Интерактивная система просмотра системных руководств (man-ов)
ipsec_setup (8)
>> ipsec_setup (8) ( Разные man: Команды системного администрирования )
NAME
ipsec setup - control IPsec subsystem
SYNOPSIS
ipsecsetup
command
DESCRIPTION
Setup
controls the FreeS/WAN IPsec subsystem,
including both the Klips kernel code and the Pluto key-negotiation daemon.
(It is a synonym for the ``rc'' script for the subsystem;
the system runs the equivalent of
ipsec setup start
at boot time,
and
ipsec setup stop
at shutdown time, more or less.)
The action taken depends on the specific
command,
and on the contents of the
configsetup
section of the
IPsec configuration file (/etc/openswan/ipsec.conf,
see
ipsec.conf(5)).
Current
commands
are:
start
start Klips and Pluto,
including setting up Klips to do crypto operations on the
interface(s) specified in the configuration file,
and (if the configuration file so specifies)
setting up manually-keyed connections and/or
asking Pluto to negotiate automatically-keyed connections
to other security gateways
stop
shut down Klips and Pluto,
including tearing down all existing crypto connections
restart
equivalent to
stop
followed by
start
status
report the status of the subsystem;
normally just reports
IPsec running
and
pluto pid nnn,
or
IPsec stopped,
and exits with status 0,
but will go into more detail (and exit with status 1)
if something strange is found.
(An ``illicit'' Pluto is one that does not match the process ID in
Pluto's lock file;
an ``orphaned'' Pluto is one with no lock file.)
The
stop
operation tries to clean up properly even if assorted accidents
have occurred,
e.g. Pluto having died without removing its lock file.
If
stop
discovers that the subsystem is (supposedly) not running,
it will complain,
but will do its cleanup anyway before exiting with status 1.
Although a number of configuration-file parameters influence
setup's
operations, the key one is the
interfaces
parameter, which must be right or chaos will ensue.
FILES
/etc/rc.d/init.d/ipsecthe script itself
/etc/init.d/ipsecalternate location for the script
All output from the commands
start
and
stop
goes both to standard
output and to
syslogd(8),
via
logger(1).
Selected additional information is logged only to
syslogd(8).