1 Content-type: text/html
3 <HTML><HEAD><TITLE>Manpage of IPSEC_SETUP
</TITLE>
6 Section: Maintenance Commands (
8)
<BR>Updated:
23 July
2001<BR><A HREF=
"#index">Index
</A>
7 <A HREF=
"http://localhost/cgi-bin/man/man2html">Return to Main Contents
</A><HR>
10 <A NAME=
"lbAB"> </A>
13 ipsec setup - control IPsec subsystem
14 <A NAME=
"lbAC"> </A>
29 <A NAME=
"lbAD"> </A>
34 controls the FreeS/WAN IPsec subsystem,
35 including both the Klips kernel code and the Pluto key-negotiation daemon.
36 (It is a synonym for the ``rc'' script for the subsystem;
37 the system runs the equivalent of
38 <B>ipsec setup start
</B>
42 <B>ipsec setup stop
</B>
44 at shutdown time, more or less.)
47 The action taken depends on the specific
50 and on the contents of the
56 IPsec configuration file (
<I>/etc/ipsec.conf
</I>,
59 <I><A HREF=
"ipsec.conf.5.html">ipsec.conf
</A></I>(
5)).
69 start Klips and Pluto,
70 including setting up Klips to do crypto operations on the
71 interface(s) specified in the configuration file,
72 and (if the configuration file so specifies)
73 setting up manually-keyed connections and/or
74 asking Pluto to negotiate automatically-keyed connections
75 to other security gateways
79 shut down Klips and Pluto,
80 including tearing down all existing crypto connections
93 report the status of the subsystem;
98 <B>pluto pid
</B><I>nnn
</I>,
101 <B>IPsec stopped
</B>,
103 and exits with status
0,
104 but will go into more detail (and exit with status
1)
105 if something strange is found.
106 (An ``illicit'' Pluto is one that does not match the process ID in
108 an ``orphaned'' Pluto is one with no lock file.)
115 operation tries to clean up properly even if assorted accidents
117 e.g. Pluto having died without removing its lock file.
121 discovers that the subsystem is (supposedly) not running,
123 but will do its cleanup anyway before exiting with status
1.
126 Although a number of configuration-file parameters influence
129 operations, the key one is the
132 parameter, which must be right or chaos will ensue.
144 to display the shell commands that it would execute.
147 suppresses their execution.
156 commands recognize these flags.
157 <A NAME=
"lbAE"> </A>
162 /etc/rc.d/init.d/ipsec
<TT> </TT>the script itself
<BR>
165 /etc/init.d/ipsec
<TT> </TT>alternate location for the script
<BR>
168 /etc/ipsec.conf
<TT> </TT>IPsec configuration file
<BR>
171 /proc/sys/net/ipv4/ip_forward
<TT> </TT>forwarding control
<BR>
174 /var/run/ipsec.info
<TT> </TT>saved information
<BR>
177 /var/run/pluto.pid
<TT> </TT>Pluto lock file
<BR>
180 /var/run/ipsec_setup.pid
<TT> </TT>IPsec lock file
<BR>
181 <A NAME=
"lbAF"> </A>
184 <A HREF=
"ipsec.conf.5.html">ipsec.conf
</A>(
5),
<A HREF=
"ipsec.8.html">ipsec
</A>(
8),
<A HREF=
"ipsec_manual.8.html">ipsec_manual
</A>(
8),
<A HREF=
"ipsec_auto.8.html">ipsec_auto
</A>(
8),
<A HREF=
"route.8.html">route
</A>(
8)
185 <A NAME=
"lbAG"> </A>
188 All output from the commands
194 goes both to standard
196 <I><A HREF=
"syslogd.8.html">syslogd
</A></I>(
8),
199 <I><A HREF=
"logger.1.html">logger
</A></I>(
1).
201 Selected additional information is logged only to
202 <I><A HREF=
"syslogd.8.html">syslogd
</A></I>(
8).
204 <A NAME=
"lbAH"> </A>
207 Written for the FreeS/WAN project
208 <<A HREF=
"http://www.freeswan.org">http://www.freeswan.org
</A>>
210 <A NAME=
"lbAI"> </A>
214 <I><A HREF=
"logger.1.html">logger
</A></I>(
1)
216 inject spurious extra newlines onto standard output.
220 <A NAME=
"index"> </A><H2>Index
</H2>
222 <DT><A HREF=
"#lbAB">NAME
</A><DD>
223 <DT><A HREF=
"#lbAC">SYNOPSIS
</A><DD>
224 <DT><A HREF=
"#lbAD">DESCRIPTION
</A><DD>
225 <DT><A HREF=
"#lbAE">FILES
</A><DD>
226 <DT><A HREF=
"#lbAF">SEE ALSO
</A><DD>
227 <DT><A HREF=
"#lbAG">DIAGNOSTICS
</A><DD>
228 <DT><A HREF=
"#lbAH">HISTORY
</A><DD>
229 <DT><A HREF=
"#lbAI">BUGS
</A><DD>
232 This document was created by
233 <A HREF=
"http://localhost/cgi-bin/man/man2html">man2html
</A>,
234 using the manual pages.
<BR>
235 Time:
21:
40:
18 GMT, November
11,
2003