man ipsec_starter (Administration système) - start up the IPsec keying daemon (pluto) and load configuration

NAME

ipsec starter - start up the IPsec keying daemon (pluto) and load configuration

SYNOPSIS

ipsec starter [--debug --auto_reload seconds --parsedebug --verbose --dumpcfg]

DESCRIPTION

Openswan Starter is aimed to replace all the scripts which are used to start and stop Openswan, and to do that in a quicker and a smarter way.

It can also reload the configuration file if given a HUP signal, and apply the changes.

What it will do:

Load and unload KLIPS, or NETKEY (ipsec kernel module)

Launch and monitor pluto.

Add, initiate, route and delete connections

Attach and detach interfaces according to config file

kill -HUP can be used to reload the config file. New connections will be added, old ones will be removed and modified ones will be reloaded. Interfaces/Klips/Pluto will be reloaded if necessary.

Upon startup, starter will save its pid to the file /var/run/pluto/ipsec-starter.pid

Upon reloading, dynamic DNS addresses will be resolved and updated. Use --auto_reload to periodicaly check for dynamic DNS changes.

kill -USR1 can be used to reload all connections. This does a delete, followed by an add and then either a route or initiate operation.

/var/run/pluto/dynip/xxxx can be used to use a virtual interface name in ipsec.conf. By example, when adsl can be ppp0, ppp1, or some such, one can do:

ipsec.conf: interfaces=" ipsec0=adsl" And use /etc/ppp/ip-up to create /var/run/pluto/dynip/adsl /var/run/pluto/dynip/adsl: IP_PHYS=ppp0

%auto can be used to automaticaly name the connections

kill -TERM can be used to stop Openswan. Pluto will be stopped and kernel modules unloaded.

FILES

/etc/ipsec.conf

SEE ALSO

HISTORY

Original by mlafon@arkoon.net for Arkoon Network Security. Updated for FreeS/WAN version 2 by Michael Richardson <mcr@sandelman.ottawa.on.ca>. Merged into Openswan 2.2 by Xelerance Corporation

TODO/BUGS

handle wildcards in include lines -- use glob() fct ex: include /etc/ipsec.*.conf

handle duplicates keywords and sections

Support also keyword

add unsupported keywords

manually keyed connections

%defaultroute

IPv6