IpSecConfig.efi 

 1  IpSecConfig.efi -?
 2 Displays or modifies the current IPsec configuration.
 3 
 4 IpSecConfig [-p {SPD|SAD|PAD}] [command] [options[parameters]]
 5 
 6 -p (SPD|SAD|PAD)                   required.point to certain policy database.
 7 
 8 command:
 9   -a [options[parameters]]         Add new policy entry.
10   -i entryid [options[parameters]] Insert new policy entry before the one
11                                    matched by the entryid.
12                                    It's only supported on SPD policy database.
13   -d entryid                       Delete the policy entry matched by the
14                                    entryid.
15   -e entryid [options[parameters]] Edit the policy entry matched by the
16                                    entryid.
17   -f                               Flush the entire policy database.
18   -l                               List all entries for specified database.
19   -enable                          Enable IPsec.
20   -disable                         Disable IPsec.
21   -status                          Show IPsec current status.
22 
23 [options[parameters]] for SPD:
24   --local localaddress               optional local address
25   --remote remoteaddress             required remote address
26   --proto (TCP|UDP|ICMP|...)         required IP protocol
27   --local-port port                  optional local port for tcp/udp protocol
28   --remote-port port                 optional remote port for tcp/udp protocol
29   --name name                        optional SPD name
30   --action (Bypass|Discard|Protect)  required
31                                      required IPsec action
32   --mode (Transport|Tunnel)          optional IPsec mode, transport by default
33   --ipsec-proto (AH|ESP)             optional IPsec protocol, ESP by default
34   --auth-algo (NONE|SHA1HMAC)        optional authentication algorithm
35   --encrypt-algo(NONE|DESCBC|3DESCBC)optional encryption algorithm
36   --tunnel-local tunnellocaladdr     optional tunnel local address(only for tunnel mode)
37   --tunnel-remote tunnelremoteaddr   optional tunnel remote address(only for tunnel mode)
38 
39 [options[parameters]] for SAD:
40   --spi  spi                            required SPI value
41   --ipsec-proto   (AH|ESP)              required IPsec protocol
42   --local         localaddress          optional local address
43   --remote        remoteaddress         required destination address
44   --auth-algo     (NONE|SHA1HMAC)       required for AH. authentication algorithm
45   --auth-key      key                   required for AH. key for authentication
46   --encrypt-algo  (NONE|DESCBC|3DESCBC) required for ESP. encryption algorithm
47   --encrypt-key   key                   required for ESP. key for encryption
48   --mode          (Transport|Tunnel)    optional IPsec mode, transport by default
49   --tunnel-dest   tunneldestaddr        optional tunnel destination address(only for tunnel mode)
50   --tunnel-source tunnelsourceaddr      optional tunnel source address(only for tunnel mode)
51 
52 [options[parameters]] for PAD:
53   --peer-address address                        required peer address
54   --auth-proto (IKEv1|IKEv2)                    optional IKE protocol, IKEv1 by
55                                                 default
56   --auth-method (PreSharedSecret|Certificates)  required authentication method
57   --auth-data  authdata                         required data for authentication

 https://github.com/tianocore/edk2/blob/master/NetworkPkg/Application/IpsecConfig/IpSecConfigStrings.uni

http://www.kame.net/newsletter/20001119/

https://www.brocade.com/content/html/en/command-reference-guide/fos-800-commandref/wwhelp/wwhimpl/common/html/wwhelp.htm#href=commands_a_z.ipSecConfig.html&single=true

posted @ 2016-11-16 09:48  boowii  阅读(278)  评论(0编辑  收藏  举报