'\" t .\" Title: IPSEC-ONDEMAND .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 03/14/2024 .\" Manual: Executable programs .\" Source: Libreswan 5.0~rc2 .\" Language: English .\" .TH "IPSEC\-ONDEMAND" "8" "03/14/2024" "Libreswan 5.0~rc2" "Executable programs" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" ipsec-ondemand \- Add and route a connection .SH "SYNOPSIS" .HP \w'\fBipsec\ ondemand\fR\ 'u \fBipsec ondemand\fR \fIconnection\fR [\-\-config\ \fI/etc/ipsec.conf\fR] [\-\-ctlsocket\ \fI/run/pluto/pluto\&.ctl\fR] [\-\-dry\-run] .SH "DESCRIPTION" .PP \fBipsec ondemand\fR is equivalent to running \fBipsec add \fR\fB\fIconnection\fR\fR\fB \fR followed by \fBipsec route \fR\fB\fIconnection\fR\fR\fB \fR, having the same effect as the connection configuration option \fBauto=route\fR or \fBauto=ondemand\fR\&. This sets up connection to be \fBon demand\fR, causing connection to establish only when triggered by outbound traffic\&. .PP Note: you might also need to run \fBipsec rereadsecrets\fR when your new connection uses pre\-shared key (PSK) authentication, \fBauthby=secret\fR because secrets keys are only being read at startup\&. .PP With \fB\-\-dry\-run\fR the underlying \fBwhack\fR or \fBaddconn\fR command is displayed but not executed\&. .SH "SEE ALSO" .PP \fBipsec.conf\fR(5), \fBipsec\fR(8), \fBipsec-add\fR(8), \fBipsec-algparse\fR(8), \fBipsec-briefconnectionstatus\fR(8), \fBipsec-briefstatus\fR(8), \fBipsec-certutil\fR(8), \fBipsec-checkconfig\fR(8), \fBipsec-checknflog\fR(8), \fBipsec-checknss\fR(8), \fBipsec-connectionstatus\fR(8), \fBipsec-crlutil\fR(8), \fBipsec-delete\fR(8), \fBipsec-down\fR(8), \fBipsec-ecdsasigkey\fR(8), \fBipsec-fetchcrls\fR(8), \fBipsec-fipsstatus\fR(8), \fBipsec-globalstatus\fR(8), \fBipsec-import\fR(8), \fBipsec-initnss\fR(8), \fBipsec-letsencrypt\fR(8), \fBipsec-listall\fR(8), \fBipsec-listcacerts\fR(8), \fBipsec-listcerts\fR(8), \fBipsec-listcrls\fR(8), \fBipsec-listen\fR(8), \fBipsec-listpubkeys\fR(8), \fBipsec-modutil\fR(8), \fBipsec-newhostkey\fR(8), \fBipsec-pk12util\fR(8), \fBipsec-pluto\fR(8), \fBipsec-purgeocsp\fR(8), \fBipsec-redirect\fR(8), \fBipsec-replace\fR(8), \fBipsec-rereadall\fR(8), \fBipsec-rereadcerts\fR(8), \fBipsec-rereadsecrets\fR(8), \fBipsec-restart\fR(8), \fBipsec-route\fR(8), \fBipsec-rsasigkey\fR(8), \fBipsec-setup\fR(8), \fBipsec-showhostkey\fR(8), \fBipsec-showroute\fR(8), \fBipsec-showstates\fR(8), \fBipsec-shuntstatus\fR(8), \fBipsec-start\fR(8), \fBipsec-status\fR(8), \fBipsec-stop\fR(8), \fBipsec-trafficstatus\fR(8), \fBipsec-unroute\fR(8), \fBipsec-up\fR(8), \fBipsec-vfychain\fR(8), \fBipsec-whack\fR(8) .SH "BUGS" .PP none .SH "AUTHOR" .PP Tuomo Soini