IPsec Starter -- Version 0.2 [Contributed by Arkoon Network Security]
============================ [ http://www.arkoon.net/]
IPsec Starter is aimed to replace all the scripts which are used to
start and stop strongSwan and to do that in a quicker and a smarter way.
IPsec Starter can also reload the configuration file (kill --HUP or periodicaly)
and apply the changes.
Usage:
starter [--debug] [--auto_update <x seconds>]
--debug: enable debugging output
--no_fork: all msg (including pluto) are sent to the console
--auto_update: reload the config file (like kill -HUP) every x seconds
and determine any configuration changes
FEATURES
--------
o Load and unload KLIPS (ipsec.o kernel module)
o Load modules of the native Linux 2.6 IPsec stack
o Launch and monitor pluto
o Add, initiate, route and del connections
o Attach and detach interfaces according to config file
o kill -HUP can be used to reload the config file. New connections will be
added, old ones will be removed and modified ones will be reloaded.
Interfaces/Klips/Pluto will be reloaded if necessary.
o Full support of the %defaultroute wildcard parameter.
o save own pid in /var/run/starter
o Upon reloading, dynamic DNS addr will be resolved and reloaded. Use
--auto_update to periodicaly check dynamic DNS changes.
o kill -USR1 can be used to reload all connections (delete then add and
route/initiate)
o /var/run/dynip/xxxx can be used to use a virtual interface name in
ipsec.conf. By example, when adsl can be ppp0, ppp1, ... :
ipsec.conf: interfaces="ipsec0=adsl"
And use /etc/ppp/ip-up to create /var/run/dynip/adsl
/var/run/dynip/adsl: IP_PHYS=ppp0
o %auto can be used to automaticaly name the connections
o kill -TERM can be used to stop FS. pluto will be stopped and KLIPS unloaded
(if it has been loaded).
o Can be used to start strongSwan and load lots of connections in a few
seconds.
TODO
----
o handle wildcards in include lines -- use glob() fct
ex: include /etc/ipsec.*.conf
o handle duplicates keywords and sections
o 'also' keyword not supported
o manually keyed connections
o IPv6
o Documentation
CHANGES
-------
o Version 0.1 -- 2002.01.14 -- First public release
o Version 0.2 -- 2002.09.04 -- Various enhancements
FreeS/WAN 1.98b, x509 0.9.14, algo 0.8.0
o Version 0.2d -- 2004.01.13 -- Adaptions for Openswan 1.0.0
by Stephan Scholz <sscholz@astaro.com>
o Version 0.2e -- 2004.10.14 -- Added support for change of interface address
by Stephan Scholz <sscholz@astaro.com>
o Version 0.2s -- 2005-12-02 -- Ported to strongSwan
by Stephan Scholz <sscholz@astaro.com>
o Version 0.2x -- 2006-01-02 -- Added missing strongSwan keywords
Full support of the native Linux 2.6 IPsec stack
Full support of %defaultroute
Improved parsing of keywords using perfect hash
function generated by gperf.
by Andreas Steffen <andreas.steffen@hsr.ch>
THANKS
------
o Nathan Angelacos - include fix
87799b0c00