Content-type: text/html
Openswan Starter is aimed to replace all the scripts which are used to start and stop Openswan, and to do that in a quicker and a smarter way.
It can also reload the configuration file if given a HUP signal, and apply the changes.
What it will do:
Load and unload KLIPS, or NETKEY (ipsec kernel module)
Launch and monitor pluto.
Add, initiate, route and delete connections
Attach and detach interfaces according to config file
kill -HUP can be used to reload the config file. New connections will be added, old ones will be removed and modified ones will be reloaded. Interfaces/Klips/Pluto will be reloaded if necessary.
Upon startup, starter will save its pid to the file /var/run/pluto/ipsec-starter.pid
Upon reloading, dynamic DNS addresses will be resolved and updated. Use --auto_reload to periodicaly check for dynamic DNS changes.
kill -USR1 can be used to reload all connections. This does a delete, followed by an add and then either a route or initiate operation.
/var/run/pluto/dynip/xxxx can be used to use a virtual interface name in ipsec.conf. By example, when adsl can be ppp0, ppp1, or some such, one can do:
ipsec.conf: interfaces="ipsec0=adsl And use /etc/ppp/ip-up to create /var/run/pluto/dynip/adsl /var/run/pluto/dynip/adsl: IP_PHYS=ppp0
%auto can be used to automaticaly name the connections
kill -TERM can be used to stop Openswan. Pluto will be stopped and kernel modules unloaded.
/etc/ipsec.conf
ipsec(8), ipsec_tncfg(8), ipsec_pluto(8)
Original by mlafon@arkoon.net for Arkoon Network Security. Updated for FreeS/WAN version 2 by Michael Richardson <mcr@sandelman.ottawa.on.ca>. Merged into Openswan 2.2 by Xelerance Corporation
handle wildcards in include lines -- use glob() fct ex: include /etc/ipsec.*.conf
handle duplicates keywords and sections
Support also keyword
add unsupported keywords
manually keyed connections
%defaultroute
IPv6