Man Linux: Main Page and Category List

NAME

       ipsec_setup - control IPsec subsystem

SYNOPSIS

       ipsec setup command

EXAMPLES

       ipsec setup { start | stop | restart }

       ipsec setup status

DESCRIPTION

       Setup controls the Openswan IPsec subsystem, including both the Klips
       or Netkey (XFRM) kernel code and the Pluto key-negotiation daemon. (It
       is a synonym for the “rc” script for the subsystem; the system runs the
       equivalent of ipsec setup start at boot time, and ipsec setup stop at
       shutdown time, more or less.)

       The action taken depends on the specific command, and on the contents
       of the configsetup section of the IPsec configuration file
       (/etc/ipsec.conf, see ipsec.conf(5)). Current commands are:

       start  start Klips and Pluto, including setting up Netkey (XFRM) or
              Klips to do crypto operations on the interface(s) specified in
              the configuration file. and (if the configuration file so
              specifies) asking Pluto to negotiate automatically-keyed
              connections to other security gateways

       stop   shut down Klips or Netkey (XFRM) and Pluto, including tearing
              down all existing crypto connections

       restart
              equivalent to stop followed by start

       status report the status of the subsystem; normally just reports IPsec
              running and pluto pid nnn, or IPsec stopped, and exits with
              status 0, but will go into more detail (and exit with status 1)
              if something strange is found. (An “illicit” Pluto is one that
              does not match the process ID in Pluto’s lock file; an
              “orphaned” Pluto is one with no lock file.)

       The stop operation tries to clean up properly even if assorted
       accidents have occurred, e.g. Pluto having died without removing its
       lock file. If stop discovers that the subsystem is (supposedly) not
       running, it will complain, but will do its cleanup anyway before
       exiting with status 1.

       Although a number of configuration-file parameters influence setup’s
       operations, the key one is the interfaces parameter, which must be
       right or chaos will ensue.

FILES

       /etc/rc.d/init.d/ipsec the script itself/etc/init.d/ipsec alternate
       location for the script/etc/ipsec.conf IPsec configuration
       file/proc/sys/net/ipv4/ip_forward forwarding
       control/var/run/pluto/ipsec.info saved
       information/var/run/pluto/pluto.pid Pluto lock
       file/var/run/pluto/ipsec_setup.pid IPsec lock file

SEE ALSO

       ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)

DIAGNOSTICS

       All output from the commands start and stop goes both to standard
       output and to syslogd(8), via logger(1). Selected additional
       information is logged only to syslogd(8).

HISTORY

       Written for the FreeS/WAN project <[1]http://www.freeswan.org> by Henry
       Spencer.

       Modified for Openswan <[2]http://www.openswan.org> by Tuomo Soini.

BUGS

       Old versions of logger(1) inject spurious extra newlines onto standard
       output.

REFERENCES

       1. http://www.freeswan.org
          http://www.freeswan.org

       2. http://www.openswan.org
          http://www.openswan.org