Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

racoonctl(8) [osx man page]

RACOONCTL(8)						    BSD System Manager's Manual 					      RACOONCTL(8)

racoonctl -- racoon administrative control tool SYNOPSIS
racoonctl reload-config racoonctl show-schedule racoonctl [-l [-l]] show-sa [isakmp|esp|ah|ipsec] racoonctl flush-sa [isakmp|esp|ah|ipsec] racoonctl delete-sa saopts racoonctl establish-sa [-u identity] saopts racoonctl vpn-connect [-u -identity] vpn_gateway racoonctl vpn-disconnect vpn_gateway racoonctl show-event [-l] racoonctl logout-user login DESCRIPTION
racoonctl is used to control racoon(8) operation, if ipsec-tools was configured with adminport support. Communication between racoonctl and racoon(8) is done through a UNIX socket. By changing the default mode and ownership of the socket, you can allow non-root users to alter racoon(8) behavior, so do that with caution. The following commands are available: reload-config This should cause racoon(8) to reload its configuration file. show-schedule Unknown command. show-sa [isakmp|esp|ah|ipsec] Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. Use -l to increase verbosity. flush-sa [isakmp|esp|ah|ipsec] is used to flush all SAs if no SA class is provided, or a class of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. establish-sa [-u username] saopts Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. The optional -u username can be used when establishing an ISAKMP SA while hybrid auth is in use. racoonctl will prompt you for the password associated with username and these credentials will be used in the Xauth exchange. saopts has the following format: isakmp {inet|inet6} src dst {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port {icmp|tcp|udp|any} vpn-connect [-u username] vpn_gateway This is a particular case of the previous command. It will establish an ISAKMP SA with vpn_gateway. delete-sa saopts Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. vpn-disconnect vpn_gateway This is a particular case of the previous command. It will kill all SAs associated with vpn_gateway. show-event [-l] Dump all events reported by racoon(8), then quit. The -l flag causes racoonctl to not stop once all the events have been read, but rather to loop awaiting and reporting new events. logout-user login Delete all SA established on behalf of the Xauth user login. Command shortcuts are available: rc reload-config ss show-sa sc show-schedule fs flush-sa ds delete-sa es establish-sa vc vpn-connect vd vpn-disconnect se show-event lu logout-user RETURN VALUES
The command should exit with 0 on success, and non-zero on errors. FILES
/var/racoon/racoon.sock or /var/run/racoon.sock racoon(8) control socket. SEE ALSO
ipsec(4), racoon(8) HISTORY
Once was kmpstat in the KAME project. It turned into racoonctl but remained undocumented for a while. Emmanuel Dreyfus <> wrote this man page. BSD
November 16, 2004 BSD

Check Out this Related Man Page

RACOON(8)						    BSD System Manager's Manual 						 RACOON(8)

racoon -- IKE (ISAKMP/Oakley) key management daemon SYNOPSIS
racoon [-BdFv46] [-f configfile] [-l logfile] [-p isakmp-port] DESCRIPTION
racoon speaks IKE (ISAKMP/Oakley) key management protocol, to establish security association with other hosts. SPD (Security Policy Database) in the kernel usually triggers to start racoon. racoon usually sends all of informational messages, warnings and error messages to syslogd(8) with the facility LOG_DAEMON, the priority LOG_INFO. Debugging messages are sent with the priority LOG_DEBUG. You should config- ure syslog.conf(5) appropriately to see these messages. -B Install SA(s) from the file which is specified in racoon.conf(5). -d Increase the debug level. Multiple -d will increase the debug level even more. -F Run racoon in the foreground. -f configfile Use configfile as the configuration file instead of the default. -l logfile Use logfile as the logging file instead of syslogd(8). -p isakmp-port Listen to ISAKMP key exchange on port isakmp-port instead of the default port number, 500. -v The flag causes the packet dump be more verbose, with higher debugging level. -4 -6 Specifies the default address family for the sockets. racoon assumes the presence of kernel random number device rnd(4) at /dev/urandom. Informational messages are labeled info, and debugging messages are labeled debug. You have to configure syslog.conf(5) if you want to see them in a logging file. RETURN VALUES
The command exits with 0 on success, and non-zero on errors. FILES
/usr/local/v6/etc/racoon.conf default configuration file. SEE ALSO
ipsec(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8) HISTORY
The racoon command first appeared in ``YIPS'' Yokogawa IPsec implementation. KAME
November 20, 2000 KAME
Man Page