Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ipsec_verify(8) [debian man page]

IPSEC_VERIFY(8) 						  [FIXME: manual]						   IPSEC_VERIFY(8)

NAME

       ipsec_verify - see if FreeSWAN has been installed correctly

SYNOPSIS

       ipsec verify [--host name]

DESCRIPTION

       Invoked without argument, verify examines the local system for a number of common system faults: IPsec not in path, no secrets file
       generated, pluto not running, and IPsec support not present in kernel (or IPsec module not loaded). If two or more interfaces are found, it
       performs checks relevant on an IPsec gateway: whether IP forwarding is allowed, and if so, whether MASQ or NAT rules are in play.

       In addition, verify performs checks relevant to Opportunistic Encryption. It looks in forward DNS for a TXT record for the system's
       hostname, and in reverse DNS for a TXT record for the system's IP addresses. It checks whether the system has a public IP.

       The --host option causes verify to look for a TXT record for name in forward and reverse DNS.

FILES

	   /proc/net/ipsec_eroute
	   /etc/ipsec.secrets

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Michael Richardson.

BUGS

       Verify does not check for ipchains masquerading.

       Verify does not look for TXT records for Opportunistic clients behind the system.

[FIXME: source] 						    10/06/2010							   IPSEC_VERIFY(8)

Check Out this Related Man Page

IPSEC_BARF(8)							  [FIXME: manual]						     IPSEC_BARF(8)

NAME

       ipsec_barf - spew out collected IPsec debugging information

SYNOPSIS

       ipsec barf [--short --maxlines <100>]

DESCRIPTION

       Barf outputs (on standard output) a collection of debugging information (contents of files, selections from logs, etc.) related to the
       IPsec encryption/authentication system. It is primarily a convenience for remote debugging, a single command which packages up (and labels)
       all information that might be relevant to diagnosing a problem in IPsec.

       The --short option limits the length of the log portion of barf's output, which can otherwise be extremely voluminous if debug logging is
       turned on.

       --maxlines <100> option sets the length of some bits of information, currently netstat -rn. Useful on boxes where the routing table is
       thousands of lines long. Default is 100.

       Barf censors its output, replacing keys and secrets with brief checksums to avoid revealing sensitive information.

       Beware that the output of both commands is aimed at humans, not programs, and the output format is subject to change without warning.

       Barf has to figure out which files in /var/log contain the IPsec log messages. It looks for KLIPS and general log messages first in
       messages and syslog, and for Pluto messages first in secure, auth.log, and debug. In both cases, if it does not find what it is looking for
       in one of those "likely" places, it will resort to a brute-force search of most (non-compressed) files in /var/log.

FILES

	   /proc/net/*
	   /var/log/*
	   /etc/ipsec.conf
	   /etc/ipsec.secrets

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer.

BUGS

       Barf uses heuristics to try to pick relevant material out of the logs, and relevant messages which are not labelled with any of the tags
       that barf looks for will be lost. We think we've eliminated the last such case, but one never knows...

       Finding updown scripts (so they can be included in output) is, in general, difficult.  Barf uses a very simple heuristic that is easily
       fooled.

       The brute-force search for the right log files can get expensive on systems with a lot of clutter in /var/log.

[FIXME: source] 						   17 March 2002						     IPSEC_BARF(8)
Man Page