105 lines
3.1 KiB
Plaintext
105 lines
3.1 KiB
Plaintext
|
|
IPsec Starter -- Version 0.2 [Contributed by Arkoon Network Security]
|
|
============================ [ http://www.arkoon.net/]
|
|
|
|
IPsec Starter is aimed to replace all the scripts which are used to
|
|
start and stop strongSwan and to do that in a quicker and a smarter way.
|
|
|
|
IPsec Starter can also reload the configuration file (kill --HUP or periodicaly)
|
|
and apply the changes.
|
|
|
|
Usage:
|
|
starter [--debug] [--auto_update <x seconds>]
|
|
--debug: enable debugging output
|
|
--no_fork: all msg (including pluto) are sent to the console
|
|
--auto_update: reload the config file (like kill -HUP) every x seconds
|
|
and determine any configuration changes
|
|
|
|
FEATURES
|
|
--------
|
|
|
|
o Load and unload KLIPS (ipsec.o kernel module)
|
|
|
|
o Load modules of the native Linux 2.6 IPsec stack
|
|
|
|
o Launch and monitor pluto
|
|
|
|
o Add, initiate, route and del connections
|
|
|
|
o Attach and detach interfaces according to config file
|
|
|
|
o kill -HUP can be used to reload the config file. New connections will be
|
|
added, old ones will be removed and modified ones will be reloaded.
|
|
Interfaces/Klips/Pluto will be reloaded if necessary.
|
|
|
|
o Full support of the %defaultroute wildcard parameter.
|
|
|
|
o save own pid in /var/run/starter
|
|
|
|
o Upon reloading, dynamic DNS addr will be resolved and reloaded. Use
|
|
--auto_update to periodicaly check dynamic DNS changes.
|
|
|
|
o kill -USR1 can be used to reload all connections (delete then add and
|
|
route/initiate)
|
|
|
|
o /var/run/dynip/xxxx can be used to use a virtual interface name in
|
|
ipsec.conf. By example, when adsl can be ppp0, ppp1, ... :
|
|
ipsec.conf: interfaces="ipsec0=adsl"
|
|
And use /etc/ppp/ip-up to create /var/run/dynip/adsl
|
|
/var/run/dynip/adsl: IP_PHYS=ppp0
|
|
|
|
o %auto can be used to automaticaly name the connections
|
|
|
|
o kill -TERM can be used to stop FS. pluto will be stopped and KLIPS unloaded
|
|
(if it has been loaded).
|
|
|
|
o Can be used to start strongSwan and load lots of connections in a few
|
|
seconds.
|
|
|
|
TODO
|
|
----
|
|
|
|
o handle wildcards in include lines -- use glob() fct
|
|
ex: include /etc/ipsec.*.conf
|
|
|
|
o handle duplicates keywords and sections
|
|
|
|
o 'also' keyword not supported
|
|
|
|
o manually keyed connections
|
|
|
|
o IPv6
|
|
|
|
o Documentation
|
|
|
|
|
|
CHANGES
|
|
-------
|
|
|
|
o Version 0.1 -- 2002.01.14 -- First public release
|
|
|
|
o Version 0.2 -- 2002.09.04 -- Various enhancements
|
|
FreeS/WAN 1.98b, x509 0.9.14, algo 0.8.0
|
|
|
|
o Version 0.2d -- 2004.01.13 -- Adaptions for Openswan 1.0.0
|
|
by Stephan Scholz <sscholz@astaro.com>
|
|
|
|
o Version 0.2e -- 2004.10.14 -- Added support for change of interface address
|
|
by Stephan Scholz <sscholz@astaro.com>
|
|
|
|
o Version 0.2s -- 2005-12-02 -- Ported to strongSwan
|
|
by Stephan Scholz <sscholz@astaro.com>
|
|
|
|
o Version 0.2x -- 2006-01-02 -- Added missing strongSwan keywords
|
|
Full support of the native Linux 2.6 IPsec stack
|
|
Full support of %defaultroute
|
|
Improved parsing of keywords using perfect hash
|
|
function generated by gperf.
|
|
by Andreas Steffen <andreas.steffen@hsr.ch>
|
|
|
|
THANKS
|
|
------
|
|
|
|
o Nathan Angelacos - include fix
|
|
|