'\" t .\" Title: IPSEC-ADD .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> .\" Date: 03/19/2025 .\" Manual: Executable programs .\" Source: Libreswan 5.2 .\" Language: English .\" .TH "IPSEC\-ADD" "8" "03/19/2025" "Libreswan 5.2" "Executable programs" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" ipsec-add \- Add a connection specification to pluto internal database from /etc/ipsec.conf .SH "SYNOPSIS" .HP \w'\fBipsec\ add\fR\ 'u \fBipsec add\fR [\fIconnection\fR | \-\-checkconfig] [\-\-dry\-run] [\-\-config\ \fI/etc/ipsec.conf\fR] [\-\-ctlsocket\ \fI/run/pluto/pluto\&.ctl\fR] .SH "DESCRIPTION" .PP \fBipsec add \fR\fB\fIconnection\fR\fR\fB \fR adds a connection specification from /etc/ipsec.conf to internal database within pluto, The Libreswan IKE daemon\&. If there already was connection specification with same connectionname, old tunnels are torn down and new specification replaces old one\&. .PP This only adds the connection specification making it possible for remote to connect\&. To establish the connection you need to use \fBipsec up \fR\fB\fIconnection\fR\fR or to do both \fBadd\fR and \fBup\fR with one run you can use \fBipsec start \fR\fB\fIconnection\fR\fR\&. .PP Note: you might also need to run \fBipsec rereadsecrets\fR when your new connection uses pre\-shared key (PSK) authentication, \fBauthby=secret\fR because secrets keys are only being read at startup\&. .PP With \fBipsec add \-\-checkconfig\fR you can validate your configuration file\&. This will return 0 if config was valid\&. Optionally you can add \fB\-\-verbose\fR for more detailed analysis\&. .PP With \fB\-\-dry\-run\fR the underlying \fBwhack\fR or \fBaddconn\fR command is displayed but not executed\&. .SH "SEE ALSO" .PP \fBipsec.conf\fR(5), \fBipsec\fR(8), \fBipsec-algparse\fR(8), \fBipsec-briefconnectionstatus\fR(8), \fBipsec-briefstatus\fR(8), \fBipsec-certutil\fR(8), \fBipsec-checkconfig\fR(8), \fBipsec-checknflog\fR(8), \fBipsec-checknss\fR(8), \fBipsec-connectionstatus\fR(8), \fBipsec-crlutil\fR(8), \fBipsec-delete\fR(8), \fBipsec-down\fR(8), \fBipsec-ecdsasigkey\fR(8), \fBipsec-fetchcrls\fR(8), \fBipsec-fipsstatus\fR(8), \fBipsec-globalstatus\fR(8), \fBipsec-import\fR(8), \fBipsec-initnss\fR(8), \fBipsec-letsencrypt\fR(8), \fBipsec-listall\fR(8), \fBipsec-listcacerts\fR(8), \fBipsec-listcerts\fR(8), \fBipsec-listcrls\fR(8), \fBipsec-listen\fR(8), \fBipsec-listpubkeys\fR(8), \fBipsec-modutil\fR(8), \fBipsec-newhostkey\fR(8), \fBipsec-ondemand\fR(8), \fBipsec-pk12util\fR(8), \fBipsec-pluto\fR(8), \fBipsec-purgeocsp\fR(8), \fBipsec-redirect\fR(8), \fBipsec-replace\fR(8), \fBipsec-rereadall\fR(8), \fBipsec-rereadcerts\fR(8), \fBipsec-rereadsecrets\fR(8), \fBipsec-restart\fR(8), \fBipsec-route\fR(8), \fBipsec-rsasigkey\fR(8), \fBipsec-setup\fR(8), \fBipsec-showhostkey\fR(8), \fBipsec-showroute\fR(8), \fBipsec-showstates\fR(8), \fBipsec-shuntstatus\fR(8), \fBipsec-start\fR(8), \fBipsec-status\fR(8), \fBipsec-stop\fR(8), \fBipsec-trafficstatus\fR(8), \fBipsec-unroute\fR(8), \fBipsec-up\fR(8), \fBipsec-vfychain\fR(8), \fBipsec-whack\fR(8) .SH "BUGS" .PP none .SH "AUTHOR" .PP Tuomo Soini