minimum allowed is 2172.
The --random is used to specify the random device (default /dev/random used to seed the crypto library RNG.
The --hostname option is passed through to rsasigkey to tell it what host name to label the output with (via its --hostname option).
The output format is that of rsasigkey, with bracketing added to complete the ipsec.secrets format. In the usual case, where ipsec.secrets
contains only the hostas own private key, the output of newhostkey is sufficient as a complete ipsec.secrets file.
FILES
/dev/random, /dev/urandom
SEE ALSO ipsec_rsasigkey(8), ipsec.secrets(5)HISTORY
Originally written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters
BUGS
As with rsasigkey, the run time is difficult to predict, since depletion of the systemas randomness pool can cause arbitrarily long waits
for random bits, and the prime-number searches can also take unpre dictable (and potentially large) amounts of CPU time. See
ipsec_rsasigkey(8) .
A higher-level tool which could handle the clerical details of changing to a new key would be helpful.
AUTHOR
Paul Wouters
placeholder to suppress warning
libreswan 09/06/2013 IPSEC_RANBITS(8)
Hello! I have some trouble trying to configure a VPN with two gateways. One of them uses IPSec with a single key, 256bits length, specified in /etc/ipsec.secrets. As FreeSwan manual page says, if i put esp=3des-md5-96, will be used a "64bit IV key (internally generated), a 192bit 3des ekey and a... (3 Replies)
Hi,
I am trying to establish vpn between my linux server and cisco asa at client side.
I installed openswan on my cent os.
Linux Server
eth0 - 182.2.29.10
Gateway - 182.2.29.1
eth1 - 192.9.200.75
I have simple IPtables Like
WAN="eth0"
LAN="eth1" (0 Replies)