1
.TH IPSEC_STARTER 8 "29 Nov 2004"
3
.\" RCSID $Id: starter.8,v 1.4 2004/12/07 00:28:08 ken Exp $
6
ipsec starter \- start up the IPsec keying daemon (pluto) and load
12
ipsec starter [\fB\-\-debug \-\-auto_reload seconds \-\-parsedebug \-\-verbose \-\-dumpcfg\fR]
17
Openswan Starter is aimed to replace all the scripts which are used to
18
start and stop Openswan, and to do that in a quicker and a smarter way.
20
It can also reload the configuration file if given a \fRHUP\fB signal,
21
and apply the changes.
25
Load and unload KLIPS, or NETKEY (ipsec kernel module)
27
Launch and monitor pluto.
29
Add, initiate, route and delete connections
31
Attach and detach interfaces according to config file
33
kill -HUP can be used to reload the config file. New connections will be
34
added, old ones will be removed and modified ones will be reloaded.
35
Interfaces/Klips/Pluto will be reloaded if necessary.
37
Upon startup, starter will save its pid to the file /var/run/ipsec-starter.pid
39
Upon reloading, dynamic DNS addresses will be resolved and updated.
40
Use \-\-auto_reload to periodicaly check for dynamic DNS changes.
42
kill \-USR1 can be used to reload all connections. This does a \fBdelete\fR,
43
followed by an \fBadd\fR and then either a \fBroute\fR or \fBinitiate\fR operation.
45
/var/run/dynip/xxxx can be used to use a virtual interface name in
46
ipsec.conf. By example, when adsl can be ppp0, ppp1, or some such, one
49
.B ipsec.conf: interfaces="ipsec0=adsl"
50
And use /etc/ppp/ip-up to create /var/run/dynip/adsl
51
/var/run/dynip/adsl: IP_PHYS=ppp0
53
%auto can be used to automaticaly name the connections
55
kill \-TERM can be used to stop Openswan. Pluto will be stopped and
56
kernel modules unloaded.
61
ipsec(8), ipsec_tncfg(8), ipsec_pluto(8)
63
Original by mlafon@arkoon.net for Arkoon Network Security. Updated for
64
FreeS/WAN version 2 by Michael Richardson <mcr@sandelman.ottawa.on.ca>.
65
Merged into Openswan 2.2 by Xelerance Corporation
68
handle wildcards in include lines \-\- use glob() fct ex: include /etc/ipsec.*.conf
70
handle duplicates keywords and sections
74
add unsupported keywords
76
manually keyed connections