SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files 
IPsec Starter -- Version 0.2        [Contributed by Arkoon Network Security]
============================        [                http://www.arkoon.net/]

IPsec Starter is aimed to replace all the scripts which are used to start and stop strongSwan and to do that in a quicker and a smarter way.

IPsec Starter can also reload the configuration file (kill --HUP or periodicaly) and apply the changes.

Usage
starter [--debug] [--auto_update <x seconds>] --debug: enable debugging output --no_fork: all msg (including pluto) are sent to the console --auto_update: reload the config file (like kill -HUP) every x seconds

and determine any configuration changes

FEATURES

  • Load and unload KLIPS (ipsec.o kernel module)
  • Load modules of the native Linux 2.6 IPsec stack
  • Launch and monitor pluto
  • Add, initiate, route and del connections
  • Attach and detach interfaces according to config file
  • kill -HUP can be used to reload the config file. New connections will be added, old ones will be removed and modified ones will be reloaded. Interfaces/Klips/Pluto will be reloaded if necessary.
  • Full support of the %defaultroute wildcard parameter.
  • save own pid in /var/run/starter
  • Upon reloading, dynamic DNS addr will be resolved and reloaded. Use --auto_update to periodicaly check dynamic DNS changes.
  • kill -USR1 can be used to reload all connections (delete then add and route/initiate)
  • /var/run/dynip/xxxx can be used to use a virtual interface name in ipsec.conf. By example, when adsl can be ppp0, ppp1, ... : ipsec.conf:interfaces ="ipsec0=adsl" And use /etc/ppp/ip-up to create /var/run/dynip/adsl /var/run/dynip/adsl: IP_PHYS=ppp0
  • %auto can be used to automaticaly name the connections
  • kill -TERM can be used to stop FS. pluto will be stopped and KLIPS unloaded (if it has been loaded).
  • Can be used to start strongSwan and load lots of connections in a few seconds.

TODO

  • handle wildcards in include lines -- use glob() fct ex: include /etc/ipsec.*.conf
  • handle duplicates keywords and sections
  • 'also' keyword not supported
  • manually keyed connections
  • IPv6
  • Documentation

CHANGES

  • Version 0.1 -- 2002.01.14 -- First public release
  • Version 0.2 -- 2002.09.04 -- Various enhancements

    FreeS/WAN 1.98b, x509 0.9.14, algo 0.8.0

  • Version 0.2d -- 2004.01.13 -- Adaptions for Openswan 1.0.0

    by Stephan Scholz <sscholz@astaro.com>

  • Version 0.2e -- 2004.10.14 -- Added support for change of interface address

    by Stephan Scholz <sscholz@astaro.com>

  • Version 0.2s -- 2005-12-02 -- Ported to strongSwan

    by Stephan Scholz <sscholz@astaro.com>

  • Version 0.2x -- 2006-01-02 -- Added missing strongSwan keywords

    Full support of the native Linux 2.6 IPsec stack Full support of %defaultroute Improved parsing of keywords using perfect hash function generated by gperf. by Andreas Steffen <andreas.steffen@hsr.ch>

THANKS

  • Nathan Angelacos - include fix


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.