Provided by: libreswan_5.2-2.2ubuntu1_amd64 
NAME
ipsec-ondemand - Add and route a connection
SYNOPSIS
ipsec ondemand connection [--config /etc/ipsec.conf] [--ctlsocket /run/pluto/pluto.ctl] [--dry-run]
DESCRIPTION
ipsec ondemand is equivalent to running ipsec add connection followed by ipsec route connection , having
the same effect as the connection configuration option auto=route or auto=ondemand. This sets up
connection to be on demand, causing connection to establish only when triggered by outbound traffic.
Note: you might also need to run ipsec rereadsecrets when your new connection uses pre-shared key (PSK)
authentication, authby=secret because secrets keys are only being read at startup.
With --dry-run the underlying whack or addconn command is displayed but not executed.
SEE ALSO
ipsec.conf(5), ipsec(8), ipsec-add(8), ipsec-algparse(8), ipsec-briefconnectionstatus(8), ipsec-
briefstatus(8), ipsec-certutil(8), ipsec-checkconfig(8), ipsec-checknflog(8), ipsec-checknss(8), ipsec-
connectionstatus(8), ipsec-crlutil(8), ipsec-delete(8), ipsec-down(8), ipsec-ecdsasigkey(8), ipsec-
fetchcrls(8), ipsec-fipsstatus(8), ipsec-globalstatus(8), ipsec-import(8), ipsec-initnss(8), ipsec-
letsencrypt(8), ipsec-listall(8), ipsec-listcacerts(8), ipsec-listcerts(8), ipsec-listcrls(8), ipsec-
listen(8), ipsec-listpubkeys(8), ipsec-modutil(8), ipsec-newhostkey(8), ipsec-pk12util(8), ipsec-
pluto(8), ipsec-purgeocsp(8), ipsec-redirect(8), ipsec-replace(8), ipsec-rereadall(8), ipsec-
rereadcerts(8), ipsec-rereadsecrets(8), ipsec-restart(8), ipsec-route(8), ipsec-rsasigkey(8), ipsec-
setup(8), ipsec-showhostkey(8), ipsec-showroute(8), ipsec-showstates(8), ipsec-shuntstatus(8), ipsec-
start(8), ipsec-status(8), ipsec-stop(8), ipsec-trafficstatus(8), ipsec-unroute(8), ipsec-up(8), ipsec-
vfychain(8), ipsec-whack(8)
BUGS
none
AUTHOR
Tuomo Soini
Libreswan 5.2 07/30/2025 IPSEC-ONDEMAND(8)