1_UPDOWN(8) Executable programs _UPDOWN(8)
2
3
4
6 ipsec__updown - kernel and routing manipulation script
7
9 _updown is invoked by pluto when it has brought up a new connection.
10 This script is used to insert the appropriate routing entries for IPsec
11 operation on some kernel IPsec stacks, and may do other necessary work
12 that is kernel or user specific, such as defining custom firewall
13 rules. The interface to the script is documented in the pluto man page.
14
16 The _updown is passed along a number of variables which can be used to
17 act differently based on the information:
18
19 PLUTO_VERSION
20 indicates what version of this interface is being used. This
21 document describes version 1.1. This is upwardly compatible with
22 version 1.0.
23
24 PLUTO_VERB
25 specifies the name of the operation to be performed, which can be
26 one of prepare-host, prepare-client, up-host, up-client, down-host
27 or down-client. If the address family for security gateway to
28 security gateway communications is IPv6, then a suffix of -v6 is
29 added to this verb.
30
31 PLUTO_CONNECTION
32 is the name of the connection for which we are routing.
33
34 PLUTO_NEXT_HOP
35 is the next hop to which packets bound for the peer must be sent.
36
37 PLUTO_INTERFACE
38 is the name of the real interface used by encrypted traffic and IKE
39 traffic.
40
41 PLUTO_ME
42 is the IP address of our host.
43
44 PLUTO_MY_CLIENT
45 is the IP address / count of our client subnet. If the client is
46 just the host, this will be the host's own IP address / max (where
47 max is 32 for IPv4 and 128 for IPv6).
48
49 PLUTO_MY_CLIENT_NET
50 is the IP address of our client net. If the client is just the
51 host, this will be the host's own IP address.
52
53 PLUTO_MY_CLIENT_MASK
54 is the mask for our client net. If the client is just the host,
55 this will be 255.255.255.255.
56
57 PLUTO_PEER
58 is the IP address of our peer.
59
60 PLUTO_PEER_CLIENT
61 is the IP address / count of the peer's client subnet. If the
62 client is just the peer, this will be the peer's own IP address /
63 max (where max is 32 for IPv4 and 128 for IPv6).
64
65 PLUTO_PEER_CLIENT_NET
66 is the IP address of the peer's client net. If the client is just
67 the peer, this will be the peer's own IP address.
68
69 PLUTO_PEER_CLIENT_MASK
70 is the mask for the peer's client net. If the client is just the
71 peer, this will be 255.255.255.255.
72
73 PLUTO_MY_PROTOCOL
74 lists the protocols allowed over this IPsec SA.
75
76 PLUTO_PEER_PROTOCOL
77 lists the protocols the peer allows over this IPsec SA.
78
79 PLUTO_MY_PORT
80 lists the ports allowed over this IPsec SA.
81
82 PLUTO_PEER_PORT
83 lists the ports the peer allows over this IPsec SA.
84
85 PLUTO_MY_ID
86 lists our id.
87
88 PLUTO_PEER_ID
89 lists our peer's id.
90
91 PLUTO_PEER_CA
92 lists the peer's CA.
93
95 ipsec(8), ipsec_pluto(8).
96
98 Man page written for the Linux FreeS/WAN project
99 <https://www.freeswan.org/> by Michael Richardson. Original program
100 written by Henry Spencer.
101
103 Paul Wouters
104 placeholder to suppress warning
105
106
107
108libreswan 02/21/2021 _UPDOWN(8)