Content-type: text/html Man page of IPSEC_STARTER

IPSEC_STARTER

Section: (8)
Updated: 29 Nov 2004
Index Return to Main Contents
 

NAME

ipsec starter - start up the IPsec keying daemon (pluto) and load configuration  

SYNOPSIS

ipsec starter [--debug --auto_reload seconds]

 

OBSOLETE

Note that starter is being obsoleted for the new connection loading code that replace all the scripts, and will be removed from Openswan in the next major release.

 

DESCRIPTION

Openswan Starter is aimed to replace all the scripts which are used to start and stop Openswan, and to do that in a quicker and a smarter way.

It can also reload the configuration file if given a HUP signal, and apply the changes.

What it will do:

Load and unload KLIPS, or NETKEY (ipsec kernel module)

Launch and monitor pluto.

Add, initiate, route and delete connections

Attach and detach interfaces according to config file

kill -HUP can be used to reload the config file. New connections will be added, old ones will be removed and modified ones will be reloaded. Interfaces/Klips/Pluto will be reloaded if necessary.

Upon startup, starter will save its pid to the file /var/run/pluto/ipsec-starter.pid

Upon reloading, dynamic DNS addresses will be resolved and updated. Use --auto_reload to periodicaly check for dynamic DNS changes.

kill -USR1 can be used to reload all connections. This does a delete, followed by an add and then either a route or initiate operation.

/var/run/pluto/dynip/xxxx can be used to use a virtual interface name in ipsec.conf. By example, when adsl can be ppp0, ppp1, or some such, one can do:

ipsec.conf: interfaces="ipsec0=adsl And use /etc/ppp/ip-up to create /var/run/pluto/dynip/adsl /var/run/pluto/dynip/adsl: IP_PHYS=ppp0

%auto can be used to automaticaly name the connections

kill -TERM can be used to stop Openswan. Pluto will be stopped and kernel modules unloaded.

 

FILES

/etc/ipsec.conf

 

SEE ALSO

ipsec(8), ipsec_tncfg(8), ipsec_pluto(8)

 

HISTORY

Original by mlafon@arkoon.net for Arkoon Network Security. Updated for FreeS/WAN version 2 by Michael Richardson <mcr@sandelman.ottawa.on.ca>. Merged into Openswan 2.2 by Xelerance Corporation

 

TODO/BUGS

handle wildcards in include lines -- use glob() fct ex: include /etc/ipsec.*.conf

handle duplicates keywords and sections

Support also keyword

add unsupported keywords

manually keyed connections

%defaultroute

IPv6


 

Index

NAME
SYNOPSIS
OBSOLETE
DESCRIPTION
FILES
SEE ALSO
HISTORY
TODO/BUGS

This document was created by man2html, using the manual pages.
Time: 13:36:47 GMT, December 26, 2011