Provided by: openswan_2.4.4-3ubuntu1_i386 bug


       ipsec setup - control IPsec subsystem


       ipsec setup [ --show | --showonly ] command


       Setup  controls the FreeS/WAN IPsec subsystem, including both the Klips
       kernel code and the Pluto key-negotiation daemon.  (It is a synonym for
       the  ‘‘rc’’ script for the subsystem; the system runs the equivalent of
       ipsec setup start at boot time, and ipsec setup stop at shutdown  time,
       more or less.)

       The  action  taken depends on the specific command, and on the contents
       of  the  config  setup  section  of  the   IPsec   configuration   file
       (/etc/ipsec.conf, see ipsec.conf(5)).  Current commands are:

       start     start  Klips  and  Pluto,  including  setting  up Klips to do
                 crypto  operations  on  the  interface(s)  specified  in  the
                 configuration   file,  and  (if  the  configuration  file  so
                 specifies)  setting  up  manually-keyed  connections   and/or
                 asking  Pluto to negotiate automatically-keyed connections to
                 other security gateways

       stop      shut  down  Klips  and  Pluto,  including  tearing  down  all
                 existing crypto connections

       restart   equivalent to stop followed by start

       status    report  the  status  of  the subsystem; normally just reports
                 IPsec running and pluto pid nnn, or IPsec stopped, and  exits
                 with  status  0,  but will go into more detail (and exit with
                 status 1) if something strange  is  found.   (An  ‘‘illicit’’
                 Pluto  is  one  that does not match the process ID in Pluto’s
                 lock file; an ‘‘orphaned’’ Pluto is one with no lock file.)

       The stop  operation  tries  to  clean  up  properly  even  if  assorted
       accidents  have  occurred,  e.g. Pluto having died without removing its
       lock file.  If stop discovers that the subsystem  is  (supposedly)  not
       running,  it  will  complain,  but  will  do  its cleanup anyway before
       exiting with status 1.

       Although a number of configuration-file  parameters  influence  setup’s
       operations,  the  key  one  is  the interfaces parameter, which must be
       right or chaos will ensue.

       The --show and --showonly options cause  setup  to  display  the  shell
       commands that it would execute.  --showonly suppresses their execution.
       Only start, stop, and restart commands recognize these flags.


       /etc/rc.d/init.d/ipsec         the script itself
       /etc/init.d/ipsec              alternate location for the script
       /etc/ipsec.conf                IPsec configuration file
       /proc/sys/net/ipv4/ip_forward  forwarding control
       /var/run/pluto/      saved information
       /var/run/pluto/       Pluto lock file
       /var/run/pluto/ IPsec lock file


       ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)


       All output from the commands start  and  stop  goes  both  to  standard
       output   and   to   syslogd(8),  via  logger(1).   Selected  additional
       information is logged only to syslogd(8).


       Written for the FreeS/WAN project  <>  by  Henry


       Old  versions of logger(1) inject spurious extra newlines onto standard

                                 23 July 2001                   IPSEC_SETUP(8)