1IPSEC_STARTER(8)                                              IPSEC_STARTER(8)
2
3
4

NAME

6       ipsec  starter - start up the IPsec keying daemon (pluto) and load con‐
7       figuration
8

SYNOPSIS

10       ipsec starter [--debug --auto_reload seconds]
11
12

OBSOLETE

14       Note that starter is being obsoleted for  the  new  connection  loading
15       code that replace all the scripts, and will be removed from Openswan in
16       the next major release.
17
18

DESCRIPTION

20       Openswan Starter is aimed to replace all the scripts which are used  to
21       start and stop Openswan, and to do that in a quicker and a smarter way.
22
23
24       It  can  also  reload the configuration file if given a HUP signal, and
25       apply the changes.
26
27
28       What it will do:
29
30
31       Load and unload KLIPS, or NETKEY (ipsec kernel module)
32
33
34       Launch and monitor pluto.
35
36
37       Add, initiate, route and delete connections
38
39
40       Attach and detach interfaces according to config file
41
42
43       kill -HUP can be used to reload the config file. New  connections  will
44       be  added, old ones will be removed and modified ones will be reloaded.
45       Interfaces/Klips/Pluto will be reloaded if necessary.
46
47
48       Upon startup, starter will save  its  pid  to  the  file  /var/run/plu‐
49       to/ipsec-starter.pid
50
51
52       Upon reloading, dynamic DNS addresses will be resolved and updated. Use
53       --auto_reload to periodicaly check for dynamic DNS changes.
54
55
56       kill -USR1 can be used to reload all connections. This does  a  delete,
57       followed by an add and then either a route or initiate operation.
58
59
60       /var/run/pluto/dynip/xxxx  can  be used to use a virtual interface name
61       in ipsec.conf. By example, when adsl can be ppp0, ppp1, or  some  such,
62       one can do:
63
64
65       ipsec.conf:  interfaces="ipsec0=adsl  And  use /etc/ppp/ip-up to create
66       /var/run/pluto/dynip/adsl /var/run/pluto/dynip/adsl: IP_PHYS=ppp0
67
68
69       %auto can be used to automaticaly name the connections
70
71
72       kill -TERM can be used to stop Openswan. Pluto will be stopped and ker‐
73       nel modules unloaded.
74
75

FILES

77       /etc/ipsec.conf
78
79

SEE ALSO

81       ipsec(8), ipsec_tncfg(8), ipsec_pluto(8)
82
83

HISTORY

85       Original  by mlafon@arkoon.net for Arkoon Network Security. Updated for
86       FreeS/WAN version 2 by Michael Richardson <mcr@sandelman.ottawa.on.ca>.
87       Merged into Openswan 2.2 by Xelerance Corporation
88
89

TODO/BUGS

91       handle  wildcards  in  include  lines  --  use  glob()  fct ex: include
92       /etc/ipsec.*.conf
93
94
95       handle duplicates keywords and sections
96
97
98       Support also keyword
99
100
101       add unsupported keywords
102
103
104       manually keyed connections
105
106
107       %defaultroute
108
109
110       IPv6
111
112
113
114
115                                  29 Nov 2004                 IPSEC_STARTER(8)
Impressum