1IPSECKEY(1)                     Internet / DNS                     IPSECKEY(1)
2
3
4

NAME

6       ipseckey - Generate IPSECKEY records on libreswan IPsec servers
7

SYNTAX

9       ipseckey
10

DESCRIPTION

12       ipseckey generates RFC-4025 IPSECKEY DNS records based on the public
13       key of the IPsec server. Supported IPsec software is libreswan and some
14       versions of openswan (depending on its implementation of showhostkey).
15       The record is displayed will have the label of the hostname. This can
16       be manually changed.
17
18       (TODO: allow specifying --hostname and allow --reverse for creating
19       in-addr.arpa. entries)
20

OPTIONS

22       -h / --help
23           Output help information and exit.
24
25       -v / --version
26           Output version information and exit.
27

FILES

29       The NSS IPsec database in /etc/ipsec.d/*.db or for older openswan
30       without NSS /etc/ipsec.secrets
31

REQUIREMENTS

33       ipseckey MUST be run on the IPsec gateway itself because unlike TLS,
34       IPsec servers do not present their public RSA key any client.
35       Currently, only libreswan IPsec is supported (https://libreswan.org)
36       although some versions of openswan might work as well. Root access is
37       needed because the public key is pulled from /etc/ipsec.secrets which
38       can contain secrets and is therefor only readable by root (even though
39       with libreswan, ipsec.secrets does not contain the any private RSA
40       keys)
41

BUGS

43       Some other IPsec software is not yet supported
44

SEE ALSO

46       ipsec_showhostkey(8) and RFC-4025
47

AUTHORS

49       Paul Wouters <pwouters@redhat.com>
50

52       Copyright 2015 Paul Wouters
53
54       This program is free software; you can redistribute it and/or modify it
55       under the terms of the GNU General Public License as published by the
56       Free Software Foundation; either version 2 of the License, or (at your
57       option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
58
59       This program is distributed in the hope that it will be useful, but
60       WITHOUT ANY WARRANTY; without even the implied warranty of
61       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
62       General Public License (file COPYING in the distribution) for more
63       details.
64
65
66
67Paul Wouters                    January 5, 2015                    IPSECKEY(1)
Impressum