ipsec_verify(8)

1IPSEC_VERIFY(8)                                                IPSEC_VERIFY(8)
2
3
4

NAME

6       ipsec verify - see if Openswan has been installed correctly
7

SYNOPSIS

9       ipsec verify [--host name]
10
11

DESCRIPTION

13       Invoked without argument, verify examines the local system for a number
14       of common system faults: IPsec not in path, no secrets file  generated,
15       pluto  not  running,  and IPsec support not present in kernel (or IPsec
16       module not loaded). If two or more interfaces are  found,  it  performs
17       checks  relevant on an IPsec gateway: whether IP forwarding is allowed,
18       and if so, whether MASQ or NAT rules are in play. It also checks a num‐
19       ber of kernel internals in /proc for sane values.
20
21
22       In  addition,  verify performs checks relevant to Opportunistic Encryp‐
23       tion. It looks in forward DNS for a TXT record for the  system's  host‐
24       name,  and in reverse DNS for a TXT record for the system's IP address‐
25       es. It checks whether the system has a public IP.
26
27
28       The --host option causes verify to look for a TXT record  for  name  in
29       forward and reverse DNS.
30
31

FILES

33       /proc/net/ipsec_eroute
34       /etc/ipsec.secrets
35
36
37

HISTORY

39       Written  for  the  Linux  FreeS/WAN  project  <http://www.freeswan.org:
40       http://www.freeswan.org> by Michael Richardson.
41
42

BUGS

44       Verify does not check for ipchains masquerading.
45
46
47       Verify does not look for TXT records for Opportunistic  clients  behind
48       the system.
49
50
51
52
53                                                               IPSEC_VERIFY(8)