ipsec down — Down all tunnels sharing same IPsec connection.


ipsec down connectionname [--ctlsocket /run/pluto/pluto.ctl]


Down operation commands pluto to tear down all connections matching specified connectionname in internal configuration database. This connection definitions in place so remotes can immediately connect back. If you want tunnel to go permanently down, use ipsec delete instead.

Normally, pluto's route to a destination remains in place when a down operation is used to take the connection down (or if connection setup, or later automatic rekeying, fails). This permits establishing a new connection (perhaps using a different specification; the route is altered as necessary) without having a “window” in which packets might go elsewhere based on a more general route. Such a route can be removed using the unroute operation (and is implicitly removed by delete).


ipsec.conf(5), ipsec(8), ipsec_add(8), ipsec_algparse(8), ipsec_barf(8), ipsec_briefconnectionstatus(8), ipsec_briefstatus(8), ipsec_certutil(8), ipsec_checkconfig(8), ipsec_checknflog(8), ipsec_checknss(8), ipsec_connectionstatus(8), ipsec_crlutil(8), ipsec_delete(8), ipsec_ecdsasigkey(8), ipsec_fetchcrls(8), ipsec_fipsstatus(8), ipsec_globalstatus(8), ipsec_import(8), ipsec_initnss(8), ipsec_letsencrypt(8), ipsec_listall(8), ipsec_listcacerts(8), ipsec_listcerts(8), ipsec_listcrls(8), ipsec_listen(8), ipsec_listpubkeys(8), ipsec_look(8), ipsec_modutil(8), ipsec_newhostkey(8), ipsec_ondemand(8), ipsec_pk12util(8), ipsec_pluto(8), ipsec_purgeocsp(8), ipsec_redirect(8), ipsec_replace(8), ipsec_rereadall(8), ipsec_rereadcerts(8), ipsec_rereadsecrets(8), ipsec_restart(8), ipsec_route(8), ipsec_rsasigkey(8), ipsec_setup(8), ipsec_showhostkey(8) ipsec_showroute(8), ipsec_showstates(8), ipsec_shuntstatus(8), ipsec_start(8), ipsec_status(8), ipsec_stop(8), ipsec_trafficstatus(8), ipsec_unroute(8), ipsec_up(8), ipsec_verify(8), ipsec_vfychain(8), ipsec_whack(8)




Tuomo Soini