1IPSEC_SETUP(8)                  [FIXME: manual]                 IPSEC_SETUP(8)
2
3
4

NAME

6       ipsec_setup - control IPsec subsystem
7

SYNOPSIS

9       ipsec setup command
10

EXAMPLES

12       ipsec setup { start | stop | restart }
13
14       ipsec setup status
15

DESCRIPTION

17       Setup controls the Openswan IPsec subsystem, including both the Klips
18       or Netkey (XFRM) kernel code and the Pluto key-negotiation daemon. (It
19       is a synonym for the “rc” script for the subsystem; the system runs the
20       equivalent of ipsec setup start at boot time, and ipsec setup stop at
21       shutdown time, more or less.)
22
23       The action taken depends on the specific command, and on the contents
24       of the config setup section of the IPsec configuration file
25       (/etc/ipsec.conf, see ipsec.conf(5)). Current commands are:
26
27       start
28           start Klips and Pluto, including setting up Netkey (XFRM) or Klips
29           to do crypto operations on the interface(s) specified in the
30           configuration file. and (if the configuration file so specifies)
31           asking Pluto to negotiate automatically-keyed connections to other
32           security gateways
33
34       stop
35           shut down Klips or Netkey (XFRM) and Pluto, including tearing down
36           all existing crypto connections
37
38       restart
39           equivalent to stop followed by start
40
41       status
42           report the status of the subsystem; normally just reports IPsec
43           running and pluto pid nnn, or IPsec stopped, and exits with status
44           0, but will go into more detail (and exit with status 1) if
45           something strange is found. (An “illicit” Pluto is one that does
46           not match the process ID in Pluto´s lock file; an “orphaned” Pluto
47           is one with no lock file.)
48
49       The stop operation tries to clean up properly even if assorted
50       accidents have occurred, e.g. Pluto having died without removing its
51       lock file. If stop discovers that the subsystem is (supposedly) not
52       running, it will complain, but will do its cleanup anyway before
53       exiting with status 1.
54
55       Although a number of configuration-file parameters influence setup´s
56       operations, the key one is the interfaces parameter, which must be
57       right or chaos will ensue.
58

FILES

60       /etc/rc.d/init.d/ipsec the script itself /etc/init.d/ipsec alternate
61       location for the script /etc/ipsec.conf IPsec configuration file
62       /proc/sys/net/ipv4/ip_forward forwarding control
63       /var/run/pluto/ipsec.info saved information /var/run/pluto/pluto.pid
64       Pluto lock file /var/run/pluto/ipsec_setup.pid IPsec lock file
65

SEE ALSO

67       ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)
68

DIAGNOSTICS

70       All output from the commands start and stop goes both to standard
71       output and to syslogd(8), via logger(1). Selected additional
72       information is logged only to syslogd(8).
73

HISTORY

75       Written for the FreeS/WAN project <http://www.freeswan.org> by Henry
76       Spencer.
77
78       Modified for Openswan <http://www.openswan.org> by Tuomo Soini.
79

BUGS

81       Old versions of logger(1) inject spurious extra newlines onto standard
82       output.
83
84
85
86[FIXME: source]                   10/06/2010                    IPSEC_SETUP(8)
Impressum