FreeBSD Manual Pages
_UPDOWN(8) Executable programs _UPDOWN(8) NAME ipsec__updown - kernel and routing manipulation script SYNOPSIS _updown is invoked by pluto when it has brought up a new connection. This script is used to insert the appropriate routing entries for IPsec operation on some kernel IPsec stacks, and may do other necessary work that is kernel or user specific, such as defining custom firewall rules. The interface to the script is documented in the pluto man page. VARIABLES The _updown is passed along a number of variables which can be used to act differently based on the information: PLUTO_VERB specifies the name of the operation to be performed, which can be one of prepare-host, prepare-client, up-host, up-client, down-host or down-client. If the address family for security gateway to security gateway communications is IPv6, then a suffix of -v6 is added to this verb. PLUTO_CONNECTION is the name of the connection for which we are routing. PLUTO_NEXT_HOP is the next hop to which packets bound for the peer must be sent. PLUTO_INTERFACE is the name of the real interface used by encrypted traffic and IKE traffic. PLUTO_ME is the IP address of our host. PLUTO_MY_CLIENT is the IP address / count of our client subnet. If the client is just the host, this will be the host's own IP address / max (where max is 32 for IPv4 and 128 for IPv6). PLUTO_MY_CLIENT_NET is the IP address of our client net. If the client is just the host, this will be the host's own IP address. PLUTO_MY_CLIENT_MASK is the mask for our client net. If the client is just the host, this will be 255.255.255.255. PLUTO_PEER is the IP address of our peer. PLUTO_PEER_CLIENT is the IP address / count of the peer's client subnet. If the client is just the peer, this will be the peer's own IP address / max (where max is 32 for IPv4 and 128 for IPv6). PLUTO_PEER_CLIENT_NET is the IP address of the peer's client net. If the client is just the peer, this will be the peer's own IP address. PLUTO_PEER_CLIENT_MASK is the mask for the peer's client net. If the client is just the peer, this will be 255.255.255.255. PLUTO_MY_PROTOCOL lists the protocols allowed over this IPsec SA. PLUTO_PEER_PROTOCOL lists the protocols the peer allows over this IPsec SA. PLUTO_MY_PORT lists the ports allowed over this IPsec SA. PLUTO_PEER_PORT lists the ports the peer allows over this IPsec SA. PLUTO_MY_ID lists our id. PLUTO_PEER_ID lists our peer's id. PLUTO_PEER_CA lists the peer's CA. SEE ALSO ipsec(8), ipsec_pluto(8). HISTORY Man page written for the Linux FreeS/WAN project <https://www.freeswan.org/> by Michael Richardson. Original program written by Henry Spencer. AUTHOR Paul Wouters placeholder to suppress warning libreswan 05/13/2025 _UPDOWN(8)
NAME | SYNOPSIS | VARIABLES | SEE ALSO | HISTORY | AUTHOR
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ipsec__updown&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>