Down operation commands pluto to
tear down all connections matching specified
connectionname in internal configuration database.
This connection definitions in place so remotes can immediately
connect back. If you want tunnel to go permanently down, use
ipsec delete instead.
Normally, pluto's route to a destination remains in place when a
down operation is used to take the connection down
(or if connection setup, or later automatic rekeying, fails). This
permits establishing a new connection (perhaps using a different
specification; the route is altered as necessary) without having
a “window” in which packets might go elsewhere based on a more general
route. Such a route can be removed using the unroute
operation (and is implicitly removed by delete).
ipsec.conf(5), ipsec(8), ipsec_add(8), ipsec_algparse(8), ipsec_barf(8), ipsec_briefconnectionstatus(8), ipsec_briefstatus(8), ipsec_certutil(8), ipsec_checkconfig(8), ipsec_checknflog(8), ipsec_checknss(8), ipsec_connectionstatus(8), ipsec_crlutil(8), ipsec_delete(8), ipsec_ecdsasigkey(8), ipsec_fetchcrls(8), ipsec_fipsstatus(8), ipsec_globalstatus(8), ipsec_import(8), ipsec_initnss(8), ipsec_letsencrypt(8), ipsec_listall(8), ipsec_listcacerts(8), ipsec_listcerts(8), ipsec_listcrls(8), ipsec_listen(8), ipsec_listpubkeys(8), ipsec_look(8), ipsec_modutil(8), ipsec_newhostkey(8), ipsec_ondemand(8), ipsec_pk12util(8), ipsec_pluto(8), ipsec_purgeocsp(8), ipsec_redirect(8), ipsec_replace(8), ipsec_rereadall(8), ipsec_rereadcerts(8), ipsec_rereadsecrets(8), ipsec_restart(8), ipsec_route(8), ipsec_rsasigkey(8), ipsec_setup(8), ipsec_showhostkey(8) ipsec_showroute(8), ipsec_showstates(8), ipsec_shuntstatus(8), ipsec_start(8), ipsec_status(8), ipsec_stop(8), ipsec_trafficstatus(8), ipsec_unroute(8), ipsec_up(8), ipsec_verify(8), ipsec_vfychain(8), ipsec_whack(8)