summaryrefslogtreecommitdiff
path: root/src/starter/README
blob: 4aff64978a21e4b5052d2a183839194e9a30306d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

IPsec Starter -- Version 0.2        [Contributed by Arkoon Network Security]
============================        [                http://www.arkoon.net/]

IPsec Starter is aimed to replace all the scripts which are used to
start and stop strongSwan and to do that in a quicker and a smarter way.

IPsec Starter can also reload the configuration file (kill --HUP or periodicaly)
and apply the changes.

Usage:
  starter [--debug] [--auto_update <x seconds>]
    --debug:       enable debugging output
    --no_fork:     all msg (including pluto) are sent to the console
    --auto_update: reload the config file (like kill -HUP) every x seconds
                   and determine any configuration changes

FEATURES
--------

o Load modules of the native Linux 2.6 IPsec stack

o Launch and monitor pluto

o Add, initiate, route and del connections

o Attach and detach interfaces according to config file

o kill -HUP can be used to reload the config file. New connections will be
  added, old ones will be removed and modified ones will be reloaded.
  Interfaces/Klips/Pluto will be reloaded if necessary.

o Full support of the %defaultroute wildcard parameter.

o save own pid in /var/run/starter

o Upon reloading, dynamic DNS addr will be resolved and reloaded. Use
  --auto_update to periodicaly check dynamic DNS changes.

o kill -USR1 can be used to reload all connections (delete then add and
  route/initiate)

o /var/run/dynip/xxxx can be used to use a virtual interface name in
  ipsec.conf. By example, when adsl can be ppp0, ppp1, ... :
    ipsec.conf:             interfaces="ipsec0=adsl"
  And use /etc/ppp/ip-up to create /var/run/dynip/adsl
    /var/run/dynip/adsl:    IP_PHYS=ppp0

o %auto can be used to automaticaly name the connections

o kill -TERM can be used to stop FS. pluto will be stopped.

o Can be used to start strongSwan and load lots of connections in a few
  seconds.

TODO
----

o handle wildcards in include lines -- use glob() fct
    ex: include /etc/ipsec.*.conf

o handle duplicates keywords and sections

o 'also' keyword not supported

o manually keyed connections

o IPv6

o Documentation


CHANGES
-------

o Version 0.1 -- 2002.01.14 -- First public release

o Version 0.2 -- 2002.09.04 -- Various enhancements
                               FreeS/WAN 1.98b, x509 0.9.14, algo 0.8.0

o Version 0.2d -- 2004.01.13 -- Adaptions for Openswan 1.0.0
                                by Stephan Scholz <sscholz@astaro.com>

o Version 0.2e -- 2004.10.14 -- Added support for change of interface address
                                by Stephan Scholz <sscholz@astaro.com>

o Version 0.2s -- 2005-12-02 -- Ported to strongSwan
                                by Stephan Scholz <sscholz@astaro.com>

o Version 0.2x -- 2006-01-02 -- Added missing strongSwan keywords
				Full support of the native Linux 2.6 IPsec stack
				Full support of %defaultroute
				Improved parsing of keywords using perfect hash
				function generated by gperf.
                                by Andreas Steffen <andreas.steffen@hsr.ch>

THANKS
------

o Nathan Angelacos - include fix