Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   26626 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

IPSEC_SETUP(8)			[FIXME: manual]			IPSEC_SETUP(8)

NAME
       ipsec_setup - control IPsec subsystem

SYNOPSIS
       ipsec setup command

EXAMPLES
       ipsec setup { start | stop | restart }

       ipsec setup status

DESCRIPTION
       Setup controls the Openswan IPsec subsystem, including both the Klips
       or Netkey (XFRM) kernel code and the Pluto key-negotiation daemon. (It
       is a synonym for the “rc” script for the subsystem; the system runs the
       equivalent of ipsec setup start at boot time, and ipsec setup stop at
       shutdown time, more or less.)

       The action taken depends on the specific command, and on the contents
       of the config setup section of the IPsec configuration file
       (/etc/ipsec.conf, see ipsec.conf(5)). Current commands are:

       start
	   start Klips and Pluto, including setting up Netkey (XFRM) or Klips
	   to do crypto operations on the interface(s) specified in the
	   configuration file. and (if the configuration file so specifies)
	   asking Pluto to negotiate automatically-keyed connections to other
	   security gateways

       stop
	   shut down Klips or Netkey (XFRM) and Pluto, including tearing down
	   all existing crypto connections

       restart
	   equivalent to stop followed by start

       status
	   report the status of the subsystem; normally just reports IPsec
	   running and pluto pid nnn, or IPsec stopped, and exits with status
	   0, but will go into more detail (and exit with status 1) if
	   something strange is found. (An “illicit” Pluto is one that does
	   not match the process ID in Pluto´s lock file; an “orphaned” Pluto
	   is one with no lock file.)

       The stop operation tries to clean up properly even if assorted
       accidents have occurred, e.g. Pluto having died without removing its
       lock file. If stop discovers that the subsystem is (supposedly) not
       running, it will complain, but will do its cleanup anyway before
       exiting with status 1.

       Although a number of configuration-file parameters influence setup´s
       operations, the key one is the interfaces parameter, which must be
       right or chaos will ensue.

FILES
       /etc/rc.d/init.d/ipsec the script itself /etc/init.d/ipsec alternate
       location for the script /etc/ipsec.conf IPsec configuration file
       /proc/sys/net/ipv4/ip_forward forwarding control
       /var/run/pluto/ipsec.info saved information /var/run/pluto/pluto.pid
       Pluto lock file /var/run/pluto/ipsec_setup.pid IPsec lock file

SEE ALSO
       ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)

DIAGNOSTICS
       All output from the commands start and stop goes both to standard
       output and to syslogd(8), via logger(1). Selected additional
       information is logged only to syslogd(8).

HISTORY
       Written for the FreeS/WAN project <http://www.freeswan.org> by Henry
       Spencer.

       Modified for Openswan <http://www.openswan.org> by Tuomo Soini.

BUGS
       Old versions of logger(1) inject spurious extra newlines onto standard
       output.

[FIXME: source]			  10/06/2010			IPSEC_SETUP(8)

Vote for polarhome