The connection's specification is loaded into into pluto's internal connection database, and configured to accept connections from remote peers (see also --auto and --autoall). If a connection with same name already exists in pluto's connection database then the old connection's tunnels are torn down and the new connection specification replaces old one.

The option --auto specifies additional action to take once the connection is loaded: --auto=up also initiates the connection (see ipsec-up(8)); --auto=route routes the connection (make it on-demand) (see ipsec-route(8)).

This is equivalent to a connection with auto=add being loaded during startup.

By default, once all connections are loaded, ipsec add connection... will continue to monitor pluto's logs until additional actions, such as --auto=up, have completed (--asynchronous=no).

Load all connection specifications with auto=add, auto=route, auto=up, or auto=keep. In addition, auto=route connections will be routed (made on-demand) and auto=up will be initiated.

By default, once all connections are loaded, ipsec add --autoall will disconnect from pluto. Additional actions, such as auto=up, will be performed in the background (--asynchronous=yes).

Parse the configuration file, performing minimal validation. This will return 0 if config was valid. Optionally you can add --verbose for more detailed analysis.

Load and then route (make on-demand) the connection.

This is equivalent to a connection with auto=route being loaded during startup.

Do not pass the connections to pluto.

Increase verbosity.

Specify an alternative configuration file to load.

The default is /etc/ipsec.conf.

Specify an alternative control socket to use.

The default is /run/pluto/pluto.ctl.

Should ipsec add detach, allowing auto= to be performed in the background?