ipsec add connectionname|--checkconfig [--config /etc/ipsec.conf] [--ctlsocket /run/pluto/pluto.ctl]
ipsec add adds a connection specification
from /etc/ipsec.conf to internal database
within pluto, The Libreswan IKE daemon. If there already was
connection specification with same connectionname, old tunnels
are torn down and new specification replaces old one.
With ipsec add --checkconfig you can validate
your configuration file. This will return 0 if config was valid.
Optionally you can add --verbose for more
detailed analysis.
This only adds the connection specification making it possible
for remote to connect. To establish the connection you need to
use ipsec up connection or to do both
add and up with one run you
can use ipsec start
connection.
Note: you might also need to run ipsec
rereadsecrets when your new connection uses pre-shared
key (PSK) authentication, authby=secret because
secrets keys are only being read at startup.
ipsec.conf(5), ipsec(8), ipsec-algparse(8), ipsec-briefconnectionstatus(8), ipsec-briefstatus(8), ipsec-certutil(8), ipsec-checkconfig(8), ipsec-checknflog(8), ipsec-checknss(8), ipsec-connectionstatus(8), ipsec-crlutil(8), ipsec-delete(8), ipsec-down(8), ipsec-ecdsasigkey(8), ipsec-fetchcrls(8), ipsec-fipsstatus(8), ipsec-globalstatus(8), ipsec-import(8), ipsec-initnss(8), ipsec-letsencrypt(8), ipsec-listall(8), ipsec-listcacerts(8), ipsec-listcerts(8), ipsec-listcrls(8), ipsec-listen(8), ipsec-listpubkeys(8), ipsec-modutil(8), ipsec-newhostkey(8), ipsec-ondemand(8), ipsec-pk12util(8), ipsec-pluto(8), ipsec-purgeocsp(8), ipsec-redirect(8), ipsec-replace(8), ipsec-rereadall(8), ipsec-rereadcerts(8), ipsec-rereadsecrets(8), ipsec-restart(8), ipsec-route(8), ipsec-rsasigkey(8), ipsec-setup(8), ipsec-showhostkey(8), ipsec-showroute(8), ipsec-showstates(8), ipsec-shuntstatus(8), ipsec-start(8), ipsec-status(8), ipsec-stop(8), ipsec-trafficstatus(8), ipsec-unroute(8), ipsec-up(8), ipsec-vfychain(8), ipsec-whack(8)