ipsec starter − start up the IPsec keying daemon (pluto) and load configuration |
ipsec starter [−−debug −−auto_reload seconds −−parsedebug −−verbose −−dumpcfg] |
Openswan Starter is aimed to replace all the scripts which are used to start and stop Openswan, and to do that in a quicker and a smarter way. It can also reload the configuration file if given a HUP signal, and apply the changes. What it will do: Load and unload KLIPS, or NETKEY (ipsec kernel module) Launch and monitor pluto. Add, initiate, route and delete connections Attach and detach interfaces according to config file kill -HUP can be used to reload the config file. New connections will be added, old ones will be removed and modified ones will be reloaded. Interfaces/Klips/Pluto will be reloaded if necessary. Upon startup, starter will save its pid to the file /var/run/pluto/ipsec-starter.pid Upon reloading, dynamic DNS addresses will be resolved and updated. Use −−auto_reload to periodicaly check for dynamic DNS changes. kill −USR1 can be used to reload all connections. This does a delete, followed by an add and then either a route or initiate operation. /var/run/pluto/dynip/xxxx can be used to use a virtual interface name in ipsec.conf. By example, when adsl can be ppp0, ppp1, or some such, one can do: ipsec.conf: interfaces="ipsec0=adsl" And use /etc/ppp/ip-up to create /var/run/pluto/dynip/adsl /var/run/pluto/dynip/adsl: IP_PHYS=ppp0 %auto can be used to automaticaly name the connections kill −TERM can be used to stop Openswan. Pluto will be stopped and kernel modules unloaded. |
/etc/ipsec.conf |
Original by mlafon@arkoon.net for Arkoon Network Security. Updated for FreeS/WAN version 2 by Michael Richardson <mcr@sandelman.ottawa.on.ca>. Merged into Openswan 2.2 by Xelerance Corporation |
handle wildcards in include lines −− use glob() fct ex: include /etc/ipsec.*.conf handle duplicates keywords and sections Support also keyword add unsupported keywords manually keyed connections %defaultroute IPv6 |