ipsec start connection [--config /etc/ipsec.conf] [--ctlsocket /run/pluto/pluto.ctl] [--dry-run]
ipsec start without any options requests initsystem to start ipsec service.
ipsec start with
connection option is equivalent to
running first ipsec add
connection and then
ipsec up
connection, causing same
effect as connection configuration option
auto=start on startup.
This sets up connection to be added to the pluto internal database and establishing the connection immediately.
Note: you might also need to run ipsec
rereadsecrets when your new connection uses pre-shared
key (PSK) authentication, authby=secret because
secrets keys are only being read at startup.
With --dry-run the underlying
whack or addconn command
is displayed but not executed.
ipsec.conf(5), ipsec(8), ipsec-add(8), ipsec-algparse(8), ipsec-briefconnectionstatus(8), ipsec-briefstatus(8), ipsec-certutil(8), ipsec-checkconfig(8), ipsec-checknflog(8), ipsec-checknss(8), ipsec-connectionstatus(8), ipsec-crlutil(8), ipsec-delete(8), ipsec-down(8), ipsec-ecdsasigkey(8), ipsec-fetchcrls(8), ipsec-fipsstatus(8), ipsec-globalstatus(8), ipsec-import(8), ipsec-initnss(8), ipsec-letsencrypt(8), ipsec-listall(8), ipsec-listcacerts(8), ipsec-listcerts(8), ipsec-listcrls(8), ipsec-listen(8), ipsec-listpubkeys(8), ipsec-modutil(8), ipsec-newhostkey(8), ipsec-ondemand(8), ipsec-pk12util(8), ipsec-pluto(8), ipsec-purgeocsp(8), ipsec-redirect(8), ipsec-replace(8), ipsec-rereadall(8), ipsec-rereadcerts(8), ipsec-rereadsecrets(8), ipsec-restart(8), ipsec-route(8), ipsec-rsasigkey(8), ipsec-setup(8), ipsec-showhostkey(8), ipsec-showroute(8), ipsec-showstates(8), ipsec-shuntstatus(8), ipsec-status(8), ipsec-stop(8), ipsec-trafficstatus(8), ipsec-unroute(8), ipsec-up(8), ipsec-vfychain(8), ipsec-whack(8)