1_UPDOWN(8)                                                          _UPDOWN(8)
2
3
4

NAME

6       ipsec _updown - kernel and routing manipulation script
7

SYNOPSIS

9       _updown  is  invoked  by pluto when it has brought up a new connection.
10       This script is used to insert the appropriate routing entries for IPsec
11       operation  on some kernel IPsec stacks, such as KLIPS and MAST, and may
12       do other neccessary work that is  kernel  or  user  specific,  such  as
13       defining  custom  firewall  rules. The interface to the script is docu‐
14       mented in the pluto man page.
15
16

VARIABLES

18       The _updown is passed along a number of variables which can be used  to
19       act differently based on the information:
20
21
22       PLUTO_VERSION
23              indicates  what  version  of  this interface is being used. This
24              document describes version 1.1. This is upwardly compatible with
25              version 1.0.
26
27
28       PLUTO_VERB
29              specifies  the  name of the operation to be performed, which can
30              be one  of  prepare-host,  prepare-client,  up-host,  up-client,
31              down-host  or  down-client.  If  the address family for security
32              gateway to security gateway communications is IPv6, then a  suf‐
33              fix of -v6 is added to this verb.
34
35
36       PLUTO_CONNECTION
37              is the name of the connection for which we are routing.
38
39
40       PLUTO_NEXT_HOP
41              is  the  next  hop  to  which packets bound for the peer must be
42              sent.
43
44
45       PLUTO_INTERFACE
46              is the name of the ipsec interface to be used.
47
48
49       PLUTO_ME
50              is the IP address of our host.
51
52
53       PLUTO_MY_CLIENT
54              is the IP address / count of our client subnet. If the client is
55              just  the  host,  this will be the host’s own IP address / max
56              (where max is 32 for IPv4 and 128 for IPv6).
57
58
59       PLUTO_MY_CLIENT_NET
60              is the IP address of our client net. If the client is  just  the
61              host, this will be the host’s own IP address.
62
63
64       PLUTO_MY_CLIENT_MASK
65              is  the mask for our client net. If the client is just the host,
66              this will be 255.255.255.255.
67
68
69       PLUTO_PEER
70              is the IP address of our peer.
71
72
73       PLUTO_PEER_CLIENT
74              is the IP address / count of the peer’s client subnet. If  the
75              client  is  just  the  peer,  this  will  be the peer’s own IP
76              address / max (where max is 32 for IPv4 and 128 for IPv6).
77
78
79       PLUTO_PEER_CLIENT_NET
80              is the IP address of the peer’s client net. If the  client  is
81              just the peer, this will be the peer’s own IP address.
82
83
84       PLUTO_PEER_CLIENT_MASK
85              is  the  mask for the peer’s client net. If the client is just
86              the peer, this will be 255.255.255.255.
87
88
89       PLUTO_MY_PROTOCOL
90              lists the protocols allowed over this IPsec SA.
91
92
93       PLUTO_PEER_PROTOCOL
94              lists the protocols the peer allows over this IPsec SA.
95
96
97       PLUTO_MY_PORT
98              lists the ports allowed over this IPsec SA.
99
100
101       PLUTO_PEER_PORT
102              lists the ports the peer allows over this IPsec SA.
103
104
105       PLUTO_MY_ID
106              lists our id.
107
108
109       PLUTO_PEER_ID
110              lists our peer's id.
111
112
113       PLUTO_PEER_CA
114              lists the peer's CA.
115
116

SEE ALSO

118       ipsec(8), ipsec_pluto(8).
119
120

HISTORY

122       Man    page    written    for    the    Linux     FreeS/WAN     project
123       <http://www.freeswan.org/:    http://www.freeswan.org/>    by   Michael
124       Richardson. Original program written by Henry Spencer.
125
126
127
128
129                                                                    _UPDOWN(8)
Impressum