programs/starter/README

   1
   2 IPsec Starter -- Version 0.2        [Contributed by Arkoon Network Security]
   3 ============================        [                http://www.arkoon.net/]
   4
   5 IPsec Starter is aimed to replace all the scripts which are used to
   6 start and stop strongSwan and to do that in a quicker and a smarter way.
   7
   8 IPsec Starter can also reload the configuration file (kill --HUP or periodicaly)
   9 and apply the changes.
  10
  11 Usage:
  12   starter [--debug] [--auto_update <x seconds>]
  13     --debug:       enable debugging output
  14     --no_fork:     all msg (including pluto) are sent to the console
  15     --auto_update: reload the config file (like kill -HUP) every x seconds
  16                    and determine any configuration changes
  17
  18 FEATURES
  19 --------
  20
  21 o Load and unload KLIPS (ipsec.o kernel module)
  22
  23 o Load modules of the native Linux 2.6 IPsec stack
  24
  25 o Launch and monitor pluto
  26
  27 o Add, initiate, route and del connections
  28
  29 o Attach and detach interfaces according to config file
  30
  31 o kill -HUP can be used to reload the config file. New connections will be
  32   added, old ones will be removed and modified ones will be reloaded.
  33   Interfaces/Klips/Pluto will be reloaded if necessary.
  34
  35 o Full support of the %defaultroute wildcard parameter.
  36
  37 o save own pid in /var/run/starter
  38
  39 o Upon reloading, dynamic DNS addr will be resolved and reloaded. Use
  40   --auto_update to periodicaly check dynamic DNS changes.
  41
  42 o kill -USR1 can be used to reload all connections (delete then add and
  43   route/initiate)
  44
  45 o /var/run/dynip/xxxx can be used to use a virtual interface name in
  46   ipsec.conf. By example, when adsl can be ppp0, ppp1, ... :
  47     ipsec.conf:             interfaces="ipsec0=adsl"
  48   And use /etc/ppp/ip-up to create /var/run/dynip/adsl
  49     /var/run/dynip/adsl:    IP_PHYS=ppp0
  50
  51 o %auto can be used to automaticaly name the connections
  52
  53 o kill -TERM can be used to stop FS. pluto will be stopped and KLIPS unloaded
  54   (if it has been loaded).
  55
  56 o Can be used to start strongSwan and load lots of connections in a few
  57   seconds.
  58
  59 TODO
  60 ----
  61
  62 o handle wildcards in include lines -- use glob() fct
  63     ex: include /etc/ipsec.*.conf
  64
  65 o handle duplicates keywords and sections
  66
  67 o 'also' keyword not supported
  68
  69 o manually keyed connections
  70
  71 o IPv6
  72
  73 o Documentation
  74
  75
  76 CHANGES
  77 -------
  78
  79 o Version 0.1 -- 2002.01.14 -- First public release
  80
  81 o Version 0.2 -- 2002.09.04 -- Various enhancements
  82                                FreeS/WAN 1.98b, x509 0.9.14, algo 0.8.0
  83
  84 o Version 0.2d -- 2004.01.13 -- Adaptions for Openswan 1.0.0
  85                                 by Stephan Scholz <sscholz@astaro.com>
  86
  87 o Version 0.2e -- 2004.10.14 -- Added support for change of interface address
  88                                 by Stephan Scholz <sscholz@astaro.com>
  89
  90 o Version 0.2s -- 2005-12-02 -- Ported to strongSwan
  91                                 by Stephan Scholz <sscholz@astaro.com>
  92
  93 o Version 0.2x -- 2006-01-02 -- Added missing strongSwan keywords
  94                                 Full support of the native Linux 2.6 IPsec stack
  95                                 Full support of %defaultroute
  96                                 Improved parsing of keywords using perfect hash
  97                                 function generated by gperf.
  98                                 by Andreas Steffen <andreas.steffen@hsr.ch>
  99
 100 THANKS
 101 ------
 102
 103 o Nathan Angelacos - include fix
 104