1 IpSecConfig.efi -? 2 Displays or modifies the current IPsec configuration. 3 4 IpSecConfig [-p {SPD|SAD|PAD}] [command] [options[parameters]] 5 6 -p (SPD|SAD|PAD) required.point to certain policy database. 7 8 command: 9 -a [options[parameters]] Add new policy entry. 10 -i entryid [options[parameters]] Insert new policy entry before the one 11 matched by the entryid. 12 It's only supported on SPD policy database. 13 -d entryid Delete the policy entry matched by the 14 entryid. 15 -e entryid [options[parameters]] Edit the policy entry matched by the 16 entryid. 17 -f Flush the entire policy database. 18 -l List all entries for specified database. 19 -enable Enable IPsec. 20 -disable Disable IPsec. 21 -status Show IPsec current status. 22 23 [options[parameters]] for SPD: 24 --local localaddress optional local address 25 --remote remoteaddress required remote address 26 --proto (TCP|UDP|ICMP|...) required IP protocol 27 --local-port port optional local port for tcp/udp protocol 28 --remote-port port optional remote port for tcp/udp protocol 29 --name name optional SPD name 30 --action (Bypass|Discard|Protect) required 31 required IPsec action 32 --mode (Transport|Tunnel) optional IPsec mode, transport by default 33 --ipsec-proto (AH|ESP) optional IPsec protocol, ESP by default 34 --auth-algo (NONE|SHA1HMAC) optional authentication algorithm 35 --encrypt-algo(NONE|DESCBC|3DESCBC)optional encryption algorithm 36 --tunnel-local tunnellocaladdr optional tunnel local address(only for tunnel mode) 37 --tunnel-remote tunnelremoteaddr optional tunnel remote address(only for tunnel mode) 38 39 [options[parameters]] for SAD: 40 --spi spi required SPI value 41 --ipsec-proto (AH|ESP) required IPsec protocol 42 --local localaddress optional local address 43 --remote remoteaddress required destination address 44 --auth-algo (NONE|SHA1HMAC) required for AH. authentication algorithm 45 --auth-key key required for AH. key for authentication 46 --encrypt-algo (NONE|DESCBC|3DESCBC) required for ESP. encryption algorithm 47 --encrypt-key key required for ESP. key for encryption 48 --mode (Transport|Tunnel) optional IPsec mode, transport by default 49 --tunnel-dest tunneldestaddr optional tunnel destination address(only for tunnel mode) 50 --tunnel-source tunnelsourceaddr optional tunnel source address(only for tunnel mode) 51 52 [options[parameters]] for PAD: 53 --peer-address address required peer address 54 --auth-proto (IKEv1|IKEv2) optional IKE protocol, IKEv1 by 55 default 56 --auth-method (PreSharedSecret|Certificates) required authentication method 57 --auth-data authdata required data for authentication
https://github.com/tianocore/edk2/blob/master/NetworkPkg/Application/IpsecConfig/IpSecConfigStrings.uni
http://www.kame.net/newsletter/20001119/
https://www.brocade.com/content/html/en/command-reference-guide/fos-800-commandref/wwhelp/wwhimpl/common/html/wwhelp.htm#href=commands_a_z.ipSecConfig.html&single=true