Provided by: hash-slinger_2.7-1ubuntu2_amd64 bug


       ipseckey - Generate IPSECKEY records on libreswan IPsec servers




       ipseckey generates RFC-4025 IPSECKEY DNS records based on the public key of the IPsec
       server. Supported IPsec software is libreswan and some versions of openswan (depending on
       its implementation of showhostkey). The record is displayed will have the label of the
       hostname. This can be manually changed.

       (TODO: allow specifying --hostname and allow --reverse for creating entries)


       -h / --help
           Output help information and exit.

       -v / --version
           Output version information and exit.


       The NSS IPsec database in /etc/ipsec.d/*.db or for older openswan without NSS


       ipseckey MUST be run on the IPsec gateway itself because unlike TLS, IPsec servers do not
       present their public RSA key any client. Currently, only libreswan IPsec is supported
       ( although some versions of openswan might work as well. Root access
       is needed because the public key is pulled from /etc/ipsec.secrets which can contain
       secrets and is therefor only readable by root (even though with libreswan, ipsec.secrets
       does not contain the any private RSA keys)


       Some other IPsec software is not yet supported


       ipsec_showhostkey(8) and RFC-4025


       Paul Wouters <>


       Copyright 2015 Paul Wouters

       This program is free software; you can redistribute it and/or modify it under the terms of
       the GNU General Public License as published by the Free Software Foundation; either
       version 2 of the License, or (at your option) any later version. See

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License (file COPYING in the distribution) for more details.