2. EL 6 ELS
  3. openswan
  4. ipsec_setup(8)

Scroll to navigation

IPSEC_SETUP(8) [FIXME: manual] IPSEC_SETUP(8)

NAME

ipsec_setup - control IPsec subsystem

SYNOPSIS

ipsec setup command

EXAMPLES

ipsec setup { start | stop | restart }

ipsec setup status

DESCRIPTION

Setup controls the Openswan IPsec subsystem, including both the Klips or Netkey (XFRM) kernel code and the Pluto key-negotiation daemon. (It is a synonym for the “rc” script for the subsystem; the system runs the equivalent of ipsec setup start at boot time, and ipsec setup stop at shutdown time, more or less.)

The action taken depends on the specific command, and on the contents of the config setup section of the IPsec configuration file (/etc/ipsec.conf, see ipsec.conf(5)). Current commands are:

start

start Klips and Pluto, including setting up Netkey (XFRM) or Klips to do crypto operations on the interface(s) specified in the configuration file. and (if the configuration file so specifies) asking Pluto to negotiate automatically-keyed connections to other security gateways

stop

shut down Klips or Netkey (XFRM) and Pluto, including tearing down all existing crypto connections

restart

equivalent to stop followed by start

status

report the status of the subsystem; normally just reports IPsec running and pluto pid nnn, or IPsec stopped, and exits with status 0, but will go into more detail (and exit with status 1) if something strange is found. (An “illicit” Pluto is one that does not match the process ID in Pluto´s lock file; an “orphaned” Pluto is one with no lock file.)

The stop operation tries to clean up properly even if assorted accidents have occurred, e.g. Pluto having died without removing its lock file. If stop discovers that the subsystem is (supposedly) not running, it will complain, but will do its cleanup anyway before exiting with status 1.

Although a number of configuration-file parameters influence setup´s operations, the key one is the interfaces parameter, which must be right or chaos will ensue.

FILES

/etc/rc.d/init.d/ipsec the script itself /etc/init.d/ipsec alternate location for the script /etc/ipsec.conf IPsec configuration file /proc/sys/net/ipv4/ip_forward forwarding control /var/run/pluto/ipsec.info saved information /var/run/pluto/pluto.pid Pluto lock file /var/run/pluto/ipsec_setup.pid IPsec lock file

SEE ALSO

ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)

DIAGNOSTICS

All output from the commands start and stop goes both to standard output and to syslogd(8), via logger(1). Selected additional information is logged only to syslogd(8).

HISTORY

Written for the FreeS/WAN project <http://www.freeswan.org> by Henry Spencer.

Modified for Openswan <http://www.openswan.org> by Tuomo Soini.

BUGS

Old versions of logger(1) inject spurious extra newlines onto standard output.

10/06/2010 [FIXME: source]