man ipsec_starter (Administration système) - start up the IPsec keying daemon (pluto) and load configuration
NAME
ipsec starter - start up the IPsec keying daemon (pluto) and load configuration
SYNOPSIS
DESCRIPTION
Openswan Starter is aimed to replace all the scripts which are used to start and stop Openswan, and to do that in a quicker and a smarter way.
It can also reload the configuration file if given a HUP signal, and apply the changes.
What it will do:
Load and unload KLIPS, or NETKEY (ipsec kernel module)
Launch and monitor pluto.
Add, initiate, route and delete connections
Attach and detach interfaces according to config file
kill -HUP can be used to reload the config file. New connections will be added, old ones will be removed and modified ones will be reloaded. Interfaces/Klips/Pluto will be reloaded if necessary.
Upon startup, starter will save its pid to the file /var/run/pluto/ipsec-starter.pid
Upon reloading, dynamic DNS addresses will be resolved and updated. Use --auto_reload to periodicaly check for dynamic DNS changes.
kill -USR1 can be used to reload all connections. This does a delete, followed by an add and then either a route or initiate operation.
/var/run/pluto/dynip/xxxx can be used to use a virtual interface name in ipsec.conf. By example, when adsl can be ppp0, ppp1, or some such, one can do:
ipsec.conf: interfaces=" ipsec0=adsl" And use /etc/ppp/ip-up to create /var/run/pluto/dynip/adsl /var/run/pluto/dynip/adsl: IP_PHYS=ppp0
%auto can be used to automaticaly name the connections
kill -TERM can be used to stop Openswan. Pluto will be stopped and kernel modules unloaded.
FILES
/etc/ipsec.conf
SEE ALSO
ipsec(8), ipsec_tncfg(8), ipsec_pluto(8)
HISTORY
Original by mlafon@arkoon.net for Arkoon Network Security. Updated for FreeS/WAN version 2 by Michael Richardson <mcr@sandelman.ottawa.on.ca>. Merged into Openswan 2.2 by Xelerance Corporation
TODO/BUGS
handle wildcards in include lines -- use glob() fct ex: include /etc/ipsec.*.conf
handle duplicates keywords and sections
Support also keyword
add unsupported keywords
manually keyed connections
%defaultroute
IPv6