1_UPDOWN(8)                    Executable programs                   _UPDOWN(8)
2
3
4

NAME

6       ipsec__updown - kernel and routing manipulation script
7

SYNOPSIS

9       _updown is invoked by pluto when it has brought up a new connection.
10       This script is used to insert the appropriate routing entries for IPsec
11       operation on some kernel IPsec stacks, such as KLIPS and MAST, and may
12       do other necessary work that is kernel or user specific, such as
13       defining custom firewall rules. The interface to the script is
14       documented in the pluto man page.
15

VARIABLES

17       The _updown is passed along a number of variables which can be used to
18       act differently based on the information:
19
20       PLUTO_VERSION
21           indicates what version of this interface is being used. This
22           document describes version 1.1. This is upwardly compatible with
23           version 1.0.
24
25       PLUTO_VERB
26           specifies the name of the operation to be performed, which can be
27           one of prepare-host, prepare-client, up-host, up-client, down-host
28           or down-client. If the address family for security gateway to
29           security gateway communications is IPv6, then a suffix of -v6 is
30           added to this verb.
31
32       PLUTO_CONNECTION
33           is the name of the connection for which we are routing.
34
35       PLUTO_NEXT_HOP
36           is the next hop to which packets bound for the peer must be sent.
37
38       PLUTO_INTERFACE
39           is the name of the ipsec interface to be used.
40
41       PLUTO_ME
42           is the IP address of our host.
43
44       PLUTO_MY_CLIENT
45           is the IP address / count of our client subnet. If the client is
46           just the host, this will be the host's own IP address / max (where
47           max is 32 for IPv4 and 128 for IPv6).
48
49       PLUTO_MY_CLIENT_NET
50           is the IP address of our client net. If the client is just the
51           host, this will be the host's own IP address.
52
53       PLUTO_MY_CLIENT_MASK
54           is the mask for our client net. If the client is just the host,
55           this will be 255.255.255.255.
56
57       PLUTO_PEER
58           is the IP address of our peer.
59
60       PLUTO_PEER_CLIENT
61           is the IP address / count of the peer's client subnet. If the
62           client is just the peer, this will be the peer's own IP address /
63           max (where max is 32 for IPv4 and 128 for IPv6).
64
65       PLUTO_PEER_CLIENT_NET
66           is the IP address of the peer's client net. If the client is just
67           the peer, this will be the peer's own IP address.
68
69       PLUTO_PEER_CLIENT_MASK
70           is the mask for the peer's client net. If the client is just the
71           peer, this will be 255.255.255.255.
72
73       PLUTO_MY_PROTOCOL
74           lists the protocols allowed over this IPsec SA.
75
76       PLUTO_PEER_PROTOCOL
77           lists the protocols the peer allows over this IPsec SA.
78
79       PLUTO_MY_PORT
80           lists the ports allowed over this IPsec SA.
81
82       PLUTO_PEER_PORT
83           lists the ports the peer allows over this IPsec SA.
84
85       PLUTO_MY_ID
86           lists our id.
87
88       PLUTO_PEER_ID
89           lists our peer's id.
90
91       PLUTO_PEER_CA
92           lists the peer's CA.
93

SEE ALSO

95       ipsec(8), ipsec_pluto(8).
96

HISTORY

98       Man page written for the Linux FreeS/WAN project
99       <https://www.freeswan.org/> by Michael Richardson. Original program
100       written by Henry Spencer.
101

AUTHOR

103       Paul Wouters
104           placeholder to suppress warning
105
106
107
108libreswan                         06/10/2019                        _UPDOWN(8)
Impressum