ipsec start
connection
[--config /etc/ipsec.conf
] [--ctlsocket /run/pluto/pluto.ctl
] [--dry-run]
ipsec start without any options requests initsystem to start ipsec service.
ipsec start with
connection
option is equivalent to
running first ipsec add
connection
and then
ipsec up
connection
, causing same
effect as connection configuration option
auto=start
on startup.
This sets up connection to be added to the pluto internal database and establishing the connection immediately.
Note: you might also need to run ipsec
rereadsecrets when your new connection uses pre-shared
key (PSK) authentication, authby=secret
because
secrets keys are only being read at startup.
With --dry-run
the underlying
whack or addconn command
is displayed but not executed.
ipsec.conf(5), ipsec(8), ipsec-add(8), ipsec-algparse(8), ipsec-briefconnectionstatus(8), ipsec-briefstatus(8), ipsec-certutil(8), ipsec-checkconfig(8), ipsec-checknflog(8), ipsec-checknss(8), ipsec-connectionstatus(8), ipsec-crlutil(8), ipsec-delete(8), ipsec-down(8), ipsec-ecdsasigkey(8), ipsec-fetchcrls(8), ipsec-fipsstatus(8), ipsec-globalstatus(8), ipsec-import(8), ipsec-initnss(8), ipsec-letsencrypt(8), ipsec-listall(8), ipsec-listcacerts(8), ipsec-listcerts(8), ipsec-listcrls(8), ipsec-listen(8), ipsec-listpubkeys(8), ipsec-modutil(8), ipsec-newhostkey(8), ipsec-ondemand(8), ipsec-pk12util(8), ipsec-pluto(8), ipsec-purgeocsp(8), ipsec-redirect(8), ipsec-replace(8), ipsec-rereadall(8), ipsec-rereadcerts(8), ipsec-rereadsecrets(8), ipsec-restart(8), ipsec-route(8), ipsec-rsasigkey(8), ipsec-setup(8), ipsec-showhostkey(8), ipsec-showroute(8), ipsec-showstates(8), ipsec-shuntstatus(8), ipsec-status(8), ipsec-stop(8), ipsec-trafficstatus(8), ipsec-unroute(8), ipsec-up(8), ipsec-vfychain(8), ipsec-whack(8)