HMC Manual Reference Pages - CHIPSEC (1)

NAME

chipsec - change IPsec configuration

Synopsis
Description
Options
Examples
Environment
Bugs
Author
See Also

SYNOPSIS

To create and start an IPsec connection to a managed system:
chipsec -m managed-system --left IPv6-address --passkey passphrase
To create and start a user-defined IPsec connection:
chipsec -f connection-file --passkey passphrase
[--cert certificate-file]
To start, stop, or remove an IPsec connection:
chipsec {--up connection-name | --down connection-name |
-r connection-name}
To start or stop the IPsec service on the Hardware Management Console:
chipsec {--start | --stop}

DESCRIPTION

chipsec changes the Internet Protocol Security (IPsec) configuration on the Hardware Management Console (HMC). It can also be used to manage IPsec connections and the IPsec service.
An IPsec connection is automatically started when it is created. The IPsec service is automatically started when the first IPsec connection is created.
The HMC uses the strongSwan IPsec implementation.

OPTIONS

-m The name of the managed system to which to create an IPsec connection. The name may either be the user-defined name for the managed system, or be in the form tttt-mmm*sssssss, where tttt is the machine type, mmm is the model, and sssssss is the serial number of the managed system. The tttt-mmm*sssssss form must be used if there are multiple managed systems with the same user-defined name.

--left The HMC IPv6 address to be used for the IPsec connection to the managed-system.

--passkey The passphrase.

-f The name of the file that contains the configuration information for the user-defined IPsec connection to be created. The configuration information in the file must be the conn section for the ipsec.conf file. The file can contain the configuration information for one connection only.
If the file is on removable media, the media must be present in the removable media device and the device must be mounted with the mount command before this command is issued. The lsmediadev command can be used to display all of the removable media devices on the HMC.

--cert The name of the file that contains the certificate for the user-defined IPsec connection to be created. The file name must end with the .pem suffix.
If the file is on removable media, the media must be present in the removable media device and the device must be mounted with the mount command before this command is issued. The lsmediadev command can be used to display all of the removable media devices on the HMC.

--up Specify this option to start the IPsec connection connection-name. If the IPsec service is not running, it will be started.
An IPsec connection is automatically started when it is created.

--down Specify this option to stop the IPsec connection connection-name. If no other IPsec connections are active, the IPsec service will be stopped.

-r Specify this option to remove the IPsec connection connection-name.
An active IPsec connection is stopped before it is removed.

--start Specify this option to start the IPsec service on the HMC.
The IPsec service is automatically started when the first IPsec connection is created or started.

--stop Specify this option to stop the IPsec service on the HMC.
The IPsec service is automatically stopped when the last IPsec connection is removed or stopped.

--help Display the help text for this command and exit.

EXAMPLES

Create and start an IPsec connection to managed system j21:
chipsec -m j21 --left fe80:0:0:0:221:5eff:fe46:57ce
--passkey hmctest1234!
Create and start a user-defined IPsec connection:
chipsec -f connfile.txt --passkey passphrase1
Create and start a user-defined IPsec connection with certificate. Both files are on a USB flash memory device (the USB flash memory device must already be connected to the HMC):
lsmediadev (to obtain mount points)
mount /media/sdb1
chipsec -f /media/sdb1/user_file.txt --cert /media/sdb1/user_cert.pem
--passkey hmctest1234!
Start the IPsec connection j21:
chipsec --up j21
Stop the IPsec connection j21:
chipsec --down j21
Remove the IPsec connection j21:
chipsec -r j21
Start the IPsec service on the HMC:
chipsec --start
Stop the IPsec service on the HMC:
chipsec --stop

ENVIRONMENT

None

BUGS

None

AUTHOR

IBM Austin

HMC Manual Reference Pages - CHIPSEC (1)

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

OPTIONS

EXAMPLES

ENVIRONMENT

BUGS

AUTHOR

SEE ALSO

-m	The name of the managed system to which to create an IPsec connection. The name may either be the user-defined name for the managed system, or be in the form tttt-mmm*sssssss, where tttt is the machine type, mmm is the model, and sssssss is the serial number of the managed system. The tttt-mmm*sssssss form must be used if there are multiple managed systems with the same user-defined name.
--left	The HMC IPv6 address to be used for the IPsec connection to the managed-system.
--passkey	The passphrase.
-f	The name of the file that contains the configuration information for the user-defined IPsec connection to be created. The configuration information in the file must be the conn section for the ipsec.conf file. The file can contain the configuration information for one connection only. If the file is on removable media, the media must be present in the removable media device and the device must be mounted with the mount command before this command is issued. The lsmediadev command can be used to display all of the removable media devices on the HMC.
--cert	The name of the file that contains the certificate for the user-defined IPsec connection to be created. The file name must end with the .pem suffix. If the file is on removable media, the media must be present in the removable media device and the device must be mounted with the mount command before this command is issued. The lsmediadev command can be used to display all of the removable media devices on the HMC.
--up	Specify this option to start the IPsec connection connection-name. If the IPsec service is not running, it will be started. An IPsec connection is automatically started when it is created.
--down	Specify this option to stop the IPsec connection connection-name. If no other IPsec connections are active, the IPsec service will be stopped.
-r	Specify this option to remove the IPsec connection connection-name. An active IPsec connection is stopped before it is removed.
--start	Specify this option to start the IPsec service on the HMC. The IPsec service is automatically started when the first IPsec connection is created or started.
--stop	Specify this option to stop the IPsec service on the HMC. The IPsec service is automatically stopped when the last IPsec connection is removed or stopped.
--help	Display the help text for this command and exit.