ipsec add connectionname|--checkconfig [--config /etc/ipsec.conf] [--ctlsocket /run/pluto/pluto.ctl]
Add operation add a connection specification from /etc/ipsec.conf to internal database within pluto, The Libreswan IKE daemon. If there already was connection specification with same connectionname, old tunnels are torn down and new specification replaces old one.
With ipsec add --checkconfig you can validate
your configuration file. This will return 0 if config was valid.
Optionally you can add --verbose for more detailed
analysis.
This only adds the connection specification making it possible for
remote to connect. To establish the connection you need to use
ipsec up connectionname or to do both
add and up with one
run you can use ipsec start connectionname.
Note: you might also need to run ipsec rereadsecrets
when your new connection uses pre-shared key (PSK) authentication,
authby=secret because secrets keys are only being
read at startup.
ipsec.conf(5), ipsec(8), ipsec_algparse(8), ipsec_barf(8), ipsec_briefstatus(8), ipsec_certutil(8), ipsec_checkconfig(8), ipsec_checknflog(8), ipsec_checknss(8), ipsec_connectionstatus(8), ipsec_crlutil(8), ipsec_delete(8), ipsec_down(8), ipsec_ecdsasigkey(8), ipsec_fetchcrls(8), ipsec_fipsstatus(8), ipsec_globalstatus(8), ipsec_import(8), ipsec_initnss(8), ipsec_letsencrypt(8), ipsec_listall(8), ipsec_listcacerts(8), ipsec_listcerts(8), ipsec_listcrls(8), ipsec_listen(8), ipsec_listpubkeys(8), ipsec_look(8), ipsec_modutil(8), ipsec_newhostkey(8), ipsec_ondemand(8), ipsec_pk12util(8), ipsec_pluto(8), ipsec_purgeocsp(8), ipsec_redirect(8), ipsec_replace(8), ipsec_rereadall(8), ipsec_rereadcerts(8), ipsec_rereadsecrets(8), ipsec_restart(8), ipsec_route(8), ipsec_rsasigkey(8), ipsec_setup(8), ipsec_showhostkey(8) ipsec_showroute(8), ipsec_showstates(8), ipsec_shuntstatus(8), ipsec_start(8), ipsec_status(8), ipsec_stop(8), ipsec_trafficstatus(8), ipsec_unroute(8), ipsec_up(8), ipsec_verify(8), ipsec_vfychain(8), ipsec_whack(8)