DESCRIPTION

ipsec add connection adds a connection specification from /etc/ipsec.conf to internal database within pluto, The Libreswan IKE daemon. If there already was connection specification with same connectionname, old tunnels are torn down and new specification replaces old one.

This only adds the connection specification making it possible for remote to connect. To establish the connection you need to use ipsec up connection or to do both add and up with one run you can use ipsec start connection.

Note: you might also need to run ipsec rereadsecrets when your new connection uses pre-shared key (PSK) authentication, authby=secret because secrets keys are only being read at startup.

With ipsec add --checkconfig you can validate your configuration file. This will return 0 if config was valid. Optionally you can add --verbose for more detailed analysis.

With --dry-run the underlying whack or addconn command is displayed but not executed.

SEE ALSO

ipsec.conf(5), ipsec(8), ipsec-algparse(8), ipsec-briefconnectionstatus(8), ipsec-briefstatus(8), ipsec-certutil(8), ipsec-checkconfig(8), ipsec-checknflog(8), ipsec-checknss(8), ipsec-connectionstatus(8), ipsec-crlutil(8), ipsec-delete(8), ipsec-down(8), ipsec-ecdsasigkey(8), ipsec-fetchcrls(8), ipsec-fipsstatus(8), ipsec-globalstatus(8), ipsec-import(8), ipsec-initnss(8), ipsec-letsencrypt(8), ipsec-listall(8), ipsec-listcacerts(8), ipsec-listcerts(8), ipsec-listcrls(8), ipsec-listen(8), ipsec-listpubkeys(8), ipsec-modutil(8), ipsec-newhostkey(8), ipsec-ondemand(8), ipsec-pk12util(8), ipsec-pluto(8), ipsec-purgeocsp(8), ipsec-redirect(8), ipsec-replace(8), ipsec-rereadall(8), ipsec-rereadcerts(8), ipsec-rereadsecrets(8), ipsec-restart(8), ipsec-route(8), ipsec-rsasigkey(8), ipsec-setup(8), ipsec-showhostkey(8), ipsec-showroute(8), ipsec-showstates(8), ipsec-shuntstatus(8), ipsec-start(8), ipsec-status(8), ipsec-stop(8), ipsec-trafficstatus(8), ipsec-unroute(8), ipsec-up(8), ipsec-vfychain(8), ipsec-whack(8)

BUGS

none

AUTHOR

Tuomo Soini