diff options
Diffstat (limited to 'doc/manpage.d/ipsec_setup.8.html')
| -rw-r--r-- | doc/manpage.d/ipsec_setup.8.html | 237 |
1 files changed, 237 insertions, 0 deletions
diff --git a/doc/manpage.d/ipsec_setup.8.html b/doc/manpage.d/ipsec_setup.8.html new file mode 100644 index 000000000..7197e2b18 --- /dev/null +++ b/doc/manpage.d/ipsec_setup.8.html @@ -0,0 +1,237 @@ +Content-type: text/html + +<HTML><HEAD><TITLE>Manpage of IPSEC_SETUP</TITLE> +</HEAD><BODY> +<H1>IPSEC_SETUP</H1> +Section: Maintenance Commands (8)<BR>Updated: 23 July 2001<BR><A HREF="#index">Index</A> +<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> + + +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +ipsec setup - control IPsec subsystem +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +<B>ipsec</B> + +<B>setup</B> + +[ +<B>--show</B> + +| +<B>--showonly</B> + +] +command +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +<I>Setup</I> + +controls the FreeS/WAN IPsec subsystem, +including both the Klips kernel code and the Pluto key-negotiation daemon. +(It is a synonym for the ``rc'' script for the subsystem; +the system runs the equivalent of +<B>ipsec setup start</B> + +at boot time, +and +<B>ipsec setup stop</B> + +at shutdown time, more or less.) +<P> + +The action taken depends on the specific +<I>command</I>, + +and on the contents of the +<B>config</B> + +<B>setup</B> + +section of the +IPsec configuration file (<I>/etc/ipsec.conf</I>, + +see +<I><A HREF="ipsec.conf.5.html">ipsec.conf</A></I>(5)). + +Current +<I>command</I>s + +are: +<DL COMPACT> +<DT><B>start</B> + +<DD> +start Klips and Pluto, +including setting up Klips to do crypto operations on the +interface(s) specified in the configuration file, +and (if the configuration file so specifies) +setting up manually-keyed connections and/or +asking Pluto to negotiate automatically-keyed connections +to other security gateways +<DT><B>stop</B> + +<DD> +shut down Klips and Pluto, +including tearing down all existing crypto connections +<DT><B>restart</B> + +<DD> +equivalent to +<B>stop</B> + +followed by +<B>start</B> + +<DT><B>status</B> + +<DD> +report the status of the subsystem; +normally just reports +<B>IPsec running</B> + +and +<B>pluto pid </B><I>nnn</I>, + +or +<B>IPsec stopped</B>, + +and exits with status 0, +but will go into more detail (and exit with status 1) +if something strange is found. +(An ``illicit'' Pluto is one that does not match the process ID in +Pluto's lock file; +an ``orphaned'' Pluto is one with no lock file.) +</DL> +<P> + +The +<B>stop</B> + +operation tries to clean up properly even if assorted accidents +have occurred, +e.g. Pluto having died without removing its lock file. +If +<B>stop</B> + +discovers that the subsystem is (supposedly) not running, +it will complain, +but will do its cleanup anyway before exiting with status 1. +<P> + +Although a number of configuration-file parameters influence +<I>setup</I>'s + +operations, the key one is the +<B>interfaces</B> + +parameter, which must be right or chaos will ensue. +<P> + +The +<B>--show</B> + +and +<B>--showonly</B> + +options cause +<I>setup</I> + +to display the shell commands that it would execute. +<B>--showonly</B> + +suppresses their execution. +Only +<B>start</B>, + +<B>stop</B>, + +and +<B>restart</B> + +commands recognize these flags. +<A NAME="lbAE"> </A> +<H2>FILES</H2> + + + +/etc/rc.d/init.d/ipsec<TT> </TT>the script itself<BR> +<BR> + +/etc/init.d/ipsec<TT> </TT>alternate location for the script<BR> +<BR> + +/etc/ipsec.conf<TT> </TT>IPsec configuration file<BR> +<BR> + +/proc/sys/net/ipv4/ip_forward<TT> </TT>forwarding control<BR> +<BR> + +/var/run/ipsec.info<TT> </TT>saved information<BR> +<BR> + +/var/run/pluto.pid<TT> </TT>Pluto lock file<BR> +<BR> + +/var/run/ipsec_setup.pid<TT> </TT>IPsec lock file<BR> +<A NAME="lbAF"> </A> +<H2>SEE ALSO</H2> + +<A HREF="ipsec.conf.5.html">ipsec.conf</A>(5), <A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_auto.8.html">ipsec_auto</A>(8), <A HREF="route.8.html">route</A>(8) +<A NAME="lbAG"> </A> +<H2>DIAGNOSTICS</H2> + +All output from the commands +<B>start</B> + +and +<B>stop</B> + +goes both to standard +output and to +<I><A HREF="syslogd.8.html">syslogd</A></I>(8), + +via +<I><A HREF="logger.1.html">logger</A></I>(1). + +Selected additional information is logged only to +<I><A HREF="syslogd.8.html">syslogd</A></I>(8). + +<A NAME="lbAH"> </A> +<H2>HISTORY</H2> + +Written for the FreeS/WAN project +<<A HREF="http://www.freeswan.org">http://www.freeswan.org</A>> +by Henry Spencer. +<A NAME="lbAI"> </A> +<H2>BUGS</H2> + +Old versions of +<I><A HREF="logger.1.html">logger</A></I>(1) + +inject spurious extra newlines onto standard output. +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">FILES</A><DD> +<DT><A HREF="#lbAF">SEE ALSO</A><DD> +<DT><A HREF="#lbAG">DIAGNOSTICS</A><DD> +<DT><A HREF="#lbAH">HISTORY</A><DD> +<DT><A HREF="#lbAI">BUGS</A><DD> +</DL> +<HR> +This document was created by +<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, +using the manual pages.<BR> +Time: 21:40:18 GMT, November 11, 2003 +</BODY> +</HTML> |