Securing-Optimizing-RH-Linux-1_2_314
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
314
192.168.1.0/24
192.168.1.0/24
|
|
192.168.1.1
192.168.1.2
A last note about testing the installation of FreeSWAN IPSEC, if you encounter a problem that
you are incapable to resolve, you can use the following command to make an output of a
collection of debugging information (contents of files, selections from logs, etc.) related to the
IPSEC encryption/authentication system that you should send to the Linux-IPSEC Mailing List
(linux-ipsec@clinet.fi) to help you.
·
Use the following command to make an output of a collection of debugging information:
[root@deep /]# ipsec barf > result
This command is primarily a convenience for remote debugging, a single command which
packages up (and labels) all information that might be relevant to diagnosing a problem in IPSEC.
Further documentation
For more details, there are several man pages you can read:
$ man ipsec (8)
- invoke IPSEC utilities
$ man ipsec atoaddr, addrtoa (3)
- convert Internet addresses to and from ASCII
$ man ipsec atoasr (3)
- convert ASCII to Internet address, subnet, or range
$ man ipsec atobytes, bytestoa (3)
- convert binary data bytes from and to ASCII formats
$ man ipsec atodata, datatoa (3)
- convert binary data from and to ASCII formats
$ man ipsec atosa, satoa (3)
- convert IPSEC Security Association IDs to and from ASCII
$ man ipsec atosubnet, subnettoa (3) - convert subnet/mask ASCII form to and from addresses
$ man ipsec atoul, ultoa (3)
- convert unsigned-long numbers to and from ASCII
$ man ipsec auto (8)
- control automatically-keyed IPSEC connections
$ man ipsec barf (8)
- spew out collected IPSEC debugging information
$ man ipsec bitstomask (3)
- convert bit count to Internet subnet mask
$ man ipsec eroute (8)
- manipulate IPSEC extended routing tables
$ man ipsec goodmask (3)
- is this Internet subnet mask a valid one?
$ man ipsec hostof (3)
- given Internet address and subnet mask, return host part
$ man ipsec klipsdebug (8)
- set Klips (kernel IPSEC support) debug features and level
$ man ipsec look (8)
- show minimal debugging information
$ man ipsec manual (8)
- take manually-keyed IPSEC connections up and down
$ man ipsec masktobits (3)
- convert Internet subnet mask to bit count
$ man ipsec optionsfrom (3)
- read additional ``command-line'' options from file
$ man ipsec pluto (8)
- IPsec IKE keying daemon
$ man ipsec ranbits (8)
- generate random bits in ASCII form
$ man ipsec rangetoa (3)
- convert Internet address range to ASCII
$ man ipsec rsasigkey (8)
- generate RSA signature key
$ man ipsec setup (8)
- control IPSEC subsystem
$ man ipsec spi (8)
- manage IPSEC Security Associations
$ man ipsec spigrp (8)
- group/ungroup IPSEC Security Associations
$ man ipsec subnetof (3)
- given Internet address and subnet mask, return subnet number
$ man ipsec tncfg (8)
- associate IPSEC virtual interface with real interface
$ man ipsec whack (8)
- control interface for IPSEC keying daemon
$ man ipsec.conf (5)
- IPSEC configuration and connections
$ man ipsec.secrets (5)
- secrets for IKE/IPsec authentication
$ man ipsec (8)
- invoke IPSEC utilities
$ man ipsec atoaddr, addrtoa (3)
- convert Internet addresses to and from ASCII
$ man ipsec atoasr (3)
- convert ASCII to Internet address, subnet, or range
$ man ipsec atobytes, bytestoa (3)
- convert binary data bytes from and to ASCII formats
$ man ipsec atodata, datatoa (3)
- convert binary data from and to ASCII formats
$ man ipsec atosa, satoa (3)
- convert IPSEC Security Association IDs to and from ASCII
$ man ipsec atosubnet, subnettoa (3) - convert subnet/mask ASCII form to and from addresses
$ man ipsec atoul, ultoa (3)
- convert unsigned-long numbers to and from ASCII
$ man ipsec auto (8)
- control automatically-keyed IPSEC connections