readme

This a good VPN source

FreeS/WAN Starter -- Version 0.2       [Contributed by Arkoon Network Security]
================================       [                http://www.arkoon.net/]

FreeS/WAN Starter (FS) is aimed to replace all the scripts which are used to
start and stop FreeS/WAN and to do that in a quicker and a smarter way.

FS can also reload the configuration file (kill --HUP or periodicaly) and
apply the changes.

Usage:
  starter [--debug] [--auto_reload <x seconds>]
    --debug: no fork, all msg (including pluto) are sent to the console
    --auto_reload: reload the config file (like kill -HUP) every x seconds

Send all your comments/requests to me (mlafon@arkoon.net). If you use it and
find it useful, drop me a mail too.


FEATURES
--------

o Load and unload klips (ipsec kernel module)

o Launch and monitor pluto

o Add, initiate, route and del connections

o Attach and detach interfaces according to config file

o kill -HUP can be used to reload the config file. New connections will be
  added, old ones will be removed and modified ones will be reloaded.
  Interfaces/Klips/Pluto will be reloaded if necessary.

o save own pid in /var/run/starter

o Upon reloading, dynamic DNS addr will be resolved and reloaded. Use
  --auto_reload to periodicaly check dynamic DNS changes.

o kill -USR1 can be used to reload all connections (delete then add and
  route/initiate)

o /var/run/dynip/xxxx can be used to use a virtual interface name in
  ipsec.conf. By example, when adsl can be ppp0, ppp1, ... :
    ipsec.conf:             interfaces="ipsec0=adsl"
  And use /etc/ppp/ip-up to create /var/run/dynip/adsl
    /var/run/dynip/adsl:    IP_PHYS=ppp0

o %auto can be used to automaticaly name the connections

o kill -TERM can be used to stop FS. pluto will be stopped and klips unloaded
  (if it has been loaded).

o Can be used to start FreeS/WAN and load lots of connections in a few
  seconds.


INSTALL
-------

o Untar archive in freeswan directory

o Modify DEFINES in Makefile if you have applied the X509 Patch or the
  Algo Patch.

o make

o cp 'starter' in your freeswan dir (/usr/lib/ipsec/)

o launch it with 'ipsec starter'  (see usage above)


TODO
----

o handle wildcards in include lines -- use glob() fct
    ex: include /etc/ipsec.*.conf

o handle duplicates keywords and sections

o 'also' keyword not supported

o add unsupported keywords

o manually keyed connections

o %defaultroute

o IPv6

o Documentation


CHANGES
-------

o Version 0.1 -- 2002.01.14 -- First public release

o Version 0.2 -- 2002.09.04 -- Various enhancements
                               FreeS/WAN 1.98b, x509 0.9.14, algo 0.8.0


THANKS
------

o Nathan Angelacos - include fix