start

• ipsec setup --start

ipsec_setup: Starting Openswan IPsec U2.6.38/K3.19.0-25-generic...

stop

• ipsec setup --stop

ipsec_setup: Stopping Openswan IPsec...

restart

• ipsec setup --restart

ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: stop ordered, but IPsec appears to be already stopped!
ipsec_setup: doing cleanup anyway...
ipsec_setup: Starting Openswan IPsec U2.6.38/K3.19.0-25-generic...

status

• ipsec setup --status

IPsec running  - pluto pid: 9515
pluto pid 9515
No tunnels up

Anzeige der verfügbaren Verbindungen

• grep conn /etc/ipsec.conf

conn toc-ras

conn add

• ipsec auto --add toc-ras

conn up

• ipsec auto --up toc-ras

104 "toc-ras" #5

STATE_MAIN_I1: initiate

003 "toc-ras" #5

received Vendor ID payload [Openswan (this version) 2.6.38 ]

003 "toc-ras" #5: received Vendor ID payload [Dead Peer Detection] 106 "toc-ras" #5: STATE_MAIN_I2: sent MI2, expecting MR2 108 "toc-ras" #5: STATE_MAIN_I3: sent MI3, expecting MR3 003 "toc-ras" #5: received Vendor ID payload [CAN-IKEv2] 004 "toc-ras" #5: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_md5 group=modp1536} 117 "toc-ras" #6: STATE_QUICK_I1: initiate 004 "toc-ras" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x5b54fafa <0xd99615e0 xfrm=AES_256-HMAC_MD5 NATOA=none NATD=none DPD=none}

conn delete

ipsec auto --delete <conn>

conn down

ipsec auto --down <conn>

reread secrets

ipsec auto --rereadsecrets

list ca certs

ipsec auto --listcacerts

list certs

ipsec auto --listcerts

status of all connections

ipsec auto --status

have a look to the established connections

ipsec look

showdefaults ip, nexthop, interface

ipsec showdefaults

collect debugging infos

ipsec barf --short