1 .TH IPSEC_SETUP 8 "23 July 2001"
2 .\" RCSID $Id: setup.8,v 1.32 2001/07/24 00:17:20 henry Exp $
4 ipsec setup \- control IPsec subsystem
11 controls the FreeS/WAN IPsec subsystem,
12 including both the Klips kernel code and the Pluto key-negotiation daemon.
13 (It is a synonym for the ``rc'' script for the subsystem;
14 the system runs the equivalent of
15 .B "ipsec setup start"
19 at shutdown time, more or less.)
21 The action taken depends on the specific
23 and on the contents of the
27 IPsec configuration file (\c
36 start Klips and Pluto,
37 including setting up Klips to do crypto operations on the
38 interface(s) specified in the configuration file,
39 and (if the configuration file so specifies)
40 setting up manually-keyed connections and/or
41 asking Pluto to negotiate automatically-keyed connections
42 to other security gateways
45 shut down Klips and Pluto,
46 including tearing down all existing crypto connections
55 report the status of the subsystem;
59 .BR "pluto pid \fInnn\fP" ,
62 and exits with status 0,
63 but will go into more detail (and exit with status 1)
64 if something strange is found.
65 (An ``illicit'' Pluto is one that does not match the process ID in
67 an ``orphaned'' Pluto is one with no lock file.)
71 operation tries to clean up properly even if assorted accidents
73 e.g. Pluto having died without removing its lock file.
76 discovers that the subsystem is (supposedly) not running,
78 but will do its cleanup anyway before exiting with status 1.
80 Although a number of configuration-file parameters influence
82 operations, the key one is the
84 parameter, which must be right or chaos will ensue.
86 .ta \w'/proc/sys/net/ipv4/ip_forward'u+2n
87 /etc/rc.d/init.d/ipsec the script itself
89 /etc/init.d/ipsec alternate location for the script
91 /etc/ipsec.conf IPsec configuration file
93 /proc/sys/net/ipv4/ip_forward forwarding control
95 /var/run/ipsec.info saved information
97 /var/run/pluto.pid Pluto lock file
99 /var/run/ipsec_setup.pid IPsec lock file
101 ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)
103 All output from the commands
107 goes both to standard
112 Selected additional information is logged only to
115 Written for the FreeS/WAN project
116 <http://www.freeswan.org>
121 inject spurious extra newlines onto standard output.