other versions
- wheezy 1:2.6.37-3+deb7u1
| _UPDOWN(8) | [FIXME: manual] | _UPDOWN(8) |
NAME¶
ipsec__updown - kernel and routing manipulation scriptSYNOPSIS¶
_updown is invoked by pluto when it has brought up a new connection. This script is used to insert the appropriate routing entries for IPsec operation on some kernel IPsec stacks, such as KLIPS and MAST, and may do other necessary work that is kernel or user specific, such as defining custom firewall rules. The interface to the script is documented in the pluto man page.VARIABLES¶
The _updown is passed along a number of variables which can be used to act differently based on the information: PLUTO_VERSIONindicates what version of this interface is
being used. This document describes version 1.1. This is upwardly compatible
with version 1.0.
PLUTO_VERB
specifies the name of the operation to be
performed, which can be one of prepare-host, prepare-client,
up-host, up-client, down-host or down-client. If
the address family for security gateway to security gateway communications is
IPv6, then a suffix of -v6 is added to this verb.
PLUTO_CONNECTION
is the name of the connection for which we are
routing.
PLUTO_NEXT_HOP
is the next hop to which packets bound for the
peer must be sent.
PLUTO_INTERFACE
is the name of the ipsec interface to be
used.
PLUTO_ME
is the IP address of our host.
PLUTO_MY_CLIENT
is the IP address / count of our client
subnet. If the client is just the host, this will be the host´s own IP
address / max (where max is 32 for IPv4 and 128 for IPv6).
PLUTO_MY_CLIENT_NET
is the IP address of our client net. If the
client is just the host, this will be the host´s own IP address.
PLUTO_MY_CLIENT_MASK
is the mask for our client net. If the client
is just the host, this will be 255.255.255.255.
PLUTO_PEER
is the IP address of our peer.
PLUTO_PEER_CLIENT
is the IP address / count of the peer´s
client subnet. If the client is just the peer, this will be the peer´s
own IP address / max (where max is 32 for IPv4 and 128 for IPv6).
PLUTO_PEER_CLIENT_NET
is the IP address of the peer´s client
net. If the client is just the peer, this will be the peer´s own IP
address.
PLUTO_PEER_CLIENT_MASK
is the mask for the peer´s client net. If
the client is just the peer, this will be 255.255.255.255.
PLUTO_MY_PROTOCOL
lists the protocols allowed over this IPsec
SA.
PLUTO_PEER_PROTOCOL
lists the protocols the peer allows over this
IPsec SA.
PLUTO_MY_PORT
lists the ports allowed over this IPsec
SA.
PLUTO_PEER_PORT
lists the ports the peer allows over this
IPsec SA.
PLUTO_MY_ID
lists our id.
PLUTO_PEER_ID
lists our peer´s id.
PLUTO_PEER_CA
lists the peer´s CA.
SEE ALSO¶
ipsec(8), ipsec_pluto(8).HISTORY¶
Man page written for the Linux FreeS/WAN project < http://www.freeswan.org/> by Michael Richardson. Original program written by Henry Spencer.| 10/06/2010 | [FIXME: source] |