ipsec-algparse - Man Page
utility for verifying IKE and IPsec cryptographic proposal syntax
Synopsis
ipsec algparse [-v1 | -v2 | -v | -verbose | -debug | -p1 | -p2 | -pfs {yes | no} | -fips {yes | no} | -ignore | -impair | -nsspw password]
{-tp | -ta | ike=proposals | esp=proposals | ah=proposals | proposals}
Description
ipsec algparse is a utility that parses and expands and Internet Key Exchange cryptographic proposals using the same syntax as used in the file ipsec.conf (see the description of ike= and esp= in ipsec.conf(5) for details). In addition, ipsec algparse can be used to run the proposal parser or the cryptographic algorithm testsuites.
The following options control what ipsec algparse will parse:
- ike=[proposals], esp=[proposals], ah=[proposals]
Parse the proposals using the IKE, ESP, or AH proposal parser. When proposals is omitted, display the default IKE, ESP, or AH proposals.
- proposal
Try to parse the proposal using all three of the IKE, ESP, and AH proposal parsers.
- -tp
run the proposal testsuite
- -ta
run the algorithm testsuite
The following options alter the parser behaviour:
- -v1, -v2
Parse the proposals using either the IKEv1 or IKEv2 proposal syntax.
The default is IKEv2.
- -pfs=yes|no
Specify PFS (Perfect Forward Privicy). When yes Diffi-Helman algorithms will be included in the proposal.
The default is --pfs=no.
- -fips=yes|no
Force NSS into FIPS mode.
The default is determined by the system environment.
- -p1, -p2
Specify the parser to use.
By default, IKEv1 uses the simple (p1) parser, and IKEv2 uses the more complex (p2) parser.
- -nsspw
Specify the NSS database password.
- -impair
Impair the parser, disabling all algorithm checks.
- -ignore
Ignore parser errors.
- -v, -verbose
Be more verbose when invoking proposal parser.
- -d, -debug
Enable full debug-logging when invoking the proposal parser.
History
Written for the Libreswan project by Andrew Cagney.
Author
Andrew Cagney
Referenced By
ipsec(8), ipsec-add(8), ipsec-briefconnectionstatus(8), ipsec-briefstatus(8), ipsec-certutil(8), ipsec-checkconfig(8), ipsec-checknflog(8), ipsec-checknss(8), ipsec-connectionstatus(8), ipsec-crlutil(8), ipsec-delete(8), ipsec-down(8), ipsec-fetchcrls(8), ipsec-fipsstatus(8), ipsec-globalstatus(8), ipsec-import(8), ipsec-initnss(8), ipsec-listall(8), ipsec-listcacerts(8), ipsec-listcerts(8), ipsec-listcrls(8), ipsec-listen(8), ipsec-listpubkeys(8), ipsec-modutil(8), ipsec-ondemand(8), ipsec-pk12util(8), ipsec-purgeocsp(8), ipsec-redirect(8), ipsec-replace(8), ipsec-rereadall(8), ipsec-rereadcerts(8), ipsec-rereadsecrets(8), ipsec-restart(8), ipsec-route(8), ipsec-showstates(8), ipsec-shuntstatus(8), ipsec-start(8), ipsec-status(8), ipsec-stop(8), ipsec-trafficstatus(8), ipsec-unroute(8), ipsec-up(8), ipsec-vfychain(8).