ipsec-add — Add a connection specification to pluto internal database from /etc/ipsec.conf


ipsec add connectionname|--checkconfig [--config /etc/ipsec.conf] [--ctlsocket /run/pluto/pluto.ctl]


ipsec add adds a connection specification from /etc/ipsec.conf to internal database within pluto, The Libreswan IKE daemon. If there already was connection specification with same connectionname, old tunnels are torn down and new specification replaces old one.

With ipsec add --checkconfig you can validate your configuration file. This will return 0 if config was valid. Optionally you can add --verbose for more detailed analysis.

This only adds the connection specification making it possible for remote to connect. To establish the connection you need to use ipsec up connection or to do both add and up with one run you can use ipsec start connection.

Note: you might also need to run ipsec rereadsecrets when your new connection uses pre-shared key (PSK) authentication, authby=secret because secrets keys are only being read at startup.


ipsec.conf(5), ipsec(8), ipsec-algparse(8), ipsec-briefconnectionstatus(8), ipsec-briefstatus(8), ipsec-certutil(8), ipsec-checkconfig(8), ipsec-checknflog(8), ipsec-checknss(8), ipsec-connectionstatus(8), ipsec-crlutil(8), ipsec-delete(8), ipsec-down(8), ipsec-ecdsasigkey(8), ipsec-fetchcrls(8), ipsec-fipsstatus(8), ipsec-globalstatus(8), ipsec-import(8), ipsec-initnss(8), ipsec-letsencrypt(8), ipsec-listall(8), ipsec-listcacerts(8), ipsec-listcerts(8), ipsec-listcrls(8), ipsec-listen(8), ipsec-listpubkeys(8), ipsec-modutil(8), ipsec-newhostkey(8), ipsec-ondemand(8), ipsec-pk12util(8), ipsec-pluto(8), ipsec-purgeocsp(8), ipsec-redirect(8), ipsec-replace(8), ipsec-rereadall(8), ipsec-rereadcerts(8), ipsec-rereadsecrets(8), ipsec-restart(8), ipsec-route(8), ipsec-rsasigkey(8), ipsec-setup(8), ipsec-showhostkey(8), ipsec-showroute(8), ipsec-showstates(8), ipsec-shuntstatus(8), ipsec-start(8), ipsec-status(8), ipsec-stop(8), ipsec-trafficstatus(8), ipsec-unroute(8), ipsec-up(8), ipsec-vfychain(8), ipsec-whack(8)




Tuomo Soini