ipsec-algparse - Man Page

utility for verifying IKE and IPsec cryptographic proposal syntax

Synopsis

ipsec algparse [-v1 | -v2 | -v | -verbose | -debug | -p1 | -p2 | -pfs {yes | no} | -fips {yes | no} | -ignore | -impair | -nsspw password]
{-tp | -ta | ike=proposals | esp=proposals | ah=proposals | proposals}

Description

ipsec algparse is a utility that parses and expands and Internet Key Exchange cryptographic proposals using the same syntax as used in the file ipsec.conf (see the description of ike= and esp= in ipsec.conf(5) for details). In addition, ipsec algparse can be used to run the proposal parser or the cryptographic algorithm testsuites.

The following options control what ipsec algparse will parse:

ike=[proposals], esp=[proposals], ah=[proposals]

Parse the proposals using the IKE, ESP, or AH proposal parser. When proposals is omitted, display the default IKE, ESP, or AH proposals.

proposal

Try to parse the proposal using all three of the IKE, ESP, and AH proposal parsers.

-tp

run the proposal testsuite

-ta

run the algorithm testsuite

The following options alter the parser behaviour:

-v1,  -v2

Parse the proposals using either the IKEv1 or IKEv2 proposal syntax.

The default is IKEv2.

-pfs=yes|no

Specify PFS (Perfect Forward Privicy). When yes Diffi-Helman algorithms will be included in the proposal.

The default is --pfs=no.

-fips=yes|no

Force NSS into FIPS mode.

The default is determined by the system environment.

-p1,  -p2

Specify the parser to use.

By default, IKEv1 uses the simple (p1) parser, and IKEv2 uses the more complex (p2) parser.

-nsspw

Specify the NSS database password.

-impair

Impair the parser, disabling all algorithm checks.

-ignore

Ignore parser errors.

-v,  -verbose

Be more verbose when invoking proposal parser.

-d,  -debug

Enable full debug-logging when invoking the proposal parser.

History

Written for the Libreswan project by Andrew Cagney.

Author

Andrew Cagney

Referenced By

ipsec(8), ipsec-add(8), ipsec-briefconnectionstatus(8), ipsec-briefstatus(8), ipsec-certutil(8), ipsec-checkconfig(8), ipsec-checknflog(8), ipsec-checknss(8), ipsec-connectionstatus(8), ipsec-crlutil(8), ipsec-delete(8), ipsec-down(8), ipsec-fetchcrls(8), ipsec-fipsstatus(8), ipsec-globalstatus(8), ipsec-import(8), ipsec-initnss(8), ipsec-listall(8), ipsec-listcacerts(8), ipsec-listcerts(8), ipsec-listcrls(8), ipsec-listen(8), ipsec-listpubkeys(8), ipsec-modutil(8), ipsec-ondemand(8), ipsec-pk12util(8), ipsec-purgeocsp(8), ipsec-redirect(8), ipsec-replace(8), ipsec-rereadall(8), ipsec-rereadcerts(8), ipsec-rereadsecrets(8), ipsec-restart(8), ipsec-route(8), ipsec-showstates(8), ipsec-shuntstatus(8), ipsec-start(8), ipsec-status(8), ipsec-stop(8), ipsec-trafficstatus(8), ipsec-unroute(8), ipsec-up(8), ipsec-vfychain(8).

10/08/2024 Libreswan 5.1 Executable programs