Provided by: openswan_2.6.37-1_amd64 bug


       ipsec_verify - see if FreeSWAN has been installed correctly


       ipsec verify [--host name]


       Invoked without argument, verify examines the local system for a number of common system
       faults: IPsec not in path, no secrets file generated, pluto not running, and IPsec support
       not present in kernel (or IPsec module not loaded). If two or more interfaces are found,
       it performs checks relevant on an IPsec gateway: whether IP forwarding is allowed, and if
       so, whether MASQ or NAT rules are in play.

       In addition, verify performs checks relevant to Opportunistic Encryption. It looks in
       forward DNS for a TXT record for the system´s hostname, and in reverse DNS for a TXT
       record for the system´s IP addresses. It checks whether the system has a public IP.

       The --host option causes verify to look for a TXT record for name in forward and reverse




       Written for the Linux FreeS/WAN project <> by Michael Richardson.


       Verify does not check for ipchains masquerading.

       Verify does not look for TXT records for Opportunistic clients behind the system.

[FIXME: source]                             10/06/2010                            IPSEC_VERIFY(8)