ipsec_setup(8)

1IPSEC_SETUP(8)                                                  IPSEC_SETUP(8)
2
3
4

NAME

6       ipsec setup - control IPsec subsystem
7

SYNOPSIS

9       ipsec setup [--show | --showonly] command
10
11

EXAMPLES

13       ipsec setup [[ --showonly ]] { --start | --stop | --restart }
14
15       ipsec setup --status
16
17

DESCRIPTION

19       Setup  controls the FreeS/WAN IPsec subsystem, including both the Klips
20       kernel code and the Pluto key-negotiation daemon. (It is a synonym  for
21       the  “rc”  script  for the subsystem; the system runs the equivalent of
22       ipsec setup start at boot time, and ipsec setup stop at shutdown  time,
23       more or less.)
24
25
26       The  action  taken depends on the specific command, and on the contents
27       of  the  config   setup  section  of  the  IPsec   configuration   file
28       (/etc/ipsec.conf, see ipsec.conf(5)). Current commands are:
29
30
31       start  start  Klips  and Pluto, including setting up Klips to do crypto
32              operations on the interface(s) specified  in  the  configuration
33              file,  and  (if  the configuration file so specifies) setting up
34              manually-keyed connections and/or asking Pluto to negotiate  au‐
35              tomatically-keyed connections to other security gateways
36
37
38       stop   shut  down  Klips and Pluto, including tearing down all existing
39              crypto connections
40
41
42       restart
43              equivalent to stop followed by start
44
45
46       status report the status of the subsystem; normally just reports  IPsec
47              running and pluto pid nnn, or IPsec stopped, and exits with sta‐
48              tus 0, but will go into more detail (and exit with status 1)  if
49              something strange is found. (An “illicit” Pluto is one that does
50              not match the process ID in Pluto's  lock  file;  an  “orphaned”
51              Pluto is one with no lock file.)
52
53
54       The  stop  operation  tries to clean up properly even if assorted acci‐
55       dents have occurred, e.g. Pluto having died without removing  its  lock
56       file. If stop discovers that the subsystem is (supposedly) not running,
57       it will complain, but will do its cleanup anyway  before  exiting  with
58       status 1.
59
60
61       Although  a  number  of configuration-file parameters influence setup's
62       operations, the key one is the  interfaces  parameter,  which  must  be
63       right or chaos will ensue.
64
65
66       The --show and --showonly options cause setup to display the shell com‐
67       mands that it would execute. --showonly suppresses their execution. On‐
68       ly start, stop, and restart commands recognize these flags.
69
70

FILES

72       /etc/rc.d/init.d/ipsec the script itself/etc/init.d/ipsec alternate lo‐
73       cation    for    the    script/etc/ipsec.conf    IPsec    configuration
74       file/proc/sys/net/ipv4/ip_forward    forwarding    control/var/run/plu‐
75       to/ipsec.info  saved  information/var/run/pluto/pluto.pid  Pluto   lock
76       file/var/run/pluto/ipsec_setup.pid IPsec lock file
77
78

DIAGNOSTICS

84       All  output from the commands start and stop goes both to standard out‐
85       put and to syslogd(8), via logger(1). Selected  additional  information
86       is logged only to syslogd(8).
87
88

HISTORY

90       Written    for    the   FreeS/WAN   project   <http://www.freeswan.org:
91       http://www.freeswan.org> by Henry Spencer.
92
93

BUGS

95       Old versions of logger(1) inject spurious extra newlines onto  standard
96       output.
97
98
99
100
101                                                                IPSEC_SETUP(8)