Poster of Linux kernelThe best gift for a Linux geek
IPSEC_VERIFY

IPSEC_VERIFY

Section: 8 June 2002 (8) Updated: 11/14/2008
Local index Up
 

NAME

ipsec_verify - see if FreeSWAN has been installed correctly  

SYNOPSIS

ipsec verify [--host name]
 

DESCRIPTION

Invoked without argument, verify examines the local system for a number of common system faults: IPsec not in path, no secrets file generated, pluto not running, and IPsec support not present in kernel (or IPsec module not loaded). If two or more interfaces are found, it performs checks relevant on an IPsec gateway: whether IP forwarding is allowed, and if so, whether MASQ or NAT rules are in play.

In addition, verify performs checks relevant to Opportunistic Encryption. It looks in forward DNS for a TXT record for the system's hostname, and in reverse DNS for a TXT record for the system's IP addresses. It checks whether the system has a public IP.

The --host option causes verify to look for a TXT record for name in forward and reverse DNS.  

FILES

/proc/net/ipsec_eroute
/etc/ipsec.secrets

 

HISTORY

Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Michael Richardson.  

BUGS

Verify does not check for ipchains masquerading.

Verify does not look for TXT records for Opportunistic clients behind the system.


 

Index

NAME
SYNOPSIS
DESCRIPTION
FILES
HISTORY
BUGS

This document was created by man2html, using the manual pages.
Time: 22:01:50 GMT, April 16, 2011