Provided by: openswan_2.4.4-3ubuntu1_i386 bug


       ipsec  starter  -  start  up  the  IPsec keying daemon (pluto) and load


       ipsec starter [--debug --auto_reload seconds --parsedebug --verbose


       Openswan  Starter is aimed to replace all the scripts which are used to
       start and stop Openswan, and to do that in a quicker and a smarter way.

       It  can  also  reload the configuration file if given a HUP signal, and
       apply the changes.

       What it will do:

       Load and unload KLIPS, or NETKEY (ipsec kernel module)

       Launch and monitor pluto.

       Add, initiate, route and delete connections

       Attach and detach interfaces according to config file

       kill -HUP can be used to reload the config file. New  connections  will
       be  added, old ones will be removed and modified ones will be reloaded.
       Interfaces/Klips/Pluto will be reloaded if necessary.

       Upon   startup,   starter   will   save   its   pid   to    the    file

       Upon  reloading,  dynamic  DNS  addresses will be resolved and updated.
       Use --auto_reload to periodicaly check for dynamic DNS changes.

       kill -USR1 can be used to reload all connections.  This does a  delete,
       followed by an add and then either a route or initiate operation.

       /var/run/pluto/dynip/xxxx  can  be used to use a virtual interface name
       in ipsec.conf. By example, when adsl can be ppp0, ppp1, or  some  such,
       one can do:

       ipsec.conf:  interfaces="ipsec0=adsl"  And use /etc/ppp/ip-up to create
           /var/run/pluto/dynip/adsl:    IP_PHYS=ppp0

       %auto can be used to automaticaly name the connections

       kill -TERM can be used to stop Openswan.  Pluto  will  be  stopped  and
       kernel modules unloaded.




       ipsec(8), ipsec_tncfg(8), ipsec_pluto(8)


       Original  by for Arkoon Network Security. Updated for
       FreeS/WAN version 2 by Michael Richardson <>.
       Merged into Openswan 2.2 by Xelerance Corporation


       handle  wildcards  in  include  lines  --  use  glob()  fct ex: include

       handle duplicates keywords and sections

       Support also keyword

       add unsupported keywords

       manually keyed connections



                                  29 Nov 2004                 IPSEC_STARTER(8)