ipsec starter - start up the IPsec keying daemon (pluto) and load configuration

Openswan Starter is aimed to replace all the scripts which are used to start and stop Openswan, and to do that in a quicker and a smarter way.

It can also reload the configuration file if given a HUP signal, and apply the changes.

What it will do:

Load and unload KLIPS, or NETKEY (ipsec kernel module)

Launch and monitor pluto.

Add, initiate, route and delete connections

Attach and detach interfaces according to config file

kill -HUP can be used to reload the config file. New connections will be added, old ones will be removed and modified ones will be reloaded. Interfaces/Klips/Pluto will be reloaded if necessary.

Upon startup, starter will save its pid to the file /var/run/pluto/ipsec-starter.pid

Upon reloading, dynamic DNS addresses will be resolved and updated. Use --auto_reload to periodicaly check for dynamic DNS changes.

kill -USR1 can be used to reload all connections. This does a delete, followed by an add and then either a route or initiate operation.

/var/run/pluto/dynip/xxxx can be used to use a virtual interface name in ipsec.conf. By example, when adsl can be ppp0, ppp1, or some such, one can do:

ipsec.conf: interfaces=" ipsec0=adsl" And use /etc/ppp/ip-up to create /var/run/pluto/dynip/adsl /var/run/pluto/dynip/adsl: IP_PHYS=ppp0

%auto can be used to automaticaly name the connections

kill -TERM can be used to stop Openswan. Pluto will be stopped and kernel modules unloaded.

/etc/ipsec.conf

ipsec(8), ipsec_tncfg(8), ipsec_pluto(8)

Original by mlafon@arkoon.net for Arkoon Network Security. Updated for FreeS/WAN version 2 by Michael Richardson <mcr@sandelman.ottawa.on.ca>. Merged into Openswan 2.2 by Xelerance Corporation

handle wildcards in include lines -- use glob() fct ex: include /etc/ipsec.*.conf

handle duplicates keywords and sections

Support also keyword

add unsupported keywords

manually keyed connections

%defaultroute

IPv6