summaryrefslogtreecommitdiff
path: root/src/ipsec
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2007-04-12 20:30:08 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2007-04-12 20:30:08 +0000
commitb0d8ed94fe9e74afb49fdf5f11e4add29879c65c (patch)
treeb20167235628771046e940a82a906a6d0991ee4a /src/ipsec
parentea939d07c84d2a8e51215458063fc05e9c399290 (diff)
downloadvyos-strongswan-b0d8ed94fe9e74afb49fdf5f11e4add29879c65c.tar.gz
vyos-strongswan-b0d8ed94fe9e74afb49fdf5f11e4add29879c65c.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.1.1)
Diffstat (limited to 'src/ipsec')
-rw-r--r--src/ipsec/Makefile.am16
-rw-r--r--src/ipsec/Makefile.in434
-rw-r--r--src/ipsec/ipsec.8342
-rwxr-xr-xsrc/ipsec/ipsec.in294
4 files changed, 1086 insertions, 0 deletions
diff --git a/src/ipsec/Makefile.am b/src/ipsec/Makefile.am
new file mode 100644
index 000000000..44964e041
--- /dev/null
+++ b/src/ipsec/Makefile.am
@@ -0,0 +1,16 @@
+sbin_SCRIPTS = ipsec
+CLEANFILES = ipsec
+dist_man8_MANS = ipsec.8
+EXTRA_DIST = ipsec.in
+
+ipsec : ipsec.in
+ sed \
+ -e "s:@IPSEC_VERSION@:$(PACKAGE_VERSION):" \
+ -e "s:@IPSEC_NAME@:$(PACKAGE_NAME):" \
+ -e "s:@IPSEC_DISTRO@::" \
+ -e "s:@IPSEC_DIR@:$(ipsecdir):" \
+ -e "s:@IPSEC_SBINDIR@:$(sbindir):" \
+ -e "s:@IPSEC_CONFDIR@:$(confdir):" \
+ -e "s:@IPSEC_PIDDIR@:$(piddir):" \
+ $< > $@
+ chmod +x $@
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
new file mode 100644
index 000000000..eaf0e9d79
--- /dev/null
+++ b/src/ipsec/Makefile.in
@@ -0,0 +1,434 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ../..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/ipsec
+DIST_COMMON = $(dist_man8_MANS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
+sbinSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+SCRIPTS = $(sbin_SCRIPTS)
+SOURCES =
+DIST_SOURCES =
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(dist_man8_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BUILD_EAP_SIM_FALSE = @BUILD_EAP_SIM_FALSE@
+BUILD_EAP_SIM_TRUE = @BUILD_EAP_SIM_TRUE@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_CISCO_QUIRKS_FALSE = @USE_CISCO_QUIRKS_FALSE@
+USE_CISCO_QUIRKS_TRUE = @USE_CISCO_QUIRKS_TRUE@
+USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
+USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
+USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
+USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
+USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
+USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
+USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
+USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
+USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
+USE_SMARTCARD_TRUE = @USE_SMARTCARD_TRUE@
+USE_VENDORID_FALSE = @USE_VENDORID_FALSE@
+USE_VENDORID_TRUE = @USE_VENDORID_TRUE@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+confdir = @confdir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+eapdir = @eapdir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+sbin_SCRIPTS = ipsec
+CLEANFILES = ipsec
+dist_man8_MANS = ipsec.8
+EXTRA_DIST = ipsec.in
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/ipsec/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/ipsec/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-sbinSCRIPTS: $(sbin_SCRIPTS)
+ @$(NORMAL_INSTALL)
+ test -z "$(sbindir)" || $(mkdir_p) "$(DESTDIR)$(sbindir)"
+ @list='$(sbin_SCRIPTS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ if test -f $$d$$p; then \
+ f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+ echo " $(sbinSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
+ $(sbinSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(sbindir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-sbinSCRIPTS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_SCRIPTS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+ echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(sbindir)/$$f"; \
+ done
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+uninstall-info-am:
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+ list='$(DISTFILES)'; for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+ esac; \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+ dir="/$$dir"; \
+ $(mkdir_p) "$(distdir)$$dir"; \
+ else \
+ dir=''; \
+ fi; \
+ if test -d $$d/$$file; then \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(SCRIPTS) $(MANS)
+installdirs:
+ for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(mkdir_p) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-exec-am: install-sbinSCRIPTS
+
+install-info: install-info-am
+
+install-man: install-man8
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am uninstall-man uninstall-sbinSCRIPTS
+
+uninstall-man: uninstall-man8
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ distclean distclean-generic distclean-libtool distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-exec install-exec-am \
+ install-info install-info-am install-man install-man8 \
+ install-sbinSCRIPTS install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am uninstall uninstall-am uninstall-info-am \
+ uninstall-man uninstall-man8 uninstall-sbinSCRIPTS
+
+
+ipsec : ipsec.in
+ sed \
+ -e "s:@IPSEC_VERSION@:$(PACKAGE_VERSION):" \
+ -e "s:@IPSEC_NAME@:$(PACKAGE_NAME):" \
+ -e "s:@IPSEC_DISTRO@::" \
+ -e "s:@IPSEC_DIR@:$(ipsecdir):" \
+ -e "s:@IPSEC_SBINDIR@:$(sbindir):" \
+ -e "s:@IPSEC_CONFDIR@:$(confdir):" \
+ -e "s:@IPSEC_PIDDIR@:$(piddir):" \
+ $< > $@
+ chmod +x $@
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/ipsec/ipsec.8 b/src/ipsec/ipsec.8
new file mode 100644
index 000000000..b37ac2c3a
--- /dev/null
+++ b/src/ipsec/ipsec.8
@@ -0,0 +1,342 @@
+.TH IPSEC 8 "9 February 2006"
+.\" RCSID $Id: ipsec.8,v 1.3 2006/02/09 19:47:38 as Exp $
+.SH NAME
+ipsec \- invoke IPsec utilities
+.SH SYNOPSIS
+.B ipsec
+command [ argument ...]
+.sp
+.B ipsec start|update|reload|restart|stop
+.sp
+.B ipsec up|down|route|unroute
+\fIconnectionname\fP
+.sp
+.B ipsec status|statusall
+[
+\fIconnectionname\fP
+]
+.sp
+.B ipsec listalgs|listpubkeys|listcerts
+[
+.B \-\-utc
+]
+.br
+.B ipsec listcacerts|listaacerts|listocspcerts
+[
+.B \-\-utc
+]
+.br
+.B ipsec listacerts|listgroups|listcainfos
+[
+.B \-\-utc
+]
+.br
+.B ipsec listcrls|listocsp|listcards|listall
+[
+.B \-\-utc
+]
+.sp
+.B ipsec rereadsecrets|rereadgroups
+.br
+.B ipsec rereadcacerts|rereadaacerts|rereadocspcerts
+.br
+.B ipsec rereadacerts|rereadcrls|rereadall
+.sp
+.B ipsec purgeocsp
+.sp
+.B ipsec
+[
+.B \-\-help
+] [
+.B \-\-version
+] [
+.B \-\-versioncode
+] [
+.B \-\-copyright
+]
+.br
+.B ipsec
+[
+.B \-\-directory
+] [
+.B \-\-confdir
+]
+.SH DESCRIPTION
+.I Ipsec
+invokes any of several utilities involved in controlling the IPsec
+encryption/authentication system,
+running the specified
+.I command
+with the specified
+.IR argument s
+as if it had been invoked directly.
+This largely eliminates possible name collisions with other software,
+and also permits some centralized services.
+.PP
+The commands
+.BR start ,
+.BR update ,
+.BR reload ,
+.BR restart ,
+and
+.BR stop
+are built-in and are used to control the
+.BR "ipsec starter"
+utility, an extremely fast replacement for the traditional
+.BR ipsec
+.BR setup
+script.
+.PP
+The commands
+.BR up,
+.BR down,
+.BR route,
+.BR unroute,
+.BR status,
+.BR statusall,
+.BR listalgs,
+.BR listpubkeys,
+.BR listcerts,
+.BR listcacerts,
+.BR listaacerts,
+.BR listocspcerts,
+.BR listacerts,
+.BR listgroups,
+.BR listcainfos,
+.BR listcrls,
+.BR listocsp,
+.BR listcards,
+.BR listall,
+.BR rereadsecrets,
+.BR rereadgroups,
+.BR rereadcacerts,
+.BR rereadaacerts,
+.BR rereadocspcerts,
+.BR rereadacerts,
+.BR rereadcrls,
+and
+.BR rereadall
+are also built-in and completely replace the corresponding
+.BR "ipsec auto"
+\-\-\fIoperation\fP"
+commands. Communication with the pluto daemon happens via the
+.BR "ipsec whack"
+socket interface.
+.PP
+In particular,
+.I ipsec
+supplies the invoked
+.I command
+with a suitable PATH environment variable,
+and also provides IPSEC_DIR,
+IPSEC_CONFS, and IPSEC_VERSION environment variables,
+containing respectively
+the full pathname of the directory where the IPsec utilities are stored,
+the full pathname of the directory where the configuration files live,
+and the IPsec version number.
+.PP
+.B "ipsec start"
+calls
+.BR "ipsec starter"
+which in turn starts \fIpluto\fR.
+.PP
+.B "ipsec update"
+sends a \fIHUP\fR signal to
+.BR "ipsec starter"
+which in turn determines any changes in \fIipsec.conf\fR
+and updates the configuration on the running \fIpluto\fR daemon, correspondingly.
+.PP
+.B "ipsec reload"
+sends a \fIUSR1\fR signal to
+.BR "ipsec starter"
+which in turn reloads the whole configuration on the running \fIpluto\fR daemon
+based on the actual \fIipsec.conf\fR.
+.PP
+.B "ipsec restart"
+executes
+.B "ipsec stop"
+followed by
+.BR "ipsec start".
+.PP
+.B "ipsec stop"
+stops \fIipsec\fR by sending a \fITERM\fR signal to
+.BR "ipsec starter".
+.PP
+.B "ipsec up"
+\fIname\fP tells the \fIpluto\fP daemon to start up connection \fIname\fP.
+.PP
+.B "ipsec down"
+\fIname\fP tells the \fIpluto\fP daemon to take down connection \fIname\fP.
+.PP
+.B "ipsec route"
+\fIname\fP tells the \fIpluto\fP daemon to install a route for connection
+\fIname\fP.
+.PP
+.B "ipsec unroute"
+\fIname\fP tells the \fIpluto\fP daemon to take down the route for connection
+\fIname\fP.
+.PP
+.B "ipsec status"
+[ \fIname\fP ] gives concise status information either on connection
+\fIname\fP or if the \fIname\fP argument is lacking, on all connections.
+.PP
+.B "ipsec statusall"
+[ \fIname\fP ] gives detailed status information either on connection
+\fIname\fP or if the \fIname\fP argument is lacking, on all connections.
+.PP
+.B "ipsec listalgs"
+returns a list all supported IKE encryption and hash algorithms, the available
+Diffie-Hellman groups, as well as all supported ESP encryption and authentication
+algorithms.
+.PP
+.B "ipsec listpubkeys"
+returns a list of RSA public keys that were either loaded in raw key format
+or extracted from X.509 and|or OpenPGP certificates.
+.PP
+.B "ipsec listcerts"
+returns a list of X.509 and|or OpenPGP certificates that were loaded locally
+by the \fIpluto\fP daemon.
+.PP
+.B "ipsec listcacerts"
+returns a list of X.509 Certification Authority (CA) certificates that were
+loaded locally by the \fIpluto\fP daemon from the \fI/etc/ipsec.d/cacerts/\fP
+directory or received in PKCS#7-wrapped certificate payloads via the IKE
+protocol.
+.PP
+.B "ipsec listaacerts"
+returns a list of X.509 Authorization Authority (AA) certificates that were
+loaded locally by the \fIpluto\fP daemon from the \fI/etc/ipsec.d/aacerts/\fP
+directory.
+.PP
+.B "ipsec listocspcerts"
+returns a list of X.509 OCSP Signer certificates that were either loaded
+locally by the \fIpluto\fP daemon from the \fI/etc/ipsec.d/ocspcerts/\fP
+directory or were sent by an OCSP server.
+.PP
+.B "ipsec listacerts"
+returns a list of X.509 Attribute certificates that were loaded locally by
+the \fIpluto\fP daemon from the \fI/etc/ipsec.d/acerts/\fP directory.
+.PP
+.B "ipsec listgroups"
+returns a list of groups that are used to define user authorization profiles.
+.PP
+.B "ipsec listcainfos"
+returns certification authority information (CRL distribution points, OCSP URIs,
+LDAP servers) that were defined by
+.BR ca
+sections in \fIipsec.conf\fP.
+.PP
+.B "ipsec listcrls"
+returns a list of Certificate Revocation Lists (CRLs).
+.PP
+.B "ipsec listocsp"
+returns revocation information fetched from OCSP servers.
+.PP
+.B "ipsec listcards"
+returns a list of certificates residing on smartcards.
+.PP
+.B "ipsec listall"
+returns all information generated by the list commands above. Each list command
+can be called with the
+\-\-url
+option which displays all dates in UTC instead of local time.
+.PP
+.B "ipsec rereadsecrets"
+flushes and rereads all secrets defined in \fIipsec.conf\fP.
+.PP
+.B "ipsec rereadcacerts"
+reads all certificate files contained in the \fI/etc/ipsec.d/cacerts\fP
+directory and adds them to \fIpluto\fP's list of Certification Authority (CA) certificates.
+.PP
+.B "ipsec rereadaacerts"
+reads all certificate files contained in the \fI/etc/ipsec.d/aacerts\fP
+directory and adds them to \fIpluto\fP's list of Authorization Authority (AA) certificates.
+.PP
+.B "ipsec rereadocspcerts"
+reads all certificate files contained in the \fI/etc/ipsec.d/ocspcerts/\fP
+directory and adds them to \fIpluto\fP's list of OCSP signer certificates.
+.PP
+.B "ipsec rereadacerts"
+operation reads all certificate files contained in the \fI/etc/ipsec.d/acerts/\fP
+directory and adds them to \fIpluto\fP's list of attribute certificates.
+.PP
+.B "ipsec rereadcrls"
+reads all Certificate Revocation Lists (CRLs) contained in the
+\fI/etc/ipsec.d/crls/\fP directory and adds them to \fIpluto\fP's list of CRLs.
+.PP
+.B "ipsec rereadall"
+is equivalent to the execution of \fBrereadsecrets\fP,
+\fBrereadcacerts\fP, \fBrereadaacerts\fP, \fBrereadocspcerts\fP,
+\fBrereadacerts\fP, and \fBrereadcrls\fP.
+.PP
+.B "ipsec \-\-help"
+lists the available commands.
+Most have their own manual pages, e.g.
+.IR ipsec_auto (8)
+for
+.IR auto .
+.PP
+.B "ipsec \-\-version"
+outputs version information about Linux strongSwan.
+A version code of the form ``U\fIxxx\fR/K\fIyyy\fR''
+indicates that the user-level utilities are version \fIxxx\fR
+but the kernel portion appears to be version \fIyyy\fR
+(this form is used only if the two disagree).
+.PP
+.B "ipsec \-\-versioncode"
+outputs \fIjust\fR the version code,
+with none of
+.BR \-\-version 's
+supporting information,
+for use by scripts.
+.PP
+.B "ipsec \-\-copyright"
+supplies boring copyright details.
+.PP
+.B "ipsec \-\-directory"
+reports where
+.I ipsec
+thinks the IPsec utilities are stored.
+.PP
+.B "ipsec \-\-confdir"
+reports where
+.I ipsec
+thinks the IPsec configuration files are stored.
+.SH FILES
+/usr/local/lib/ipsec usual utilities directory
+.SH ENVIRONMENT
+.PP
+The following environment variables control where strongSwan finds its
+components.
+The
+.B ipsec
+command sets them if they are not already set.
+.nf
+.na
+
+IPSEC_DIR directory containing ipsec programs and utilities
+IPSEC_SBINDIR directory containing \fBipsec\fP command
+IPSEC_CONFDIR directory containing configuration files
+IPSEC_PIDDIR directory containing PID files
+IPSEC_NAME name of ipsec distribution
+IPSEC_VERSION version numer of ipsec userland and kernel
+IPSEC_STARTER_PID PID file for ipsec starter
+IPSEC_PLUTO_PID PID file for IKEv1 keying daemon
+IPSEC_CHARON_PID PID file for IKEv2 keying daemon
+.ad
+.fi
+.SH SEE ALSO
+.hy 0
+.na
+ipsec.conf(5), ipsec.secrets(5),
+ipsec_barf(8),
+.ad
+.hy
+.PP
+.SH HISTORY
+Written for Linux FreeS/WAN
+<http://www.freeswan.org>
+by Henry Spencer.
+Updated and extended for Linux strongSwan
+<http://www.strongswan.org>
+by Andreas Steffen.
diff --git a/src/ipsec/ipsec.in b/src/ipsec/ipsec.in
new file mode 100755
index 000000000..bd74b6f16
--- /dev/null
+++ b/src/ipsec/ipsec.in
@@ -0,0 +1,294 @@
+#! /bin/sh
+# prefix command to run stuff from our programs directory
+# Copyright (C) 1998-2002 Henry Spencer.
+# Copyright (C) 2006 Andreas Steffen
+# Copyright (C) 2006 Martin Willi
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $
+
+# name and version of the ipsec implementation
+IPSEC_NAME="@IPSEC_NAME@"
+IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
+
+# where the private directory and the config files are
+IPSEC_DIR="@IPSEC_DIR@"
+IPSEC_SBINDIR="@IPSEC_SBINDIR@"
+IPSEC_CONFDIR="@IPSEC_CONFDIR@"
+IPSEC_PIDDIR="@IPSEC_PIDDIR@"
+
+IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
+IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid"
+IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
+
+IPSEC_WHACK="${IPSEC_DIR}/whack"
+IPSEC_STROKE="${IPSEC_DIR}/stroke"
+IPSEC_STARTER="${IPSEC_DIR}/starter"
+
+export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
+
+IPSEC_DISTRO="Institute for Internet Technologies and Applications\n
+ University of Applied Sciences Rapperswil, Switzerland"
+
+case "$1" in
+'')
+ echo "Usage: ipsec command argument ..."
+ echo "Use --help for list of commands, or see ipsec(8) manual page"
+ echo "or the $IPSEC_NAME documentation for names of the common ones."
+ echo "Most have their own manual pages, e.g. ipsec_auto(8)."
+ echo "See <http://www.strongswan.org> for more general info."
+ exit 0
+ ;;
+--help)
+ echo "Usage: ipsec command argument ..."
+ echo "where command is one of:"
+ echo " start|restart arguments..."
+ echo " update|reload|stop"
+ echo " up|down|route|unroute <connectionname>"
+ echo " status|statusall [<connectionname>]"
+ echo " ready"
+ echo " listalgs|listpubkeys|listcerts [--utc]"
+ echo " listcacerts|listaacerts|listocspcerts [--utc]"
+ echo " listacerts|listgroups|listcainfos [--utc]"
+ echo " listcrls|listocsp|listcards|listall [--utc]"
+ echo " rereadsecrets|rereadgroups"
+ echo " rereadcacerts|rereadaacerts|rereadocspcerts"
+ echo " rereadacerts|rereadcrls|rereadall"
+ echo " purgeocsp"
+ echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
+ echo " barf"
+ echo " openac"
+ echo " pluto"
+ echo " scepclient"
+ echo " secrets"
+ echo " starter"
+ echo " version"
+ echo " whack"
+ echo " stoke"
+ echo
+ echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
+ exit 0
+ ;;
+--versioncode)
+ echo "$IPSEC_VERSION"
+ exit 0
+ ;;
+--copyright)
+ set _copyright
+ # and fall through, invoking "ipsec _copyright"
+ ;;
+--directory)
+ echo "$IPSEC_DIR"
+ exit 0
+ ;;
+--confdir)
+ echo "$IPSEC_CONFDIR"
+ exit 0
+ ;;
+down)
+ shift
+ if [ "$#" -ne 1 ]
+ then
+ echo "Usage: ipsec down <connection name>"
+ exit 1
+ fi
+ if test -e $IPSEC_PLUTO_PID
+ then
+ $IPSEC_WHACK --name "$1" --terminate
+ fi
+ if test -e $IPSEC_CHARON_PID
+ then
+ $IPSEC_STROKE down "$1"
+ fi
+ exit 0
+ ;;
+listalgs|listpubkeys|listaacerts|\
+listacerts|listgroups|\listcards|\
+rereadsecrets|rereadgroups|\
+rereadaacerts|rereadacerts)
+ op="$1"
+ shift
+ if test -e $IPSEC_PLUTO_PID
+ then
+ $IPSEC_WHACK "$@" "--$op"
+ fi
+ exit 0
+ ;;
+listcerts|listcacerts|listocspcerts|\
+listcainfos|listcrls|listocsp|listall|\
+rereadcacerts|rereadocspcerts|rereadcrls|\
+rereadall|purgeocsp)
+ op="$1"
+ shift
+ if test -e $IPSEC_PLUTO_PID
+ then
+ $IPSEC_WHACK "$@" "--$op"
+ fi
+ if test -e $IPSEC_CHARON_PID
+ then
+ $IPSEC_STROKE "$op" "$@"
+ fi
+ exit 0
+ ;;
+ready)
+ shift
+ if test -e $IPSEC_PLUTO_PID
+ then
+ $IPSEC_WHACK --listen
+ fi
+ exit 0
+ ;;
+reload)
+ if test -e $IPSEC_STARTER_PID
+ then
+ echo "Reloading strongSwan IPsec configuration..." >&2
+ kill -s USR1 `cat $IPSEC_STARTER_PID`
+ else
+ echo "ipsec starter is not running" >&2
+ fi
+ exit 0
+ ;;
+restart)
+ $IPSEC_SBINDIR/ipsec stop
+ sleep 2
+ shift
+ $IPSEC_SBINDIR/ipsec start "$@"
+ exit 0
+ ;;
+route|unroute)
+ op="$1"
+ shift
+ if [ "$#" -ne 1 ]
+ then
+ echo "Usage: ipsec $op <connection name>"
+ exit 1
+ fi
+ if test -e $IPSEC_PLUTO_PID
+ then
+ $IPSEC_WHACK --name "$1" "--$op"
+ fi
+ if test -e $IPSEC_CHARON_PID
+ then
+ $IPSEC_STROKE "$op" "$1"
+ fi
+ exit 0
+ ;;
+scencrypt|scdecrypt)
+ op="$1"
+ shift
+ if test -e $IPSEC_PLUTO_PID
+ then
+ $IPSEC_WHACK "--$op" "$@"
+ fi
+ exit 0
+ ;;
+secrets)
+ if test -e $IPSEC_PLUTO_PID
+ then
+ $IPSEC_WHACK --rereadsecrets
+ fi
+ exit 0
+ ;;
+start)
+ shift
+ exec $IPSEC_STARTER "$@"
+ ;;
+status|statusall)
+ op="$1"
+ shift
+ if test $# -eq 0
+ then
+ if test -e $IPSEC_PLUTO_PID
+ then
+ $IPSEC_WHACK "--$op"
+ fi
+ if test -e $IPSEC_CHARON_PID
+ then
+ $IPSEC_STROKE "$op"
+ fi
+ else
+ if test -e $IPSEC_PLUTO_PID
+ then
+ $IPSEC_WHACK --name "$1" "--$op"
+ fi
+ if test -e $IPSEC_CHARON_PID
+ then
+ $IPSEC_STROKE "$op" "$1"
+ fi
+ fi
+ exit 0
+ ;;
+stop)
+ if test -e $IPSEC_STARTER_PID
+ then
+ echo "Stopping strongSwan IPsec..." >&2
+ kill `cat $IPSEC_STARTER_PID`
+ else
+ echo "ipsec starter is not running" >&2
+ fi
+ exit 0
+ ;;
+up)
+ shift
+ if [ "$#" -ne 1 ]
+ then
+ echo "Usage: ipsec up <connection name>"
+ exit 1
+ fi
+ if test -e $IPSEC_PLUTO_PID
+ then
+ $IPSEC_WHACK --name "$1" --initiate
+ fi
+ if test -e $IPSEC_CHARON_PID
+ then
+ $IPSEC_STROKE up "$1"
+ fi
+ exit 0
+ ;;
+update)
+ if test -e $IPSEC_STARTER_PID
+ then
+ echo "Updating strongSwan IPsec configuration..." >&2
+ kill -s HUP `cat $IPSEC_STARTER_PID`
+ else
+ echo "ipsec starter is not running" >&2
+ fi
+ exit 0
+ ;;
+version|--version)
+ echo "Linux $IPSEC_NAME $IPSEC_VERSION"
+ echo "See \`ipsec --copyright' for copyright information."
+ echo $IPSEC_DISTRO
+ exit 0
+ ;;
+--*)
+ echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
+ exit 1
+ ;;
+esac
+
+cmd="$1"
+shift
+
+path="$IPSEC_DIR/$cmd"
+
+if test ! -x "$path"
+then
+ path="$IPSEC_DIR/$cmd"
+ if test ! -x "$path"
+ then
+ echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
+ exit 1
+ fi
+fi
+
+exec $path "$@"