]>
Commit | Line | Data |
---|---|---|
997358a6 MW |
1 | Content-type: text/html |
2 | ||
3 | <HTML><HEAD><TITLE>Manpage of IPSEC_SETUP</TITLE> | |
4 | </HEAD><BODY> | |
5 | <H1>IPSEC_SETUP</H1> | |
6 | Section: Maintenance Commands (8)<BR>Updated: 23 July 2001<BR><A HREF="#index">Index</A> | |
7 | <A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> | |
8 | ||
9 | ||
10 | <A NAME="lbAB"> </A> | |
11 | <H2>NAME</H2> | |
12 | ||
13 | ipsec setup - control IPsec subsystem | |
14 | <A NAME="lbAC"> </A> | |
15 | <H2>SYNOPSIS</H2> | |
16 | ||
17 | <B>ipsec</B> | |
18 | ||
19 | <B>setup</B> | |
20 | ||
21 | [ | |
22 | <B>--show</B> | |
23 | ||
24 | | | |
25 | <B>--showonly</B> | |
26 | ||
27 | ] | |
28 | command | |
29 | <A NAME="lbAD"> </A> | |
30 | <H2>DESCRIPTION</H2> | |
31 | ||
32 | <I>Setup</I> | |
33 | ||
34 | controls the FreeS/WAN IPsec subsystem, | |
35 | including both the Klips kernel code and the Pluto key-negotiation daemon. | |
36 | (It is a synonym for the ``rc'' script for the subsystem; | |
37 | the system runs the equivalent of | |
38 | <B>ipsec setup start</B> | |
39 | ||
40 | at boot time, | |
41 | and | |
42 | <B>ipsec setup stop</B> | |
43 | ||
44 | at shutdown time, more or less.) | |
45 | <P> | |
46 | ||
47 | The action taken depends on the specific | |
48 | <I>command</I>, | |
49 | ||
50 | and on the contents of the | |
51 | <B>config</B> | |
52 | ||
53 | <B>setup</B> | |
54 | ||
55 | section of the | |
56 | IPsec configuration file (<I>/etc/ipsec.conf</I>, | |
57 | ||
58 | see | |
59 | <I><A HREF="ipsec.conf.5.html">ipsec.conf</A></I>(5)). | |
60 | ||
61 | Current | |
62 | <I>command</I>s | |
63 | ||
64 | are: | |
65 | <DL COMPACT> | |
66 | <DT><B>start</B> | |
67 | ||
68 | <DD> | |
69 | start Klips and Pluto, | |
70 | including setting up Klips to do crypto operations on the | |
71 | interface(s) specified in the configuration file, | |
72 | and (if the configuration file so specifies) | |
73 | setting up manually-keyed connections and/or | |
74 | asking Pluto to negotiate automatically-keyed connections | |
75 | to other security gateways | |
76 | <DT><B>stop</B> | |
77 | ||
78 | <DD> | |
79 | shut down Klips and Pluto, | |
80 | including tearing down all existing crypto connections | |
81 | <DT><B>restart</B> | |
82 | ||
83 | <DD> | |
84 | equivalent to | |
85 | <B>stop</B> | |
86 | ||
87 | followed by | |
88 | <B>start</B> | |
89 | ||
90 | <DT><B>status</B> | |
91 | ||
92 | <DD> | |
93 | report the status of the subsystem; | |
94 | normally just reports | |
95 | <B>IPsec running</B> | |
96 | ||
97 | and | |
98 | <B>pluto pid </B><I>nnn</I>, | |
99 | ||
100 | or | |
101 | <B>IPsec stopped</B>, | |
102 | ||
103 | and exits with status 0, | |
104 | but will go into more detail (and exit with status 1) | |
105 | if something strange is found. | |
106 | (An ``illicit'' Pluto is one that does not match the process ID in | |
107 | Pluto's lock file; | |
108 | an ``orphaned'' Pluto is one with no lock file.) | |
109 | </DL> | |
110 | <P> | |
111 | ||
112 | The | |
113 | <B>stop</B> | |
114 | ||
115 | operation tries to clean up properly even if assorted accidents | |
116 | have occurred, | |
117 | e.g. Pluto having died without removing its lock file. | |
118 | If | |
119 | <B>stop</B> | |
120 | ||
121 | discovers that the subsystem is (supposedly) not running, | |
122 | it will complain, | |
123 | but will do its cleanup anyway before exiting with status 1. | |
124 | <P> | |
125 | ||
126 | Although a number of configuration-file parameters influence | |
127 | <I>setup</I>'s | |
128 | ||
129 | operations, the key one is the | |
130 | <B>interfaces</B> | |
131 | ||
132 | parameter, which must be right or chaos will ensue. | |
133 | <P> | |
134 | ||
135 | The | |
136 | <B>--show</B> | |
137 | ||
138 | and | |
139 | <B>--showonly</B> | |
140 | ||
141 | options cause | |
142 | <I>setup</I> | |
143 | ||
144 | to display the shell commands that it would execute. | |
145 | <B>--showonly</B> | |
146 | ||
147 | suppresses their execution. | |
148 | Only | |
149 | <B>start</B>, | |
150 | ||
151 | <B>stop</B>, | |
152 | ||
153 | and | |
154 | <B>restart</B> | |
155 | ||
156 | commands recognize these flags. | |
157 | <A NAME="lbAE"> </A> | |
158 | <H2>FILES</H2> | |
159 | ||
160 | ||
161 | ||
162 | /etc/rc.d/init.d/ipsec<TT> </TT>the script itself<BR> | |
163 | <BR> | |
164 | ||
165 | /etc/init.d/ipsec<TT> </TT>alternate location for the script<BR> | |
166 | <BR> | |
167 | ||
168 | /etc/ipsec.conf<TT> </TT>IPsec configuration file<BR> | |
169 | <BR> | |
170 | ||
171 | /proc/sys/net/ipv4/ip_forward<TT> </TT>forwarding control<BR> | |
172 | <BR> | |
173 | ||
174 | /var/run/ipsec.info<TT> </TT>saved information<BR> | |
175 | <BR> | |
176 | ||
177 | /var/run/pluto.pid<TT> </TT>Pluto lock file<BR> | |
178 | <BR> | |
179 | ||
180 | /var/run/ipsec_setup.pid<TT> </TT>IPsec lock file<BR> | |
181 | <A NAME="lbAF"> </A> | |
182 | <H2>SEE ALSO</H2> | |
183 | ||
184 | <A HREF="ipsec.conf.5.html">ipsec.conf</A>(5), <A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_auto.8.html">ipsec_auto</A>(8), <A HREF="route.8.html">route</A>(8) | |
185 | <A NAME="lbAG"> </A> | |
186 | <H2>DIAGNOSTICS</H2> | |
187 | ||
188 | All output from the commands | |
189 | <B>start</B> | |
190 | ||
191 | and | |
192 | <B>stop</B> | |
193 | ||
194 | goes both to standard | |
195 | output and to | |
196 | <I><A HREF="syslogd.8.html">syslogd</A></I>(8), | |
197 | ||
198 | via | |
199 | <I><A HREF="logger.1.html">logger</A></I>(1). | |
200 | ||
201 | Selected additional information is logged only to | |
202 | <I><A HREF="syslogd.8.html">syslogd</A></I>(8). | |
203 | ||
204 | <A NAME="lbAH"> </A> | |
205 | <H2>HISTORY</H2> | |
206 | ||
207 | Written for the FreeS/WAN project | |
208 | <<A HREF="http://www.freeswan.org">http://www.freeswan.org</A>> | |
209 | by Henry Spencer. | |
210 | <A NAME="lbAI"> </A> | |
211 | <H2>BUGS</H2> | |
212 | ||
213 | Old versions of | |
214 | <I><A HREF="logger.1.html">logger</A></I>(1) | |
215 | ||
216 | inject spurious extra newlines onto standard output. | |
217 | <P> | |
218 | ||
219 | <HR> | |
220 | <A NAME="index"> </A><H2>Index</H2> | |
221 | <DL> | |
222 | <DT><A HREF="#lbAB">NAME</A><DD> | |
223 | <DT><A HREF="#lbAC">SYNOPSIS</A><DD> | |
224 | <DT><A HREF="#lbAD">DESCRIPTION</A><DD> | |
225 | <DT><A HREF="#lbAE">FILES</A><DD> | |
226 | <DT><A HREF="#lbAF">SEE ALSO</A><DD> | |
227 | <DT><A HREF="#lbAG">DIAGNOSTICS</A><DD> | |
228 | <DT><A HREF="#lbAH">HISTORY</A><DD> | |
229 | <DT><A HREF="#lbAI">BUGS</A><DD> | |
230 | </DL> | |
231 | <HR> | |
232 | This document was created by | |
233 | <A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, | |
234 | using the manual pages.<BR> | |
235 | Time: 21:40:18 GMT, November 11, 2003 | |
236 | </BODY> | |
237 | </HTML> |