1 Content-type: text/html
3 <HTML><HEAD><TITLE>Manpage of IPSEC_AUTO</TITLE>
6 Section: Maintenance Commands (8)<BR>Updated: 31 May 2001<BR><A HREF="#index">Index</A>
7 <A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>
10 <A NAME="lbAB"> </A>
13 ipsec auto - control automatically-keyed IPsec connections
14 <A NAME="lbAC"> </A>
43 operation
57 <A NAME="lbAD"> </A>
62 manipulates automatically-keyed FreeS/WAN IPsec connections,
63 setting them up and shutting them down
64 based on the information in the IPsec configuration file.
68 is the name of a connection specification in the configuration file;
90 <B>--rereadsecrets</B>,
97 do not take a connection name.
101 commands and feeds them to a shell for execution.
107 operation adds a connection specification to the internal database
114 already has a specification by that name.
118 operation deletes a connection specification from
121 internal database (also tearing down any connections based on it);
122 it will fail if the specification does not exist.
126 operation is equivalent to
129 (if there is already a specification by the given name)
133 and is a convenience for updating
136 internal specification to match an external one.
138 <B>--rereadsecrets</B>
141 None of the other operations alters the internal database.
150 to establish a connection based on an entry in its internal database.
157 to tear down such a connection.
163 establishes a route to the destination specified for a connection as
168 However, the route and only the route can be established with the
172 Until and unless an actual connection is established,
173 this discards any packets sent there,
174 which may be preferable to having them sent elsewhere based on a more
175 general route (e.g., a default route).
181 route to a destination remains in place when a
184 operation is used to take the connection down
185 (or if connection setup, or later automatic rekeying, fails).
186 This permits establishing a new connection (perhaps using a
187 different specification; the route is altered as necessary)
188 without having a ``window'' in which packets might go elsewhere
189 based on a more general route.
190 Such a route can be removed using the
194 (and is implicitly removed by
205 to listen for connection-setup requests from other hosts.
209 operation before doing
212 on both ends is futile and will not work,
213 although this is now automated as part of IPsec startup and
214 should not normally be an issue.
223 for current connection status.
224 The output format is ad-hoc and likely to change.
228 <B>--rereadsecrets</B>
234 <I>/etc/ipsec.secrets</I>
237 which it normally reads only at startup time.
238 (This is currently a synonym for
241 but that may change.)
250 option of the shell used to execute the commands,
251 so each command is shown as it is executed.
260 to show the commands it would run, on standard output,
265 <B>--asynchronous</B>
267 option, applicable only to the
274 to attempt to establish the connection,
275 but does not delay to report results.
276 This is especially useful to start multiple connections in parallel
277 when network links are slow.
286 to pass through all output from
287 <I><A HREF="ipsec_whack.8.html">ipsec_whack</A></I>(8),
289 including log output that is normally filtered out as uninteresting.
295 option specifies a non-standard location for the IPsec
296 configuration file (default
297 <I>/etc/ipsec.conf</I>).
302 <I><A HREF="ipsec.conf.5.html">ipsec.conf</A></I>(5)
304 for details of the configuration file.
305 Apart from the basic parameters which specify the endpoints and routing
306 of a connection (<B>left</B>
327 connection almost certainly needs a
333 default is poorly chosen).
334 <A NAME="lbAE"> </A>
339 /etc/ipsec.conf<TT> </TT>default IPSEC configuration file<BR>
342 /var/run/ipsec.info<TT> </TT><B>%defaultroute</B> information<BR>
343 <A NAME="lbAF"> </A>
346 <A HREF="ipsec.conf.5.html">ipsec.conf</A>(5), <A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_pluto.8.html">ipsec_pluto</A>(8), <A HREF="ipsec_whack.8.html">ipsec_whack</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8)
347 <A NAME="lbAG"> </A>
350 Written for the FreeS/WAN project
351 <<A HREF="http://www.freeswan.org">http://www.freeswan.org</A>>
353 <A NAME="lbAH"> </A>
359 operation does connection setup on both ends,
362 tears only one end of the connection down
363 (although the orphaned end will eventually time out).
366 There is no support for
372 A connection description which uses
378 parameters but not the other may be falsely
379 rejected as erroneous in some circumstances.
383 <A NAME="index"> </A><H2>Index</H2>
385 <DT><A HREF="#lbAB">NAME</A><DD>
386 <DT><A HREF="#lbAC">SYNOPSIS</A><DD>
387 <DT><A HREF="#lbAD">DESCRIPTION</A><DD>
388 <DT><A HREF="#lbAE">FILES</A><DD>
389 <DT><A HREF="#lbAF">SEE ALSO</A><DD>
390 <DT><A HREF="#lbAG">HISTORY</A><DD>
391 <DT><A HREF="#lbAH">BUGS</A><DD>
394 This document was created by
395 <A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
396 using the manual pages.<BR>
397 Time: 05:09:31 GMT, June 19, 2001