Content-type: text/html

<HTML><HEAD><TITLE>Manpage of IPSEC_SETUP</TITLE>
</HEAD><BODY>
<H1>IPSEC_SETUP</H1>
Section: Maintenance Commands (8)<BR>Updated: 12 Dec 1999<BR><A HREF="#index">Index</A>
<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>


<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

ipsec setup - control IPSEC subsystem
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

<B>ipsec</B>

<B>setup</B>

command
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>

<I>Setup</I>

controls the FreeS/WAN IPSEC subsystem,
including both the Klips kernel code and the Pluto key-negotiation daemon.
(It is a synonym for the ``rc'' script for the subsystem;
the system runs the equivalent of
<B>ipsec setup start</B>

at boot time,
and
<B>ipsec setup stop</B>

at shutdown time, more or less.)
<P>

The action taken depends on the specific
<I>command</I>,

and on the contents of the
<B>config</B>

<B>setup</B>

section of the
IPSEC configuration file (<I>/etc/ipsec.conf</I>,

see
<I><A HREF="ipsec.conf.5.html">ipsec.conf</A></I>(5)).

Current
<I>command</I>s

are:
<DL COMPACT>
<DT><B>start</B>

<DD>
start Klips and Pluto,
including setting up Klips to do crypto operations on the 
interface(s) specified in the configuration file,
and (if the configuration file so specifies)
setting up manually-keyed connections and/or
asking Pluto to negotiate tunnels to other security gateways
<DT><B>stop</B>

<DD>
shut down Klips and Pluto,
including tearing down all existing crypto connections
<DT><B>restart</B>

<DD>
equivalent to
<B>stop</B>

followed by
<B>start</B>

</DL>
<P>

The
<B>stop</B>

operation tries to clean up properly even if assorted accidents
have occurred,
e.g. Pluto having died without removing its lock file.
<P>

Although a number of configuration-file parameters influence
<I>setup</I>'s

operations, the key one is the
<B>interfaces</B>

parameter, which must be right or chaos will ensue.
<A NAME="lbAE">&nbsp;</A>
<H2>FILES</H2>



/etc/rc.d/init.d/ipsec<TT>&nbsp;&nbsp;</TT>the script itself<BR>
<BR>

/etc/init.d/ipsec<TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TT>alternate location for the script<BR>
<BR>

/etc/ipsec.conf<TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TT>IPSEC configuration file<BR>
<BR>

/var/run/ipsec.info<TT>&nbsp;&nbsp;&nbsp;&nbsp;</TT><B>%defaultroute</B> saved information<BR>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>

<A HREF="ipsec.conf.5.html">ipsec.conf</A>(5), <A HREF="ipsec.8.html">ipsec</A>(8), <A HREF="ipsec_manual.8.html">ipsec_manual</A>(8), <A HREF="ipsec_auto.8.html">ipsec_auto</A>(8), <A HREF="route.8.html">route</A>(8)
<A NAME="lbAG">&nbsp;</A>
<H2>DIAGNOSTICS</H2>

All output from the commands this script invokes goes both to standard
output and to
<I><A HREF="syslogd.8.html">syslogd</A></I>(8)

via
<I><A HREF="logger.1.html">logger</A></I>(1).

<A NAME="lbAH">&nbsp;</A>
<H2>HISTORY</H2>

Written for the FreeS/WAN project
&lt;<A HREF="http://www.xs4all.nl/~freeswan/">http://www.xs4all.nl/~freeswan/</A>&gt;
by Henry Spencer.
<A NAME="lbAI">&nbsp;</A>
<H2>BUGS</H2>

<I><A HREF="Logger.1.html">Logger</A></I>(1)

injects spurious extra newlines into the output.
<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">FILES</A><DD>
<DT><A HREF="#lbAF">SEE ALSO</A><DD>
<DT><A HREF="#lbAG">DIAGNOSTICS</A><DD>
<DT><A HREF="#lbAH">HISTORY</A><DD>
<DT><A HREF="#lbAI">BUGS</A><DD>
</DL>
<HR>
This document was created by
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 02:46:48 GMT, July 02, 2000
</BODY>
</HTML>