👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

NetBSD 6.1.5 - man page for racoonctl (netbsd section 8)

RACOONCTL(8)			   BSD System Manager's Manual			     RACOONCTL(8)

NAME
     racoonctl -- racoon administrative control tool

SYNOPSIS
     racoonctl [opts] reload-config
     racoonctl [opts] show-schedule
     racoonctl [opts] show-sa [isakmp|esp|ah|ipsec]
     racoonctl [opts] get-sa-cert [inet|inet6] src dst
     racoonctl [opts] flush-sa [isakmp|esp|ah|ipsec]
     racoonctl [opts] delete-sa saopts
     racoonctl [opts] establish-sa [-w] [-n remoteconf] [-u identity] saopts
     racoonctl [opts] vpn-connect [-u identity] vpn_gateway
     racoonctl [opts] vpn-disconnect vpn_gateway
     racoonctl [opts] show-event
     racoonctl [opts] logout-user login

DESCRIPTION
     racoonctl is used to control racoon(8) operation, if ipsec-tools was configured with admin-
     port support.  Communication between racoonctl and racoon(8) is done through a UNIX socket.
     By changing the default mode and ownership of the socket, you can allow non-root users to
     alter racoon(8) behavior, so do that with caution.

     The following general options are available:

     -d      Debug mode.  Hexdump sent admin port commands.

     -l      Increase verbosity.  Mainly for show-sa command.

     -s socket
	     Specify unix socket name used to connecting racoon.

     The following commands are available:

     reload-config
	     This should cause racoon(8) to reload its configuration file.

     show-schedule
	     Unknown command.

     show-sa [isakmp|esp|ah|ipsec]
	     Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP
	     SAs, IPsec AH SAs, or all IPsec SAs.  Use -l to increase verbosity.

     get-sa-cert [inet|inet6] src dst
	     Output the raw certificate that was used to authenticate the phase 1 matching src
	     and dst.

     flush-sa [isakmp|esp|ah|ipsec]
	     is used to flush all SAs if no SA class is provided, or a class of SAs, either
	     ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.

     establish-sa [-w] [-n remoteconf] [-u username] saopts
	     Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.  The optional -u
	     username can be used when establishing an ISAKMP SA while hybrid auth is in use.
	     The exact remote block to use can be specified with -n remoteconf.  racoonctl will
	     prompt you for the password associated with username and these credentials will be
	     used in the Xauth exchange.

	     Specifying -w will make racoonctl wait until the SA is actually established or an
	     error occurs.

	     saopts has the following format:

	     isakmp {inet|inet6} src dst

	     {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
	       {icmp|tcp|udp|gre|any}

     vpn-connect [-u username] vpn_gateway
	     This is a particular case of the previous command.  It will establish an ISAKMP SA
	     with vpn_gateway.

     delete-sa saopts
	     Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.

     vpn-disconnect vpn_gateway
	     This is a particular case of the previous command.  It will kill all SAs associated
	     with vpn_gateway.

     show-event
	     Listen for all events reported by racoon(8).

     logout-user login
	     Delete all SA established on behalf of the Xauth user login.

     Command shortcuts are available:
	   rc	reload-config
	   ss	show-sa
	   sc	show-schedule
	   fs	flush-sa
	   ds	delete-sa
	   es	establish-sa
	   vc	vpn-connect
	   vd	vpn-disconnect
	   se	show-event
	   lu	logout-user

RETURN VALUES
     The command should exit with 0 on success, and non-zero on errors.

FILES
     /var/racoon/racoon.sock or
     /var/run/racoon.sock	     racoon(8) control socket.

SEE ALSO
     ipsec(4), racoon(8)

HISTORY
     Once was kmpstat in the KAME project.  It turned into racoonctl but remained undocumented
     for a while.  Emmanuel Dreyfus <manu@NetBSD.org> wrote this man page.

BSD					  March 12, 2009				      BSD


All times are GMT -4. The time now is 09:51 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password