The _updown is passed along a number of variables which can be used to act differently based on the
information:
PLUTO_VERB
specifies the name of the operation to be performed, which can be one of prepare-host,
prepare-client, up-host, up-client, down-host or down-client. If the address family for security
gateway to security gateway communications is IPv6, then a suffix of -v6 is added to this verb.
PLUTO_CONNECTION
is the name of the connection for which we are routing.
PLUTO_NEXT_HOP
is the next hop to which packets bound for the peer must be sent.
PLUTO_INTERFACE
is the name of the real interface used by encrypted traffic and IKE traffic.
PLUTO_ME
is the IP address of our host.
PLUTO_MY_CLIENT
is the IP address / count of our client subnet. If the client is just the host, this will be the
host's own IP address / max (where max is 32 for IPv4 and 128 for IPv6).
PLUTO_MY_CLIENT_NET
is the IP address of our client net. If the client is just the host, this will be the host's own IP
address.
PLUTO_MY_CLIENT_MASK
is the mask for our client net. If the client is just the host, this will be 255.255.255.255.
PLUTO_PEER
is the IP address of our peer.
PLUTO_PEER_CLIENT
is the IP address / count of the peer's client subnet. If the client is just the peer, this will be
the peer's own IP address / max (where max is 32 for IPv4 and 128 for IPv6).
PLUTO_PEER_CLIENT_NET
is the IP address of the peer's client net. If the client is just the peer, this will be the peer's
own IP address.
PLUTO_PEER_CLIENT_MASK
is the mask for the peer's client net. If the client is just the peer, this will be 255.255.255.255.
PLUTO_MY_PROTOCOL
lists the protocols allowed over this IPsec SA.
PLUTO_PEER_PROTOCOL
lists the protocols the peer allows over this IPsec SA.
PLUTO_MY_PORT
lists the ports allowed over this IPsec SA.
PLUTO_PEER_PORT
lists the ports the peer allows over this IPsec SA.
PLUTO_MY_ID
lists our id.
PLUTO_PEER_ID
lists our peer's id.
PLUTO_PEER_CA
lists the peer's CA.
Install Now
PNG Icons
