Provided by: openswan_2.4.9+dfsg-1build1_i386 bug

NAME

       ipsec setup - control IPsec subsystem

SYNOPSIS

       ipsec setup [--show | --showonly] command

EXAMPLES

       ipsec setup [[ --showonly ]] { --start | --stop | --restart }

       ipsec setup --status

DESCRIPTION

       Setup  controls the FreeS/WAN IPsec subsystem, including both the Klips
       kernel code and the Pluto key-negotiation daemon. (It is a synonym  for
rcâ script for the subsystem; the system runs the equivalent of ipsec setup start at boot time, and ipsec setup stop at shutdown time, more or less.)
       the â

       The  action  taken depends on the specific command, and on the contents
       of  the  config   setup  section  of  the  IPsec   configuration   file
       (/etc/ipsec.conf, see ipsec.conf(5)). Current commands are:

       start  start  Klips  and Pluto, including setting up Klips to do crypto
              operations on the interface(s) specified  in  the  configuration
              file,  and  (if  the configuration file so specifies) setting up
              manually-keyed connections  and/or  asking  Pluto  to  negotiate
              automatically-keyed connections to other security gateways

       stop   shut  down  Klips and Pluto, including tearing down all existing
              crypto connections

       restart
              equivalent to stop followed by start

       status report the status of the subsystem; normally just reports  IPsec
              running  and  pluto  pid  nnn,  or IPsec stopped, and exits with
              status 0, but will go into more detail (and exit with status  1)
              if something strange is found. (An â

       The  stop  operation  tries  to  clean  up  properly  even  if assorted
       accidents have occurred, e.g. Pluto having died  without  removing  its
       lock  file.  If  stop  discovers that the subsystem is (supposedly) not
       running, it will complain,  but  will  do  its  cleanup  anyway  before
       exiting with status 1.

       Although  a  number  of configuration-file parameters influence setup’s
       operations, the key one is the  interfaces  parameter,  which  must  be
       right or chaos will ensue.

       The  --show  and  --showonly  options  cause setup to display the shell
       commands that it would execute. --showonly suppresses their  execution.
       Only start, stop, and restart commands recognize these flags.

FILES

       /etc/rc.d/init.d/ipsec  the  script  itself/etc/init.d/ipsec  alternate
       location   for   the    script/etc/ipsec.conf    IPsec    configuration
       file/proc/sys/net/ipv4/ip_forward                            forwarding
       control/var/run/pluto/ipsec.info                                  saved
       information/var/run/pluto/pluto.pid              Pluto             lock
       file/var/run/pluto/ipsec_setup.pid IPsec lock file

SEE ALSO

       ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8)

DIAGNOSTICS

       All output from the commands start  and  stop  goes  both  to  standard
       output   and   to   syslogd(8),   via  logger(1).  Selected  additional
       information is logged only to syslogd(8).

HISTORY

       Written   for   the   FreeS/WAN    project    <http://www.freeswan.org:
       http://www.freeswan.org> by Henry Spencer.

BUGS

       Old  versions of logger(1) inject spurious extra newlines onto standard
       output.

                                                                IPSEC_SETUP(8)