1_UPDOWN(8)                    Executable programs                   _UPDOWN(8)
2
3
4

NAME

6       ipsec__updown - kernel and routing manipulation script
7

SYNOPSIS

9       _updown is invoked by pluto when it has brought up a new connection.
10       This script is used to insert the appropriate routing entries for IPsec
11       operation on some kernel IPsec stacks, and may do other necessary work
12       that is kernel or user specific, such as defining custom firewall
13       rules. The interface to the script is documented in the pluto man page.
14

VARIABLES

16       The _updown is passed along a number of variables which can be used to
17       act differently based on the information:
18
19       PLUTO_VERSION
20           indicates what version of this interface is being used. This
21           document describes version 1.1. This is upwardly compatible with
22           version 1.0.
23
24       PLUTO_VERB
25           specifies the name of the operation to be performed, which can be
26           one of prepare-host, prepare-client, up-host, up-client, down-host
27           or down-client. If the address family for security gateway to
28           security gateway communications is IPv6, then a suffix of -v6 is
29           added to this verb.
30
31       PLUTO_CONNECTION
32           is the name of the connection for which we are routing.
33
34       PLUTO_NEXT_HOP
35           is the next hop to which packets bound for the peer must be sent.
36
37       PLUTO_INTERFACE
38           is the name of the real interface used by encrypted traffic and IKE
39           traffic.
40
41       PLUTO_ME
42           is the IP address of our host.
43
44       PLUTO_MY_CLIENT
45           is the IP address / count of our client subnet. If the client is
46           just the host, this will be the host's own IP address / max (where
47           max is 32 for IPv4 and 128 for IPv6).
48
49       PLUTO_MY_CLIENT_NET
50           is the IP address of our client net. If the client is just the
51           host, this will be the host's own IP address.
52
53       PLUTO_MY_CLIENT_MASK
54           is the mask for our client net. If the client is just the host,
55           this will be 255.255.255.255.
56
57       PLUTO_PEER
58           is the IP address of our peer.
59
60       PLUTO_PEER_CLIENT
61           is the IP address / count of the peer's client subnet. If the
62           client is just the peer, this will be the peer's own IP address /
63           max (where max is 32 for IPv4 and 128 for IPv6).
64
65       PLUTO_PEER_CLIENT_NET
66           is the IP address of the peer's client net. If the client is just
67           the peer, this will be the peer's own IP address.
68
69       PLUTO_PEER_CLIENT_MASK
70           is the mask for the peer's client net. If the client is just the
71           peer, this will be 255.255.255.255.
72
73       PLUTO_MY_PROTOCOL
74           lists the protocols allowed over this IPsec SA.
75
76       PLUTO_PEER_PROTOCOL
77           lists the protocols the peer allows over this IPsec SA.
78
79       PLUTO_MY_PORT
80           lists the ports allowed over this IPsec SA.
81
82       PLUTO_PEER_PORT
83           lists the ports the peer allows over this IPsec SA.
84
85       PLUTO_MY_ID
86           lists our id.
87
88       PLUTO_PEER_ID
89           lists our peer's id.
90
91       PLUTO_PEER_CA
92           lists the peer's CA.
93

SEE ALSO

95       ipsec(8), ipsec_pluto(8).
96

HISTORY

98       Man page written for the Linux FreeS/WAN project
99       <https://www.freeswan.org/> by Michael Richardson. Original program
100       written by Henry Spencer.
101

AUTHOR

103       Paul Wouters
104           placeholder to suppress warning
105
106
107
108libreswan                         02/21/2021                        _UPDOWN(8)
Impressum