1 Content-type: text/html
3 <HTML><HEAD><TITLE>Manpage of IPSEC_AUTO
</TITLE>
6 Section: Maintenance Commands (
8)
<BR>Updated:
31 Jan
2002<BR><A HREF=
"#index">Index
</A>
7 <A HREF=
"http://localhost/cgi-bin/man/man2html">Return to Main Contents
</A><HR>
10 <A NAME=
"lbAB"> </A>
13 ipsec auto - control automatically-keyed IPsec connections
14 <A NAME=
"lbAC"> </A>
43 operation
57 <A NAME=
"lbAD"> </A>
62 manipulates automatically-keyed FreeS/WAN IPsec connections,
63 setting them up and shutting them down
64 based on the information in the IPsec configuration file.
68 is the name of a connection specification in the configuration file;
90 <B>--rereadsecrets
</B>,
92 <B>--rereadgroups
</B>,
99 do not take a connection name.
103 commands and feeds them to a shell for execution.
109 operation adds a connection specification to the internal database
116 already has a specification by that name.
120 operation deletes a connection specification from
123 internal database (also tearing down any connections based on it);
124 it will fail if the specification does not exist.
128 operation is equivalent to
131 (if there is already a specification by the given name)
135 and is a convenience for updating
138 internal specification to match an external one.
140 <B>--rereadsecrets
</B>
144 <B>--rereadgroups
</B>
146 operation causes any changes to the policy group files to take effect
147 (this is currently a synonym for
150 but that may change).
151 None of the other operations alters the internal database.
160 to establish a connection based on an entry in its internal database.
167 to tear down such a connection.
173 establishes a route to the destination specified for a connection as
178 However, the route and only the route can be established with the
182 Until and unless an actual connection is established,
183 this discards any packets sent there,
184 which may be preferable to having them sent elsewhere based on a more
185 general route (e.g., a default route).
191 route to a destination remains in place when a
194 operation is used to take the connection down
195 (or if connection setup, or later automatic rekeying, fails).
196 This permits establishing a new connection (perhaps using a
197 different specification; the route is altered as necessary)
198 without having a ``window'' in which packets might go elsewhere
199 based on a more general route.
200 Such a route can be removed using the
204 (and is implicitly removed by
215 to listen for connection-setup requests from other hosts.
219 operation before doing
222 on both ends is futile and will not work,
223 although this is now automated as part of IPsec startup and
224 should not normally be an issue.
233 for current connection status.
234 The output format is ad-hoc and likely to change.
238 <B>--rereadsecrets
</B>
244 <I>/etc/ipsec.secrets
</I>
247 which it normally reads only at startup time.
248 (This is currently a synonym for
251 but that may change.)
260 option of the shell used to execute the commands,
261 so each command is shown as it is executed.
270 to show the commands it would run, on standard output,
275 <B>--asynchronous
</B>
277 option, applicable only to the
284 to attempt to establish the connection,
285 but does not delay to report results.
286 This is especially useful to start multiple connections in parallel
287 when network links are slow.
296 to pass through all output from
297 <I><A HREF=
"ipsec_whack.8.html">ipsec_whack
</A></I>(
8),
299 including log output that is normally filtered out as uninteresting.
305 option specifies a non-standard location for the IPsec
306 configuration file (default
307 <I>/etc/ipsec.conf
</I>).
312 <I><A HREF=
"ipsec.conf.5.html">ipsec.conf
</A></I>(
5)
314 for details of the configuration file.
315 Apart from the basic parameters which specify the endpoints and routing
316 of a connection (
<B>left
</B>
337 connection almost certainly needs a
343 default is poorly chosen).
344 <A NAME=
"lbAE"> </A>
349 /etc/ipsec.conf
<TT> </TT>default IPSEC configuration file
<BR>
352 /var/run/ipsec.info
<TT> </TT><B>%defaultroute
</B> information
<BR>
353 <A NAME=
"lbAF"> </A>
356 <A HREF=
"ipsec.conf.5.html">ipsec.conf
</A>(
5),
<A HREF=
"ipsec.8.html">ipsec
</A>(
8),
<A HREF=
"ipsec_pluto.8.html">ipsec_pluto
</A>(
8),
<A HREF=
"ipsec_whack.8.html">ipsec_whack
</A>(
8),
<A HREF=
"ipsec_manual.8.html">ipsec_manual
</A>(
8)
357 <A NAME=
"lbAG"> </A>
360 Written for the FreeS/WAN project
361 <<A HREF=
"http://www.freeswan.org">http://www.freeswan.org
</A>>
363 <A NAME=
"lbAH"> </A>
369 operation does connection setup on both ends,
372 tears only one end of the connection down
373 (although the orphaned end will eventually time out).
376 There is no support for
382 A connection description which uses
388 parameters but not the other may be falsely
389 rejected as erroneous in some circumstances.
395 does not always reflect errors discovered during processing of the request.
396 (This is fine for human inspection, but not so good for use in scripts.)
400 <A NAME=
"index"> </A><H2>Index
</H2>
402 <DT><A HREF=
"#lbAB">NAME
</A><DD>
403 <DT><A HREF=
"#lbAC">SYNOPSIS
</A><DD>
404 <DT><A HREF=
"#lbAD">DESCRIPTION
</A><DD>
405 <DT><A HREF=
"#lbAE">FILES
</A><DD>
406 <DT><A HREF=
"#lbAF">SEE ALSO
</A><DD>
407 <DT><A HREF=
"#lbAG">HISTORY
</A><DD>
408 <DT><A HREF=
"#lbAH">BUGS
</A><DD>
411 This document was created by
412 <A HREF=
"http://localhost/cgi-bin/man/man2html">man2html
</A>,
413 using the manual pages.
<BR>
414 Time:
21:
40:
17 GMT, November
11,
2003