Man Linux: Main Page and Category List


       ipsec_setup - control IPsec subsystem


       ipsec setup command


       ipsec setup { start | stop | restart }

       ipsec setup status


       Setup controls the Openswan IPsec subsystem, including both the Klips
       or Netkey (XFRM) kernel code and the Pluto key-negotiation daemon. (It
       is a synonym for the “rc” script for the subsystem; the system runs the
       equivalent of ipsec setup start at boot time, and ipsec setup stop at
       shutdown time, more or less.)

       The action taken depends on the specific command, and on the contents
       of the configsetup section of the IPsec configuration file
       (/etc/ipsec.conf, see ipsec.conf(5)). Current commands are:

       start  start Klips and Pluto, including setting up Netkey (XFRM) or
              Klips to do crypto operations on the interface(s) specified in
              the configuration file. and (if the configuration file so
              specifies) asking Pluto to negotiate automatically-keyed
              connections to other security gateways

       stop   shut down Klips or Netkey (XFRM) and Pluto, including tearing
              down all existing crypto connections

              equivalent to stop followed by start

       status report the status of the subsystem; normally just reports IPsec
              running and pluto pid nnn, or IPsec stopped, and exits with
              status 0, but will go into more detail (and exit with status 1)
              if something strange is found. (An “illicit” Pluto is one that
              does not match the process ID in Pluto’s lock file; an
              “orphaned” Pluto is one with no lock file.)

       The stop operation tries to clean up properly even if assorted
       accidents have occurred, e.g. Pluto having died without removing its
       lock file. If stop discovers that the subsystem is (supposedly) not
       running, it will complain, but will do its cleanup anyway before
       exiting with status 1.

       Although a number of configuration-file parameters influence setup’s
       operations, the key one is the interfaces parameter, which must be
       right or chaos will ensue.


       /etc/rc.d/init.d/ipsec the script itself/etc/init.d/ipsec alternate
       location for the script/etc/ipsec.conf IPsec configuration
       file/proc/sys/net/ipv4/ip_forward forwarding
       control/var/run/pluto/ saved
       information/var/run/pluto/ Pluto lock
       file/var/run/pluto/ IPsec lock file


       ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)


       All output from the commands start and stop goes both to standard
       output and to syslogd(8), via logger(1). Selected additional
       information is logged only to syslogd(8).


       Written for the FreeS/WAN project <[1]> by Henry

       Modified for Openswan <[2]> by Tuomo Soini.


       Old versions of logger(1) inject spurious extra newlines onto standard