Provided by: libreswan_3.23-4_amd64 bug

NAME

       ipsec__stackmanager - internal script to bring up kernel components for Libreswan

SYNOPSIS

       ipsec _stackmanager start [--netkey]

       ipsec _stackmanager stop

DESCRIPTION

       ipsec _stackmanager is called from within the init sub-system (systemd, upstart, sysv
       initscripts) to bring up the Libreswan kernel component as configured via the protostack=
       option in the ipsec.conf configuration file.

       This involves loading and optionally unloading of the required kernel modules. Because the
       Linux kernel cannot autodetect most crypto related drivers on-demand, _stackmanager
       handles loading the hardware random number (RNG) device drivers, OpenBSD/FreeBSD
       Cryptographic Framework (OCF) drivers, CryptoAPI drivers, and the modules for the specific
       stack (Linux NETKEY/XFM or KLIPS/MAST). Probing for OCF supported hardware is not
       supported - those modules must be loaded by the system before the start of the Libreswan
       sub system.

       When the --netkey option is given to the start command, the netkey stack is loaded
       regardless of the existence or contents of the ipsec.conf file. This is used for docker
       tests where the host system, which might not have libreswan installed, needs to run
       _stackmanager from the source tree to load the modules on the host so the modules are
       available inside the containers.

SEE ALSO

       ip(8), ipsec_tncfg(8), ipsec.conf(5), ipsec_addconn(8), pluto(8)

HISTORY

       This script was introduced in Libreswan. On the older Openswan systems, this functionality
       was split over various script files such as ipsec _startnetkey, ipsec _startklips, ipsec
       _realsetup and ipsec setup. Man page written for the Libreswan project
       <http://www.libreswan.org/> by Paul Wouters.

AUTHOR

       Paul Wouters
           placeholder to suppress warning