Import initial strongswan 2.7.0 version into SVN.

1 files changed, 416 insertions, 0 deletions

diff --git a/doc/manpage.d/ipsec_auto.8.html b/doc/manpage.d/ipsec_auto.8.html
new file mode 100644
index 000000000..68ca61bdc
--- /dev/null
+++ b/doc/manpage.d/ipsec_auto.8.html
@@ -0,0 +1,416 @@
+Content-type: text/html
+
+<HTML><HEAD><TITLE>Manpage of IPSEC_AUTO</TITLE>
+</HEAD><BODY>
+<H1>IPSEC_AUTO</H1>
+Section: Maintenance Commands (8)<BR>Updated: 31 Jan 2002<BR><A HREF="#index">Index</A>
+<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>
+
+
+<A NAME="lbAB">&nbsp;</A>
+<H2>NAME</H2>
+
+ipsec auto - control automatically-keyed IPsec connections
+<A NAME="lbAC">&nbsp;</A>
+<H2>SYNOPSIS</H2>
+
+<B>ipsec</B>
+
+<B>auto</B>
+
+[
+<B>--show</B>
+
+] [
+<B>--showonly</B>
+
+] [
+<B>--asynchronous</B>
+
+]
+<BR>
+
+&nbsp;&nbsp;&nbsp;[
+<B>--config</B>
+
+configfile
+] [
+<B>--verbose</B>
+
+]
+<BR>
+
+&nbsp;&nbsp;&nbsp;operation
+connection
+<P>
+<B>ipsec</B>
+
+<B>auto</B>
+
+[
+<B>--show</B>
+
+] [
+<B>--showonly</B>
+
+] operation
+<A NAME="lbAD">&nbsp;</A>
+<H2>DESCRIPTION</H2>
+
+<I>Auto</I>
+
+manipulates automatically-keyed FreeS/WAN IPsec connections,
+setting them up and shutting them down
+based on the information in the IPsec configuration file.
+In the normal usage,
+<I>connection</I>
+
+is the name of a connection specification in the configuration file;
+<I>operation</I>
+
+is
+<B>--add</B>,
+
+<B>--delete</B>,
+
+<B>--replace</B>,
+
+<B>--up</B>,
+
+<B>--down</B>,
+
+<B>--route</B>,
+
+or
+<B>--unroute</B>.
+
+The
+<B>--ready</B>,
+
+<B>--rereadsecrets</B>,
+
+<B>--rereadgroups</B>,
+
+and
+<B>--status</B>
+
+<I>operations</I>
+
+do not take a connection name.
+<I>Auto</I>
+
+generates suitable
+commands and feeds them to a shell for execution.
+<P>
+
+The
+<B>--add</B>
+
+operation adds a connection specification to the internal database
+within
+<I>pluto</I>;
+
+it will fail if
+<I>pluto</I>
+
+already has a specification by that name.
+The
+<B>--delete</B>
+
+operation deletes a connection specification from
+<I>pluto</I>'s
+
+internal database (also tearing down any connections based on it);
+it will fail if the specification does not exist.
+The
+<B>--replace</B>
+
+operation is equivalent to
+<B>--delete</B>
+
+(if there is already a specification by the given name)
+followed by
+<B>--add</B>,
+
+and is a convenience for updating
+<I>pluto</I>'s
+
+internal specification to match an external one.
+(Note that a
+<B>--rereadsecrets</B>
+
+may also be needed.)
+The
+<B>--rereadgroups</B>
+
+operation causes any changes to the policy group files to take effect
+(this is currently a synonym for
+<B>--ready</B>,
+
+but that may change).
+None of the other operations alters the internal database.
+<P>
+
+The
+<B>--up</B>
+
+operation asks
+<I>pluto</I>
+
+to establish a connection based on an entry in its internal database.
+The
+<B>--down</B>
+
+operation tells
+<I>pluto</I>
+
+to tear down such a connection.
+<P>
+
+Normally,
+<I>pluto</I>
+
+establishes a route to the destination specified for a connection as
+part of the
+<B>--up</B>
+
+operation.
+However, the route and only the route can be established with the
+<B>--route</B>
+
+operation.
+Until and unless an actual connection is established,
+this discards any packets sent there,
+which may be preferable to having them sent elsewhere based on a more
+general route (e.g., a default route).
+<P>
+
+Normally,
+<I>pluto</I>'s
+
+route to a destination remains in place when a
+<B>--down</B>
+
+operation is used to take the connection down
+(or if connection setup, or later automatic rekeying, fails).
+This permits establishing a new connection (perhaps using a
+different specification; the route is altered as necessary)
+without having a ``window'' in which packets might go elsewhere
+based on a more general route.
+Such a route can be removed using the
+<B>--unroute</B>
+
+operation
+(and is implicitly removed by
+<B>--delete</B>).
+
+<P>
+
+The
+<B>--ready</B>
+
+operation tells
+<I>pluto</I>
+
+to listen for connection-setup requests from other hosts.
+Doing an
+<B>--up</B>
+
+operation before doing
+<B>--ready</B>
+
+on both ends is futile and will not work,
+although this is now automated as part of IPsec startup and
+should not normally be an issue.
+<P>
+
+The
+<B>--status</B>
+
+operation asks
+<I>pluto</I>
+
+for current connection status.
+The output format is ad-hoc and likely to change.
+<P>
+
+The
+<B>--rereadsecrets</B>
+
+operation tells
+<I>pluto</I>
+
+to re-read the
+<I>/etc/ipsec.secrets</I>
+
+secret-keys file,
+which it normally reads only at startup time.
+(This is currently a synonym for
+<B>--ready</B>,
+
+but that may change.)
+<P>
+
+The
+<B>--show</B>
+
+option turns on the
+<B>-x</B>
+
+option of the shell used to execute the commands,
+so each command is shown as it is executed.
+<P>
+
+The
+<B>--showonly</B>
+
+option causes
+<I>auto</I>
+
+to show the commands it would run, on standard output,
+and not run them.
+<P>
+
+The
+<B>--asynchronous</B>
+
+option, applicable only to the
+<B>up</B>
+
+operation,
+tells
+<I>pluto</I>
+
+to attempt to establish the connection,
+but does not delay to report results.
+This is especially useful to start multiple connections in parallel
+when network links are slow.
+<P>
+
+The
+<B>--verbose</B>
+
+option instructs
+<I>auto</I>
+
+to pass through all output from
+<I><A HREF="ipsec_whack.8.html">ipsec_whack</A></I>(8),
+
+including log output that is normally filtered out as uninteresting.
+<P>
+
+The
+<B>--config</B>
+
+option specifies a non-standard location for the IPsec
+configuration file (default
+<I>/etc/ipsec.conf</I>).
+
+<P>
+
+See
+<I><A HREF="ipsec.conf.5.html">ipsec.conf</A></I>(5)
+
+for details of the configuration file.
+Apart from the basic parameters which specify the endpoints and routing
+of a connection (<B>left</B>
+and
+<B>right</B>,
+
+plus possibly
+<B>leftsubnet</B>,
+
+<B>leftnexthop</B>,
+
+<B>leftfirewall</B>,
+
+their
+<B>right</B>
+
+equivalents,
+and perhaps
+<B>type</B>),
+
+an
+<I>auto</I>
+
+connection almost certainly needs a
+<B>keyingtries</B>
+
+parameter (since the
+<B>keyingtries</B>
+
+default is poorly chosen).
+<A NAME="lbAE">&nbsp;</A>
+<H2>FILES</H2>
+
+
+
+/etc/ipsec.conf<TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TT>default IPSEC configuration file<BR>
+<BR>
+
+/var/run/ipsec.info<TT>&nbsp;&nbsp;&nbsp;</TT><B>%defaultroute</B> information<BR>
+<A NAME="lbAF">&nbsp;</A>
+<H2>SEE ALSO</H2>
+
+<A HREF="ipsec.conf.5.html">ipsec.conf</A>(5), <A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_pluto.8.html">ipsec_pluto</A>(8), <A HREF="ipsec_whack.8.html">ipsec_whack</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8)
+<A NAME="lbAG">&nbsp;</A>
+<H2>HISTORY</H2>
+
+Written for the FreeS/WAN project
+&lt;<A HREF="http://www.freeswan.org">http://www.freeswan.org</A>&gt;
+by Henry Spencer.
+<A NAME="lbAH">&nbsp;</A>
+<H2>BUGS</H2>
+
+Although an
+<B>--up</B>
+
+operation does connection setup on both ends,
+<B>--down</B>
+
+tears only one end of the connection down
+(although the orphaned end will eventually time out).
+<P>
+
+There is no support for
+<B>passthrough</B>
+
+connections.
+<P>
+
+A connection description which uses
+<B>%defaultroute</B>
+
+for one of its
+<B>nexthop</B>
+
+parameters but not the other may be falsely
+rejected as erroneous in some circumstances.
+<P>
+
+The exit status of
+<B>--showonly</B>
+
+does not always reflect errors discovered during processing of the request.
+(This is fine for human inspection, but not so good for use in scripts.)
+<P>
+
+<HR>
+<A NAME="index">&nbsp;</A><H2>Index</H2>
+<DL>
+<DT><A HREF="#lbAB">NAME</A><DD>
+<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
+<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
+<DT><A HREF="#lbAE">FILES</A><DD>
+<DT><A HREF="#lbAF">SEE ALSO</A><DD>
+<DT><A HREF="#lbAG">HISTORY</A><DD>
+<DT><A HREF="#lbAH">BUGS</A><DD>
+</DL>
+<HR>
+This document was created by
+<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
+using the manual pages.<BR>
+Time: 21:40:17 GMT, November 11, 2003
+</BODY>
+</HTML>