ipsec_tncfg(5) lists IPSEC virtual interfaces attached to real interfaces

SYNOPSIS

ipsec tncfg
cat/proc/net/ipsec_tncfg

OBSOLETE

Note that tncfg is only supported on the classic KLIPS stack. It is not supported on any other stack and will be completely removed in future versions. A replacement command still needs to be designed

DESCRIPTION

/proc/net/ipsec_tncfg is a read-only file which lists which IPSEC virtual interfaces are attached to which real interfaces, through which packets will be forwarded once processed by IPSEC.

Each line lists one ipsec I/F. A table entry consists of:

+

an ipsec virtual I/F name

+

a visual and machine parsable separator '->', separating the virtual I/F and the physical I/F,

+

a physical I/F name, to which the ipsec virtual I/F is attached or NULL if it is not attached,

+

the keyword mtu=,

+

the MTU of the ipsec virtual I/F,

+

the automatically adjusted effective MTU for PMTU discovery, in brackets,

+

a visual and machine parsable separator '->', separating the virtual I/F MTU and the physical I/F MTU,

+

the MTU of the attached physical I/F.

EXAMPLES

ipsec2 -> eth3 mtu=16260(1443) -> 1500

shows that virtual device ipsec2 with an MTU of 16260 is connected to physical device eth3 with an MTU of 1500 and that the effective MTU as a result of PMTU discovery has been automatically set to 1443.

ipsec0 -> wvlan0 mtu=1400(16260) -> 1500

shows that virtual device ipsec0 with an MTU of 1400 is connected to physical device wvlan0 with an MTU of 1500 and no PMTU packets have gotten far enough to bump down the effective MTU from its default of 16260.

ipsec3 -> NULL mtu=0(0) -> 0

shows that virtual device ipsec3 is not connected to any physical device.

FILES

/proc/net/ipsec_tncfg, /usr/local/bin/ipsec

HISTORY

Written for the Linux FreeS/WAN project <m[blue]http://www.freeswan.org/m[]> by Richard Guy Briggs.