'\" t
.\"     Title: _UPDOWN
.\"    Author: Paul Wouters
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: 03/12/2024
.\"    Manual: Executable programs
.\"    Source: libreswan
.\"  Language: English
.\"
.TH "_UPDOWN" "8" "03/12/2024" "libreswan" "Executable programs"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ipsec__updown \- kernel and routing manipulation script
.SH "SYNOPSIS"
.PP
\fI_updown\fR
is invoked by pluto when it has brought up a new connection\&. This script is used to insert the appropriate routing entries for IPsec operation on some kernel IPsec stacks, and may do other necessary work that is kernel or user specific, such as defining custom firewall rules\&. The interface to the script is documented in the pluto man page\&.
.SH "VARIABLES"
.PP
The
\fI_updown\fR
is passed along a number of variables which can be used to act differently based on the information:
.PP
\fBPLUTO_VERB\fR
.RS 4
specifies the name of the operation to be performed, which can be one of
\fBprepare\-host\fR,
\fBprepare\-client\fR,
\fBup\-host\fR,
\fBup\-client\fR,
\fBdown\-host\fR
or
\fBdown\-client\fR\&. If the address family for security gateway to security gateway communications is IPv6, then a suffix of \-v6 is added to this verb\&.
.RE
.PP
\fBPLUTO_CONNECTION\fR
.RS 4
is the name of the connection for which we are routing\&.
.RE
.PP
\fBPLUTO_NEXT_HOP\fR
.RS 4
is the next hop to which packets bound for the peer must be sent\&.
.RE
.PP
\fBPLUTO_INTERFACE\fR
.RS 4
is the name of the real interface used by encrypted traffic and IKE traffic\&.
.RE
.PP
\fBPLUTO_ME\fR
.RS 4
is the IP address of our host\&.
.RE
.PP
\fBPLUTO_MY_CLIENT\fR
.RS 4
is the IP address / count of our client subnet\&. If the client is just the host, this will be the host\*(Aqs own IP address / max (where max is 32 for IPv4 and 128 for IPv6)\&.
.RE
.PP
\fBPLUTO_MY_CLIENT_NET\fR
.RS 4
is the IP address of our client net\&. If the client is just the host, this will be the host\*(Aqs own IP address\&.
.RE
.PP
\fBPLUTO_MY_CLIENT_MASK\fR
.RS 4
is the mask for our client net\&. If the client is just the host, this will be 255\&.255\&.255\&.255\&.
.RE
.PP
\fBPLUTO_PEER\fR
.RS 4
is the IP address of our peer\&.
.RE
.PP
\fBPLUTO_PEER_CLIENT\fR
.RS 4
is the IP address / count of the peer\*(Aqs client subnet\&. If the client is just the peer, this will be the peer\*(Aqs own IP address / max (where max is 32 for IPv4 and 128 for IPv6)\&.
.RE
.PP
\fBPLUTO_PEER_CLIENT_NET\fR
.RS 4
is the IP address of the peer\*(Aqs client net\&. If the client is just the peer, this will be the peer\*(Aqs own IP address\&.
.RE
.PP
\fBPLUTO_PEER_CLIENT_MASK\fR
.RS 4
is the mask for the peer\*(Aqs client net\&. If the client is just the peer, this will be 255\&.255\&.255\&.255\&.
.RE
.PP
\fBPLUTO_MY_PROTOCOL\fR
.RS 4
lists the protocols allowed over this IPsec SA\&.
.RE
.PP
\fBPLUTO_PEER_PROTOCOL\fR
.RS 4
lists the protocols the peer allows over this IPsec SA\&.
.RE
.PP
\fBPLUTO_MY_PORT\fR
.RS 4
lists the ports allowed over this IPsec SA\&.
.RE
.PP
\fBPLUTO_PEER_PORT\fR
.RS 4
lists the ports the peer allows over this IPsec SA\&.
.RE
.PP
\fBPLUTO_MY_ID\fR
.RS 4
lists our id\&.
.RE
.PP
\fBPLUTO_PEER_ID\fR
.RS 4
lists our peer\*(Aqs id\&.
.RE
.PP
\fBPLUTO_PEER_CA\fR
.RS 4
lists the peer\*(Aqs CA\&.
.RE
.SH "SEE ALSO"
.PP
\fBipsec\fR(8),
\fBipsec_pluto\fR(8)\&.
.SH "HISTORY"
.PP
Man page written for the Linux FreeS/WAN project <\m[blue]\fBhttps://www\&.freeswan\&.org/\fR\m[]> by Michael Richardson\&. Original program written by Henry Spencer\&.
.SH "AUTHOR"
.PP
\fBPaul Wouters\fR
.RS 4
placeholder to suppress warning
.RE