2. EL 6 ELS
  3. openswan
  4. ipsec_policy(8)

Scroll to navigation

ipsec_policy(8) Openswan IPSec ipsec_policy(8)

NAME

ipsec_policy - show ipsec policy information

SYNOPSIS

    # detect what stack is used
    ipsec policy --detect-stack
    # display policy information
    ipsec policy [ --all | [ --inbound | --outbound | --forward ] ] \
                 [ --stack=name ] [ --read=file ] [ --debug ]
    # provide usage information
    ipsec policy --usage
    ipsec policy --help

DESCRIPTION

policy displays the incoming, outgoing, and forwarding packet policies of the system. It is a wrapper around eixsting klips and netkey data, but presented in a less terse form.

OPTIONS

Only display the stack that Openswan is using. Possible results are.
KLIPS is the Openswan ipsec kernel module. This stack type indicates that KLIPS is not running in mast mode (see next option), but rather in the default mode. In this mode, KLIPS outgoing packet policy is dicated by eroutes. See the ipsec_eroute man page for further details.
This is a mode of the Openswan ipsec kernel module, KLIPS. In this mode outgoing packet routing policies are dictated by iptalbles, and Linux kernel policy routing. This mode is selected by using "protostack=mast" setting in ipsec.conf.
This stack indicates that Openswan is controlling the Linux kernel built-in ipsec functionally.
Show inbound, outbound, and forward policites. This is the default.
Show only inbound policy.
Show only outbound policy.
Show only forward policy.
Skip autodetection and force read policy from this stack. See help on --detect-stack (above) for valid options and their descriptions.
This option overrides what file would be read to gather the policy information. It could be used to read policy information from a snapshot obtained from a running system.

In the case of the klips or mast stack, this file is the output of the /proc/net/ipsec/spi/all file.

Output help.
Output debug info.

FILES

   /proc/net/ipsec/spi/all

SEE ALSO

ipsec(8), ipsec_eroute(8), ipsec_manual(8)

HISTORY

Designed for the Openswan project <http://www.openswan.org> by Bart Trojanowski.

BUGS

Does not support netkey yet.

2010-12-17 2.6.32