1ipsec_policy(8)                 Openswan IPSec                 ipsec_policy(8)
2
3
4

NAME

6       ipsec_policy - show ipsec policy information
7

SYNOPSIS

9           # detect what stack is used
10           ipsec policy --detect-stack
11
12           # display policy information
13           ipsec policy [ --all | [ --inbound | --outbound | --forward ] ] \
14                        [ --stack=name ] [ --read=file ] [ --debug ]
15
16           # provide usage information
17           ipsec policy --usage
18           ipsec policy --help
19

DESCRIPTION

21       policy displays the incoming, outgoing, and forwarding packet policies
22       of the system.  It is a wrapper around eixsting klips and netkey data,
23       but presented in a less terse form.
24

OPTIONS

26       --detect-stack
27           Only display the stack that Openswan is using.  Possible results
28           are.
29
30           klips
31               KLIPS is the Openswan ipsec kernel module.  This stack type
32               indicates that KLIPS is not running in mast mode (see next
33               option), but rather in the default mode.  In this mode, KLIPS
34               outgoing packet policy is dicated by eroutes.  See the
35               ipsec_eroute man page for further details.
36
37           mast
38               This is a mode of the Openswan ipsec kernel module, KLIPS.  In
39               this mode outgoing packet routing policies are dictated by
40               iptalbles, and Linux kernel policy routing.  This mode is
41               selected by using "protostack=mast" setting in ipsec.conf.
42
43           netkey
44               This stack indicates that Openswan is controlling the Linux
45               kernel built-in ipsec functionally.
46
47       --all
48           Show inbound, outbound, and forward policites.  This is the
49           default.
50
51       --inbound --in
52           Show only inbound policy.
53
54       --outbound --out
55           Show only outbound policy.
56
57       --forward --fwd
58           Show only forward policy.
59
60       --stack=<name>
61           Skip autodetection and force read policy from this stack.  See help
62           on --detect-stack (above) for valid options and their descriptions.
63
64       --read=<file>
65           This option overrides what file would be read to gather the policy
66           information.  It could be used to read policy information from a
67           snapshot obtained from a running system.
68
69           In the case of the klips or mast stack, this file is the output of
70           the /proc/net/ipsec/spi/all file.
71
72       --help
73           Output help.
74
75       --debug
76           Output debug info.
77

FILES

79          /proc/net/ipsec/spi/all
80

SEE ALSO

82       ipsec(8), ipsec_eroute(8), ipsec_manual(8)
83

HISTORY

85       Designed for the Openswan project <http://www.openswan.org> by Bart
86       Trojanowski.
87

BUGS

89       Does not support netkey yet.
90
91
92
932.6.32                            2010-12-18                   ipsec_policy(8)
Impressum