LinuxCommandLibrary
GitHubF-DroidGoogle Play Store

ipsec

control interface for strongSwan/Libreswan IPsec VPN implementations

TLDR

Start IPsec service
$ sudo ipsec start
copy
Stop IPsec service
$ sudo ipsec stop
copy
Check status
$ sudo ipsec status
copy
Show all connections
$ sudo ipsec statusall
copy
Reload configuration
$ sudo ipsec reload
copy
Start specific connection
$ sudo ipsec up [connection]
copy
Stop specific connection
$ sudo ipsec down [connection]
copy
Show version information
$ ipsec --version
copy
Reload secrets from ipsec.secrets
$ sudo ipsec rereadsecrets
copy

SYNOPSIS

ipsec command [options]

DESCRIPTION

ipsec is the control interface for strongSwan/Libreswan IPsec VPN implementations. It manages IKE (Internet Key Exchange) connections for encrypted network tunnels.IPsec provides network-layer encryption for VPNs, supporting site-to-site tunnels and remote access. Configuration is typically in /etc/ipsec.conf and /etc/ipsec.secrets.

PARAMETERS

start

Start IPsec daemon.
stop
Stop IPsec daemon.
restart
Restart daemon.
status
Show active connections.
statusall
Show detailed status.
reload
Reload configuration.
up connection
Start connection.
down connection
Stop connection.
update
Apply config changes without full restart.
route connection
Install kernel IPsec policy for a connection.
unroute connection
Remove kernel IPsec policy for a connection.
rereadsecrets
Reload secrets from ipsec.secrets.
listalgs
List supported cryptographic algorithms.
listcerts
List certificates.
listcacerts
List CA certificates.
listall
List all information.
rereadall
Execute all reread operations.
--version
Show version information.

CONFIGURATION

$ # /etc/ipsec.conf
conn myvpn
    left=%defaultroute
    leftid=@myserver
    right=remote.example.com
    rightid=@remote
    auto=start
copy

CAVEATS

Requires kernel IPsec support. Certificate management can be complex. Firewall rules needed for IKE (UDP 500, 4500). Debug with ipsec statusall.

HISTORY

IPsec was standardized by IETF in the 1990s. strongSwan (forked from FreeS/WAN in 2005) and Libreswan are the main Linux implementations, providing the ipsec command interface.

SEE ALSO

ip(8), openvpn(8), wg(8)

Copied to clipboard
Kai