2.4.2.3. Commands

This section explains and gives examples of some of the commands used for Openswan.

Note

As shown in the following example, using service ipsec start/stop is the recommended method of changing the state of the ipsec service. This is also the recommended technique for starting and stopping all other services in Red Hat Enterprise Linux 6.

Starting and Stopping Openswan:
- ipsec setup start/stop
- service ipsec start/stop
Adding/deleting a connection:
- ipsec auto --add/delete <connection name>
Connection establishment/breaking:
- ipsec auto --up/down <connection-name>
Generating RSA keys:
- ipsec newhostkey --configdir /etc/ipsec.d --password password --output /etc/ipsec.d/<name-of-file>
Checking ipsec policies in Kernel:
- ip xfrm policy
- ip xfrm state
Creating self-signed certificate:
- certutil -S -k rsa -n <ca-cert-nickname> -s "CN=ca-cert-common-name" -w 12 -t "C,C,C" -x -d /etc/ipsec.d
Creating user certificate signed by the previous CA:
- certutil -S -k rsa -c <ca-cert-nickname> -n <user-cert-nickname> -s "CN=user-cert-common-name" -w 12 -t "u,u,u" -d /etc/ipsec.d