racoonctl

RACOONCTL(8)              BSD System Manager's Manual             RACOONCTL(8)

NAME

     racoonctl - racoon administrative control tool

SYNOPSIS

     racoonctl reload-config
     racoonctl show-schedule
     racoonctl [-l [-l]] show-sa [isakmp|esp|ah|ipsec]
     racoonctl flush-sa [isakmp|esp|ah|ipsec]
     racoonctl delete-sa saopts
     racoonctl establish-sa [-u identity] saopts
     racoonctl vpn-connect [-u -identity] vpn_gateway
     racoonctl vpn-disconnect vpn_gateway
     racoonctl show-event [-l]

DESCRIPTION

     racoonctl is used to control racoon(8) operation, if ipsec-tools was con-
     figured with adminport support.  Communication between racoonctl and
     racoon(8) is done through a UNIX socket. By changing the default mode and
     ownership of the socket, you can allow non root users to alter racoon(8)
     behavior, so do that with caution.

     The following commands are available:

     reload-config
             This should cause racoon(8) to reload its configuration file.
             This seems completely broken at the time this man page is writ-
             ten.

     show-schedule
             Unknown command.

     show-sa [isakmp|esp|ah|ipsec]
             Dump the SA: All the SA if no SA class is provided, or either
             ISAKMP SA, IPsec ESP SA, or IPsec AH SA, or all IPsec SA.  Use -l
             to increase verbosity.

     flush-sa [isakmp|esp|ah|ipsec]
             is used to flush all SA if no SA class is provided, or a class of
             SA, either ISAKMP SA, IPsec ESP SA, or IPsec AH SA, or all IPsec
             SA.

     establish-sa [-u username] saopts
             Establish a SA, either a ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
             The optionnal -u username can be used when establishing an ISAKMP
             SA while hybrid auth is in use.  racoonctl will prompt you for
             the password associated with username and theses credentials will
             be used in the Xauth exchange.

             saopts can have the following formats:

             isakmp {inet|inet6} src dst

             {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
               {icmp|tcp|udp|any}

     vpn-connect [-u username] vpn_gateway
             This is a particular case of the previous command. It will estab-
             lish an ISAKMP SA with vpn_gateway.

     delete-sa saopts
             Delete a SA, either a ISAKMP SA, IPsec ESP SA, or IPsec AH SA.

     vpn-disconnect vpn_gateway
             This is a particular case of the previous command. It will kill
             all SA associated with vpn_gateway.

     show-event [-l]
             Dump all events reported by racoon(8), then quit.  The -l causes
             racoonctl to not stop once all the events have been readen, but
             rather to loop awaiting and reporting new events.

     Command shortcuts are available:

     rc            reload-config

     ss            show-sa

     sc            show-schedule

     fs            flush-sa

     ds            delete-sa

     es            establish-sa

     vc            vpn-connect

     vd            vpn-disconnect

     se            show-event

RETURN VALUES

     The command should exit with 0 on success, and non-zero on errors.

FILES

     /var/racoon/racoon.sock           racoon(8) control socket.

SEE ALSO

     ipsec(4), racoon(8).

HISTORY

     Once was kmpstat(8) in the KAME project. It turned into racoonctl(8) but
     remained undocumented for a while. Emmanuel Dreyfus 〈manu@netbsd.org〉
     wrote this man page.

BSD                            November 16, 2004                           BSD