Provided by: libreswan_4.14-1ubuntu2_amd64 bug

NAME

       ipsec__updown - kernel and routing manipulation script

SYNOPSIS

       _updown is invoked by pluto when it has brought up a new connection. This script is used
       to insert the appropriate routing entries for IPsec operation on some kernel IPsec stacks,
       and may do other necessary work that is kernel or user specific, such as defining custom
       firewall rules. The interface to the script is documented in the pluto man page.

VARIABLES

       The _updown is passed along a number of variables which can be used to act differently
       based on the information:

       PLUTO_VERB
           specifies the name of the operation to be performed, which can be one of prepare-host,
           prepare-client, up-host, up-client, down-host or down-client. If the address family
           for security gateway to security gateway communications is IPv6, then a suffix of -v6
           is added to this verb.

       PLUTO_CONNECTION
           is the name of the connection for which we are routing.

       PLUTO_NEXT_HOP
           is the next hop to which packets bound for the peer must be sent.

       PLUTO_INTERFACE
           is the name of the real interface used by encrypted traffic and IKE traffic.

       PLUTO_ME
           is the IP address of our host.

       PLUTO_MY_CLIENT
           is the IP address / count of our client subnet. If the client is just the host, this
           will be the host's own IP address / max (where max is 32 for IPv4 and 128 for IPv6).

       PLUTO_MY_CLIENT_NET
           is the IP address of our client net. If the client is just the host, this will be the
           host's own IP address.

       PLUTO_MY_CLIENT_MASK
           is the mask for our client net. If the client is just the host, this will be
           255.255.255.255.

       PLUTO_PEER
           is the IP address of our peer.

       PLUTO_PEER_CLIENT
           is the IP address / count of the peer's client subnet. If the client is just the peer,
           this will be the peer's own IP address / max (where max is 32 for IPv4 and 128 for
           IPv6).

       PLUTO_PEER_CLIENT_NET
           is the IP address of the peer's client net. If the client is just the peer, this will
           be the peer's own IP address.

       PLUTO_PEER_CLIENT_MASK
           is the mask for the peer's client net. If the client is just the peer, this will be
           255.255.255.255.

       PLUTO_MY_PROTOCOL
           lists the protocols allowed over this IPsec SA.

       PLUTO_PEER_PROTOCOL
           lists the protocols the peer allows over this IPsec SA.

       PLUTO_MY_PORT
           lists the ports allowed over this IPsec SA.

       PLUTO_PEER_PORT
           lists the ports the peer allows over this IPsec SA.

       PLUTO_MY_ID
           lists our id.

       PLUTO_PEER_ID
           lists our peer's id.

       PLUTO_PEER_CA
           lists the peer's CA.

SEE ALSO

       ipsec(8), ipsec_pluto(8).

HISTORY

       Man page written for the Linux FreeS/WAN project <https://www.freeswan.org/> by Michael
       Richardson. Original program written by Henry Spencer.

AUTHOR

       Paul Wouters
           placeholder to suppress warning