1_UPDOWN(8)                    Executable programs                   _UPDOWN(8)
2
3
4

NAME

6       ipsec__updown - kernel and routing manipulation script
7

SYNOPSIS

9       _updown is invoked by pluto when it has brought up a new connection.
10       This script is used to insert the appropriate routing entries for IPsec
11       operation on some kernel IPsec stacks, and may do other necessary work
12       that is kernel or user specific, such as defining custom firewall
13       rules. The interface to the script is documented in the pluto man page.
14

VARIABLES

16       The _updown is passed along a number of variables which can be used to
17       act differently based on the information:
18
19       PLUTO_VERB
20           specifies the name of the operation to be performed, which can be
21           one of prepare-host, prepare-client, up-host, up-client, down-host
22           or down-client. If the address family for security gateway to
23           security gateway communications is IPv6, then a suffix of -v6 is
24           added to this verb.
25
26       PLUTO_CONNECTION
27           is the name of the connection for which we are routing.
28
29       PLUTO_NEXT_HOP
30           is the next hop to which packets bound for the peer must be sent.
31
32       PLUTO_INTERFACE
33           is the name of the real interface used by encrypted traffic and IKE
34           traffic.
35
36       PLUTO_ME
37           is the IP address of our host.
38
39       PLUTO_MY_CLIENT
40           is the IP address / count of our client subnet. If the client is
41           just the host, this will be the host's own IP address / max (where
42           max is 32 for IPv4 and 128 for IPv6).
43
44       PLUTO_MY_CLIENT_NET
45           is the IP address of our client net. If the client is just the
46           host, this will be the host's own IP address.
47
48       PLUTO_MY_CLIENT_MASK
49           is the mask for our client net. If the client is just the host,
50           this will be 255.255.255.255.
51
52       PLUTO_PEER
53           is the IP address of our peer.
54
55       PLUTO_PEER_CLIENT
56           is the IP address / count of the peer's client subnet. If the
57           client is just the peer, this will be the peer's own IP address /
58           max (where max is 32 for IPv4 and 128 for IPv6).
59
60       PLUTO_PEER_CLIENT_NET
61           is the IP address of the peer's client net. If the client is just
62           the peer, this will be the peer's own IP address.
63
64       PLUTO_PEER_CLIENT_MASK
65           is the mask for the peer's client net. If the client is just the
66           peer, this will be 255.255.255.255.
67
68       PLUTO_MY_PROTOCOL
69           lists the protocols allowed over this IPsec SA.
70
71       PLUTO_PEER_PROTOCOL
72           lists the protocols the peer allows over this IPsec SA.
73
74       PLUTO_MY_PORT
75           lists the ports allowed over this IPsec SA.
76
77       PLUTO_PEER_PORT
78           lists the ports the peer allows over this IPsec SA.
79
80       PLUTO_MY_ID
81           lists our id.
82
83       PLUTO_PEER_ID
84           lists our peer's id.
85
86       PLUTO_PEER_CA
87           lists the peer's CA.
88

SEE ALSO

90       ipsec(8), ipsec_pluto(8).
91

HISTORY

93       Man page written for the Linux FreeS/WAN project
94       <https://www.freeswan.org/> by Michael Richardson. Original program
95       written by Henry Spencer.
96

AUTHOR

98       Paul Wouters
99           placeholder to suppress warning
100
101
102
103libreswan                         05/24/2022                        _UPDOWN(8)
Impressum