ipsec add
connectionname|--checkconfig [--config /etc/ipsec.conf
] [--ctlsocket /run/pluto/pluto.ctl
]
ipsec add adds a connection specification
from /etc/ipsec.conf
to internal database
within pluto, The Libreswan IKE daemon. If there already was
connection specification with same connectionname, old tunnels
are torn down and new specification replaces old one.
With ipsec add --checkconfig you can validate
your configuration file. This will return 0 if config was valid.
Optionally you can add --verbose
for more
detailed analysis.
This only adds the connection specification making it possible
for remote to connect. To establish the connection you need to
use ipsec up connection
or to do both
add
and up
with one run you
can use ipsec start
connection
.
Note: you might also need to run ipsec
rereadsecrets when your new connection uses pre-shared
key (PSK) authentication, authby=secret
because
secrets keys are only being read at startup.
ipsec.conf(5), ipsec(8), ipsec-algparse(8), ipsec-briefconnectionstatus(8), ipsec-briefstatus(8), ipsec-certutil(8), ipsec-checkconfig(8), ipsec-checknflog(8), ipsec-checknss(8), ipsec-connectionstatus(8), ipsec-crlutil(8), ipsec-delete(8), ipsec-down(8), ipsec-ecdsasigkey(8), ipsec-fetchcrls(8), ipsec-fipsstatus(8), ipsec-globalstatus(8), ipsec-import(8), ipsec-initnss(8), ipsec-letsencrypt(8), ipsec-listall(8), ipsec-listcacerts(8), ipsec-listcerts(8), ipsec-listcrls(8), ipsec-listen(8), ipsec-listpubkeys(8), ipsec-modutil(8), ipsec-newhostkey(8), ipsec-ondemand(8), ipsec-pk12util(8), ipsec-pluto(8), ipsec-purgeocsp(8), ipsec-redirect(8), ipsec-replace(8), ipsec-rereadall(8), ipsec-rereadcerts(8), ipsec-rereadsecrets(8), ipsec-restart(8), ipsec-route(8), ipsec-rsasigkey(8), ipsec-setup(8), ipsec-showhostkey(8), ipsec-showroute(8), ipsec-showstates(8), ipsec-shuntstatus(8), ipsec-start(8), ipsec-status(8), ipsec-stop(8), ipsec-trafficstatus(8), ipsec-unroute(8), ipsec-up(8), ipsec-vfychain(8), ipsec-whack(8)