Provided by: openswan_2.4.9+dfsg-1build1_i386 bug


       ipsec setup - control IPsec subsystem


       ipsec setup [--show | --showonly] command


       ipsec setup [[ --showonly ]] { --start | --stop | --restart }

       ipsec setup --status


       Setup  controls the FreeS/WAN IPsec subsystem, including both the Klips
       kernel code and the Pluto key-negotiation daemon. (It is a synonym  for
rcâ script for the subsystem; the system runs the equivalent of ipsec setup start at boot time, and ipsec setup stop at shutdown time, more or less.)
       the â

       The  action  taken depends on the specific command, and on the contents
       of  the  config   setup  section  of  the  IPsec   configuration   file
       (/etc/ipsec.conf, see ipsec.conf(5)). Current commands are:

       start  start  Klips  and Pluto, including setting up Klips to do crypto
              operations on the interface(s) specified  in  the  configuration
              file,  and  (if  the configuration file so specifies) setting up
              manually-keyed connections  and/or  asking  Pluto  to  negotiate
              automatically-keyed connections to other security gateways

       stop   shut  down  Klips and Pluto, including tearing down all existing
              crypto connections

              equivalent to stop followed by start

       status report the status of the subsystem; normally just reports  IPsec
              running  and  pluto  pid  nnn,  or IPsec stopped, and exits with
              status 0, but will go into more detail (and exit with status  1)
              if something strange is found. (An â

       The  stop  operation  tries  to  clean  up  properly  even  if assorted
       accidents have occurred, e.g. Pluto having died  without  removing  its
       lock  file.  If  stop  discovers that the subsystem is (supposedly) not
       running, it will complain,  but  will  do  its  cleanup  anyway  before
       exiting with status 1.

       Although  a  number  of configuration-file parameters influence setup’s
       operations, the key one is the  interfaces  parameter,  which  must  be
       right or chaos will ensue.

       The  --show  and  --showonly  options  cause setup to display the shell
       commands that it would execute. --showonly suppresses their  execution.
       Only start, stop, and restart commands recognize these flags.


       /etc/rc.d/init.d/ipsec  the  script  itself/etc/init.d/ipsec  alternate
       location   for   the    script/etc/ipsec.conf    IPsec    configuration
       file/proc/sys/net/ipv4/ip_forward                            forwarding
       control/var/run/pluto/                                  saved
       information/var/run/pluto/              Pluto             lock
       file/var/run/pluto/ IPsec lock file


       ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)


       All output from the commands start  and  stop  goes  both  to  standard
       output   and   to   syslogd(8),   via  logger(1).  Selected  additional
       information is logged only to syslogd(8).


       Written   for   the   FreeS/WAN    project    <> by Henry Spencer.


       Old  versions of logger(1) inject spurious extra newlines onto standard