Seth Woolley's Man Viewer

Manual for setup - man setup

([section] manual, -k keyword, -K [section] search, -f whatis)
man plain no title

IPSEC_SETUP(8)                                                  IPSEC_SETUP(8)



NAME
       ipsec(5,8) setup(2,8) - control IPsec subsystem

SYNOPSIS
       ipsec(5,8) setup(2,8) [ --show | --showonly ] command

DESCRIPTION
       Setup  controls the FreeS/WAN IPsec subsystem, including both the Klips
       kernel code and the Pluto key-negotiation daemon.  (It is a synonym for
       the  ``rc'' script for the subsystem; the system runs the equivalent of
       ipsec(5,8) setup(2,8) start at boot time(1,2,n), and ipsec(5,8) setup(2,8) stop at shutdown(2,8)  time(1,2,n),
       more or less.)

       The  action  taken depends on the specific command, and on the contents
       of  the  config(1,5)  setup(2,8)  section  of  the   IPsec   configuration   file(1,n)
       (/etc/ipsec.conf, see ipsec.conf(5)).  Current commands are:

       start     start  Klips  and  Pluto,  including  setting  up Klips to do
                 crypto operations on the interface(s) specified in(1,8)  the  con-
                 figuration file(1,n), and (if(3,n) the configuration file(1,n) so specifies)
                 setting up manually-keyed connections and/or asking Pluto  to
                 negotiate  automatically-keyed  connections to other security
                 gateways

       stop      shut down Klips and Pluto, including tearing down all  exist-
                 ing crypto connections

       restart   equivalent to stop followed by start

       status    report  the  status  of  the subsystem; normally just reports
                 IPsec running and pluto pid nnn, or IPsec stopped, and  exits
                 with  status  0,  but will go into more detail (and exit(3,n,1 builtins) with
                 status 1) if(3,n) something strange  is  found.   (An  ``illicit''
                 Pluto  is  one  that does not match the process ID in(1,8) Pluto's
                 lock file(1,n); an ``orphaned'' Pluto is one with no lock file.)

       The stop operation tries to clean up properly even  if(3,n)  assorted  acci-
       dents  have  occurred, e.g. Pluto having died without removing its lock
       file.  If stop discovers that the subsystem is  (supposedly)  not  run-
       ning,  it  will complain, but will do its cleanup anyway before exiting
       with status 1.

       Although a number of configuration-file  parameters  influence  setup(2,8)'s
       operations,  the  key  one  is  the interfaces parameter, which must be
       right or chaos will ensue.

       The --show and --showonly options cause setup(2,8) to display the shell com-
       mands  that  it  would execute.  --showonly suppresses their execution.
       Only start, stop, and restart commands recognize these flags.

FILES
       /etc/rc.d/init.d/ipsec(5,8)         the script itself
       /etc/init.d/ipsec(5,8)              alternate location for the script
       /etc/ipsec.conf                IPsec configuration file(1,n)
       /proc(5,n)/sys/net/ipv4/ip_forward  forwarding control
       /var/run/ipsec.info            saved information
       /var/run/pluto.pid             Pluto lock file(1,n)
       /var/run/ipsec_setup.pid       IPsec lock file(1,n)

SEE ALSO
       ipsec.conf(5), ipsec(5,8)(8), ipsec_manual(8), ipsec_auto(8), route(8)

DIAGNOSTICS
       All output from the commands start and stop goes both to standard  out-
       put  and to syslogd(8), via logger(1).  Selected additional information
       is logged only to syslogd(8).

HISTORY
       Written for the FreeS/WAN project  <http://www.freeswan.org>  by  Henry
       Spencer.

BUGS
       Old  versions of logger(1) inject spurious extra newlines onto standard
       output.



                                 23 July 2001                   IPSEC_SETUP(8)

References for this manual (incoming links)