Poster of Linux kernelThe best gift for a Linux geek
IPSEC_SETUP

IPSEC_SETUP

Section: 20 October 2009 (8) Updated: 10/20/2009
Local index Up
 

NAME

ipsec_setup - control IPsec subsystem  

SYNOPSIS

ipsec setup command
 

EXAMPLES

ipsec setup { start | stop | restart }
ipsec setup status
 

DESCRIPTION

Setup

controls the Openswan IPsec subsystem, including both the Klips or Netkey (XFRM) kernel code and the Pluto key-negotiation daemon. (It is a synonym for the "rc" script for the subsystem; the system runs the equivalent of ipsec setup start at boot time, and ipsec setup stop at shutdown time, more or less.)

The action taken depends on the specific command, and on the contents of the configsetup section of the IPsec configuration file (/etc/ipsec.conf, see ipsec.conf(5)). Current commands are:

start
start Klips and Pluto, including setting up Netkey (XFRM) or Klips to do crypto operations on the interface(s) specified in the configuration file. and (if the configuration file so specifies) asking Pluto to negotiate automatically-keyed connections to other security gateways
stop
shut down Klips or Netkey (XFRM) and Pluto, including tearing down all existing crypto connections
restart
equivalent to stop followed by start
status
report the status of the subsystem; normally just reports IPsec running and pluto pid nnn, or IPsec stopped, and exits with status 0, but will go into more detail (and exit with status 1) if something strange is found. (An "illicit" Pluto is one that does not match the process ID in Pluto's lock file; an "orphaned" Pluto is one with no lock file.)

The stop operation tries to clean up properly even if assorted accidents have occurred, e.g. Pluto having died without removing its lock file. If stop discovers that the subsystem is (supposedly) not running, it will complain, but will do its cleanup anyway before exiting with status 1.

Although a number of configuration-file parameters influence setup's operations, the key one is the interfaces parameter, which must be right or chaos will ensue.  

FILES

/etc/rc.d/init.d/ipsec the script itself/etc/init.d/ipsec alternate location for the script/etc/ipsec.conf IPsec configuration file/proc/sys/net/ipv4/ip_forward forwarding control/var/run/pluto/ipsec.info saved information/var/run/pluto/pluto.pid Pluto lock file/var/run/pluto/ipsec_setup.pid IPsec lock file  

SEE ALSO

ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)  

DIAGNOSTICS

All output from the commands start and stop goes both to standard output and to syslogd(8), via logger(1). Selected additional information is logged only to syslogd(8).  

HISTORY

Written for the FreeS/WAN project <[1]http://www.freeswan.org> by Henry Spencer.

Modified for Openswan <[2]http://www.openswan.org> by Tuomo Soini.  

BUGS

Old versions of logger(1) inject spurious extra newlines onto standard output.  

REFERENCES

1. http://www.freeswan.org
http://www.freeswan.org
2. http://www.openswan.org
http://www.openswan.org


 

Index

NAME
SYNOPSIS
EXAMPLES
DESCRIPTION
FILES
SEE ALSO
DIAGNOSTICS
HISTORY
BUGS
REFERENCES

This document was created by man2html, using the manual pages.
Time: 22:01:50 GMT, April 16, 2011