## swan-updown
see [updown plugin](https://docs.strongswan.org/docs/5.9/plugins/updown.html).
First, it parses `PLUTO_*` and cli args.
Then it helps create ipsec interfaces on demand and log to syslog.
### usage
To utilize `swan-updown`, specify
```
connections.<conn>.children.<child>.updown = swan-updown [OPTIONS]
```
in `swanctl.conf`
For its arguments, see `swan-updown -h`.
```
# swan-updown -h
swan-updown helps create ipsec interfaces
Usage: swan-updown [OPTIONS]
Options:
-p, --prefix <prefix> the prefix of the created interfaces, default to [swan]
-n, --netns <netns> Optional network namespace to move interfaces into
-m, --master <master> Optional master device to assign interfaces to
--to-stdout send log to stdout, otherwise the log will be sent to syslog
-d, --debug... set it multiple times to increase log level, [0: Error, 1: Warn, 2: Info, 3: Debug]
-h, --help Print help
-V, --version Print version
```
#### reminder
By default `swan-updown` uses `syslog`, if you want it to use `env_logger`, please specify `--to-stdout`.
### what it will do
#### interface
It will [create / destroy] XFRM interface when an SA is [established / deleted].
The name of the interface will be `{prefix}{hex encoded if_id}`.
The `prefix` can be specified by `--prefix` argument and the `if_id` is the `PLUTO_IF_ID_IN` environment variable.
`swan-updown` also adds altnames to the interface. The altnames will show
- the local and remote IKEIDs pair
- the local and remote IP addresses pair
Additionally, if `--netns` is specified, the created interface will be moved into the given netns.