starter.8

ipsec vpn

.TH IPSEC_STARTER 8 "29 Nov 2004"
.\"
.\" RCSID $Id: starter.8,v 1.5 2005/01/11 17:52:51 ken Exp $
.\"
.SH NAME
ipsec starter \- start up the IPsec keying daemon (pluto) and load
configuration
.SH SYNOPSIS
.ad l
.hy 0
.HP 10
ipsec starter [\fB\-\-debug \-\-auto_reload seconds \-\-parsedebug \-\-verbose \-\-dumpcfg\fR]
.ad
.hy
.SH "DESCRIPTION"
.PP
Openswan Starter is aimed to replace all the scripts which are used to
start and stop Openswan, and to do that in a quicker and a smarter way.
.PP
It can also reload the configuration file if given a \fRHUP\fB signal, 
and apply the changes.
.PP
What it will do:
.PP
Load and unload KLIPS, or NETKEY (ipsec kernel module)
.PP
Launch and monitor pluto.
.PP
Add, initiate, route and delete connections
.PP
Attach and detach interfaces according to config file
.PP
kill -HUP can be used to reload the config file. New connections will be
added, old ones will be removed and modified ones will be reloaded.
Interfaces/Klips/Pluto will be reloaded if necessary.
.PP
Upon startup, starter will save its pid to the file /var/run/pluto/ipsec-starter.pid
.PP
Upon reloading, dynamic DNS addresses will be resolved and updated. 
Use \-\-auto_reload to periodicaly check for dynamic DNS changes.
.PP
kill \-USR1 can be used to reload all connections.  This does a \fBdelete\fR, 
followed by an \fBadd\fR and then either a \fBroute\fR or \fBinitiate\fR operation.
.PP
/var/run/pluto/dynip/xxxx can be used to use a virtual interface name in
ipsec.conf. By example, when adsl can be ppp0, ppp1, or some such, one
can do:
.PP
.B ipsec.conf:             interfaces="ipsec0=adsl"
And use /etc/ppp/ip-up to create /var/run/pluto/dynip/adsl
    /var/run/pluto/dynip/adsl:    IP_PHYS=ppp0
.PP
%auto can be used to automaticaly name the connections
.PP
kill \-TERM can be used to stop Openswan. Pluto will be stopped and 
kernel modules unloaded.
.PP 
.SH FILES
/etc/ipsec.conf
.SH "SEE ALSO"
ipsec(8), ipsec_tncfg(8), ipsec_pluto(8)
.SH HISTORY
Original by mlafon@arkoon.net for Arkoon Network Security. Updated for
FreeS/WAN version 2 by Michael Richardson <mcr@sandelman.ottawa.on.ca>.
Merged into Openswan 2.2 by Xelerance Corporation
.SH TODO/BUGS
.PP
handle wildcards in include lines \-\- use glob() fct ex: include /etc/ipsec.*.conf
.PP 
handle duplicates keywords and sections
.PP 
Support also keyword
.PP 
add unsupported keywords
.PP 
manually keyed connections
.PP 
%defaultroute
.PP 
IPv6
.PP