chipsec command

Use the chipsec command to change the IP security connection for the appliance environment.

Synopsis

chipsec [--help]

chipsec [-m IPv6_address --left IPv6_address --passkey pass_phrase] | [-c file_name [--cert certificate_path --privateKey key_path] --passkey pass_phrase] | [{--up | --down | -r} connection_name] | [--start] | [--stop]

Description

The chipsec command changes the IP security connection for the appliance environment.

Options

-c file_name
Creates an IP security connection using the specified connection file. The file type must be txt. The connection file contains the following attributes and their values.
conn
Connection name. The connection name can be any name. For example, conn my_connection.
left
Local system IPv6 address used for IP security connection. For example, left=fe80::21a:64ff:fe28:1799.
leftcert
File name for the security certificate to be added to the IP security connection. For example, leftcert=moonCert.pem. This attribute is optional.
right
Remote system IPv6 address used for IP security connection. For example, right=fe80::21a:64ff:fe29:1798.
authby
Authentication type. For example, authby=psk.
auto
Automatic operation to be done at when the IP security connection starts. For example, auto=start.

The –passkey option is required with the -c option.

--cert certificate_path
Adds the specified security certificate to the IP security connection. Specify the absolute path to the certificate file to be used by the IP security connection. This option is valid only with the –c option and the –privateKey option.
--down connection_name
Ends the specified connection.
--help
Displays detailed information about the command, including the syntax, a description of the command, a description of the options and operands, error codes, and examples.
--left IPv6_address
Specifies the local IP address to be used for the IP security connection. This option is required with the –m option.
-m IPv6_address
Creates an IP security connection to a Flexible Service Provider (FSP). The –left and –passkey options are required with this option.
--passkey pass_phrase
Specifies the passphrase to be used for pre-shared key (PSK) authentication. This option is required with the –c and –m options.
--privateKey key_path
Specifies the key to be used by the IP security connection. This option is valid only with the –c option and the —cert option.
-r connection_name
Removes the specified existing connection.
--start
Starts the IP security connection service.
--stop
Stops the IP security connection service.
--up connection_name
Establishes the specified connection.

Exit status

The following codes are returned by this command.
  • 0: The operation completed.
  • 1: A usage error occurred.
  • 2: The command or bundle was not found.
  • 3: The command was not performed because either authentication failed or you are not authorized to perform the action.

Examples

  1. Create an IP security connection using a connection file

    This example illustrates how to create an IP security connection using a connection file.

    chipsec -c user_file.txt --cert /home/pe/moonCert.pem 
--privateKey /home/sysadmin/moonKey.pem 
--passkey 1234
  2. Create an IP security connection by specifying IP addresses

    This example illustrates how to create an IP security connection by specifying the FSP and local IP addresses.

    chipsec -m 2002:97D:EEC3:604:9:123:99:64 
--left 2002:97D:EEC3:604:9:123:99:16 
--passkey 1234
  3. Remove an IP security connection

    This example illustrates how to remove an IP security connection by connection name.

    chipsec -r connection1
Related reference:
How to read syntax diagrams