Content-type: text/html
Setup controls the FreeS/WAN IPsec subsystem, including both the Klips kernel code and the Pluto key-negotiation daemon. (It is a synonym for the “rc” script for the subsystem; the system runs the equivalent of ipsec setup start at boot time, and ipsec setup stop at shutdown time, more or less.)
The stop operation tries to clean up properly even if assorted accidents have occurred, e.g. Pluto having died without removing its lock file. If stop discovers that the subsystem is (supposedly) not running, it will complain, but will do its cleanup anyway before exiting with status 1.
Although a number of configuration-file parameters influence setup's operations, the key one is the interfaces parameter, which must be right or chaos will ensue.
The --show and --showonly options cause setup to display the shell commands that it would execute. --showonly suppresses their execution. Only start, stop, and restart commands recognize these flags.
/etc/rc.d/init.d/ipsec the script itself/etc/init.d/ipsec alternate location for the script/etc/ipsec.conf IPsec configuration file/proc/sys/net/ipv4/ip_forward forwarding control/var/run/pluto/ipsec.info saved information/var/run/pluto/pluto.pid Pluto lock file/var/run/pluto/ipsec_setup.pid IPsec lock file
ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)
All output from the commands start and stop goes both to standard output and to syslogd(8), via logger(1). Selected additional information is logged only to syslogd(8).
Written for the FreeS/WAN project <http://www.freeswan.org: http://www.freeswan.org> by Henry Spencer.
Old versions of logger(1) inject spurious extra newlines onto standard output.