diff options
Diffstat (limited to 'doc/manpage.d/ipsec_auto.8.html')
| -rw-r--r-- | doc/manpage.d/ipsec_auto.8.html | 416 |
1 files changed, 0 insertions, 416 deletions
diff --git a/doc/manpage.d/ipsec_auto.8.html b/doc/manpage.d/ipsec_auto.8.html deleted file mode 100644 index 68ca61bdc..000000000 --- a/doc/manpage.d/ipsec_auto.8.html +++ /dev/null @@ -1,416 +0,0 @@ -Content-type: text/html - -<HTML><HEAD><TITLE>Manpage of IPSEC_AUTO</TITLE> -</HEAD><BODY> -<H1>IPSEC_AUTO</H1> -Section: Maintenance Commands (8)<BR>Updated: 31 Jan 2002<BR><A HREF="#index">Index</A> -<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> - - -<A NAME="lbAB"> </A> -<H2>NAME</H2> - -ipsec auto - control automatically-keyed IPsec connections -<A NAME="lbAC"> </A> -<H2>SYNOPSIS</H2> - -<B>ipsec</B> - -<B>auto</B> - -[ -<B>--show</B> - -] [ -<B>--showonly</B> - -] [ -<B>--asynchronous</B> - -] -<BR> - - [ -<B>--config</B> - -configfile -] [ -<B>--verbose</B> - -] -<BR> - - operation -connection -<P> -<B>ipsec</B> - -<B>auto</B> - -[ -<B>--show</B> - -] [ -<B>--showonly</B> - -] operation -<A NAME="lbAD"> </A> -<H2>DESCRIPTION</H2> - -<I>Auto</I> - -manipulates automatically-keyed FreeS/WAN IPsec connections, -setting them up and shutting them down -based on the information in the IPsec configuration file. -In the normal usage, -<I>connection</I> - -is the name of a connection specification in the configuration file; -<I>operation</I> - -is -<B>--add</B>, - -<B>--delete</B>, - -<B>--replace</B>, - -<B>--up</B>, - -<B>--down</B>, - -<B>--route</B>, - -or -<B>--unroute</B>. - -The -<B>--ready</B>, - -<B>--rereadsecrets</B>, - -<B>--rereadgroups</B>, - -and -<B>--status</B> - -<I>operations</I> - -do not take a connection name. -<I>Auto</I> - -generates suitable -commands and feeds them to a shell for execution. -<P> - -The -<B>--add</B> - -operation adds a connection specification to the internal database -within -<I>pluto</I>; - -it will fail if -<I>pluto</I> - -already has a specification by that name. -The -<B>--delete</B> - -operation deletes a connection specification from -<I>pluto</I>'s - -internal database (also tearing down any connections based on it); -it will fail if the specification does not exist. -The -<B>--replace</B> - -operation is equivalent to -<B>--delete</B> - -(if there is already a specification by the given name) -followed by -<B>--add</B>, - -and is a convenience for updating -<I>pluto</I>'s - -internal specification to match an external one. -(Note that a -<B>--rereadsecrets</B> - -may also be needed.) -The -<B>--rereadgroups</B> - -operation causes any changes to the policy group files to take effect -(this is currently a synonym for -<B>--ready</B>, - -but that may change). -None of the other operations alters the internal database. -<P> - -The -<B>--up</B> - -operation asks -<I>pluto</I> - -to establish a connection based on an entry in its internal database. -The -<B>--down</B> - -operation tells -<I>pluto</I> - -to tear down such a connection. -<P> - -Normally, -<I>pluto</I> - -establishes a route to the destination specified for a connection as -part of the -<B>--up</B> - -operation. -However, the route and only the route can be established with the -<B>--route</B> - -operation. -Until and unless an actual connection is established, -this discards any packets sent there, -which may be preferable to having them sent elsewhere based on a more -general route (e.g., a default route). -<P> - -Normally, -<I>pluto</I>'s - -route to a destination remains in place when a -<B>--down</B> - -operation is used to take the connection down -(or if connection setup, or later automatic rekeying, fails). -This permits establishing a new connection (perhaps using a -different specification; the route is altered as necessary) -without having a ``window'' in which packets might go elsewhere -based on a more general route. -Such a route can be removed using the -<B>--unroute</B> - -operation -(and is implicitly removed by -<B>--delete</B>). - -<P> - -The -<B>--ready</B> - -operation tells -<I>pluto</I> - -to listen for connection-setup requests from other hosts. -Doing an -<B>--up</B> - -operation before doing -<B>--ready</B> - -on both ends is futile and will not work, -although this is now automated as part of IPsec startup and -should not normally be an issue. -<P> - -The -<B>--status</B> - -operation asks -<I>pluto</I> - -for current connection status. -The output format is ad-hoc and likely to change. -<P> - -The -<B>--rereadsecrets</B> - -operation tells -<I>pluto</I> - -to re-read the -<I>/etc/ipsec.secrets</I> - -secret-keys file, -which it normally reads only at startup time. -(This is currently a synonym for -<B>--ready</B>, - -but that may change.) -<P> - -The -<B>--show</B> - -option turns on the -<B>-x</B> - -option of the shell used to execute the commands, -so each command is shown as it is executed. -<P> - -The -<B>--showonly</B> - -option causes -<I>auto</I> - -to show the commands it would run, on standard output, -and not run them. -<P> - -The -<B>--asynchronous</B> - -option, applicable only to the -<B>up</B> - -operation, -tells -<I>pluto</I> - -to attempt to establish the connection, -but does not delay to report results. -This is especially useful to start multiple connections in parallel -when network links are slow. -<P> - -The -<B>--verbose</B> - -option instructs -<I>auto</I> - -to pass through all output from -<I><A HREF="ipsec_whack.8.html">ipsec_whack</A></I>(8), - -including log output that is normally filtered out as uninteresting. -<P> - -The -<B>--config</B> - -option specifies a non-standard location for the IPsec -configuration file (default -<I>/etc/ipsec.conf</I>). - -<P> - -See -<I><A HREF="ipsec.conf.5.html">ipsec.conf</A></I>(5) - -for details of the configuration file. -Apart from the basic parameters which specify the endpoints and routing -of a connection (<B>left</B> -and -<B>right</B>, - -plus possibly -<B>leftsubnet</B>, - -<B>leftnexthop</B>, - -<B>leftfirewall</B>, - -their -<B>right</B> - -equivalents, -and perhaps -<B>type</B>), - -an -<I>auto</I> - -connection almost certainly needs a -<B>keyingtries</B> - -parameter (since the -<B>keyingtries</B> - -default is poorly chosen). -<A NAME="lbAE"> </A> -<H2>FILES</H2> - - - -/etc/ipsec.conf<TT> </TT>default IPSEC configuration file<BR> -<BR> - -/var/run/ipsec.info<TT> </TT><B>%defaultroute</B> information<BR> -<A NAME="lbAF"> </A> -<H2>SEE ALSO</H2> - -<A HREF="ipsec.conf.5.html">ipsec.conf</A>(5), <A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_pluto.8.html">ipsec_pluto</A>(8), <A HREF="ipsec_whack.8.html">ipsec_whack</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8) -<A NAME="lbAG"> </A> -<H2>HISTORY</H2> - -Written for the FreeS/WAN project -<<A HREF="http://www.freeswan.org">http://www.freeswan.org</A>> -by Henry Spencer. -<A NAME="lbAH"> </A> -<H2>BUGS</H2> - -Although an -<B>--up</B> - -operation does connection setup on both ends, -<B>--down</B> - -tears only one end of the connection down -(although the orphaned end will eventually time out). -<P> - -There is no support for -<B>passthrough</B> - -connections. -<P> - -A connection description which uses -<B>%defaultroute</B> - -for one of its -<B>nexthop</B> - -parameters but not the other may be falsely -rejected as erroneous in some circumstances. -<P> - -The exit status of -<B>--showonly</B> - -does not always reflect errors discovered during processing of the request. -(This is fine for human inspection, but not so good for use in scripts.) -<P> - -<HR> -<A NAME="index"> </A><H2>Index</H2> -<DL> -<DT><A HREF="#lbAB">NAME</A><DD> -<DT><A HREF="#lbAC">SYNOPSIS</A><DD> -<DT><A HREF="#lbAD">DESCRIPTION</A><DD> -<DT><A HREF="#lbAE">FILES</A><DD> -<DT><A HREF="#lbAF">SEE ALSO</A><DD> -<DT><A HREF="#lbAG">HISTORY</A><DD> -<DT><A HREF="#lbAH">BUGS</A><DD> -</DL> -<HR> -This document was created by -<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, -using the manual pages.<BR> -Time: 21:40:17 GMT, November 11, 2003 -</BODY> -</HTML> |