ipsec__stackmanager (8) - Linux Manuals

ipsec__stackmanager: internal script to bring up kernel components for Libreswan

Command to display ipsec__stackmanager manual in Linux: $ man 8 ipsec__stackmanager

NAME

ipsec__stackmanager - internal script to bring up kernel components for Libreswan

SYNOPSIS

ipsec _stackmanager start [--netkey]
ipsec _stackmanager stop

DESCRIPTION

ipsec _stackmanager

is called from within the init sub-system (systemd, upstart, sysv initscripts) to bring up the Libreswan kernel component as configured via the protostack= option in the ipsec.conf configuration file.

This involves loading and optionally unloading of the required kernel modules. Because the Linux kernel cannot autodetect most crypto related drivers on-demand, _stackmanager handles loading the hardware random number (RNG) device drivers, OpenBSD/FreeBSD Cryptographic Framework (OCF) drivers, CryptoAPI drivers, and the modules for the specific stack (Linux NETKEY/XFM or KLIPS/MAST). Probing for OCF supported hardware is not supported - those modules must be loaded by the system before the start of the Libreswan sub system.

When the --netkey option is given to the start command, the netkey stack is loaded regardless of the existence or contents of the ipsec.conf file. This is used for docker tests where the host system, which might not have libreswan installed, needs to run _stackmanager from the source tree to load the modules on the host so the modules are available inside the containers.

HISTORY

This script was introduced in Libreswan. On the older Openswan systems, this functionality was split over various script files such as ipsec _startnetkey, ipsec _startklips, ipsec _realsetup and ipsec setup. Man page written for the Libreswan project <m[blue]http://www.libreswan.org/m[]> by Paul Wouters.

AUTHOR

Paul Wouters

: placeholder to suppress warning