Annotation of embedaddon/ipsec-tools/src/racoon/racoonctl.8, revision 1.1
1.1 ! misho 1: .\" $NetBSD: racoonctl.8,v 1.22 2009/03/12 14:01:09 wiz Exp $
! 2: .\"
! 3: .\" Id: racoonctl.8,v 1.6 2006/05/07 21:32:59 manubsd Exp
! 4: .\"
! 5: .\" Copyright (C) 2004 Emmanuel Dreyfus
! 6: .\" All rights reserved.
! 7: .\"
! 8: .\" Redistribution and use in source and binary forms, with or without
! 9: .\" modification, are permitted provided that the following conditions
! 10: .\" are met:
! 11: .\" 1. Redistributions of source code must retain the above copyright
! 12: .\" notice, this list of conditions and the following disclaimer.
! 13: .\" 2. Redistributions in binary form must reproduce the above copyright
! 14: .\" notice, this list of conditions and the following disclaimer in the
! 15: .\" documentation and/or other materials provided with the distribution.
! 16: .\" 3. Neither the name of the project nor the names of its contributors
! 17: .\" may be used to endorse or promote products derived from this software
! 18: .\" without specific prior written permission.
! 19: .\"
! 20: .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 21: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 22: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 23: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 24: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 25: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 26: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 27: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 28: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 29: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 30: .\" SUCH DAMAGE.
! 31: .\"
! 32: .Dd March 12, 2009
! 33: .Dt RACOONCTL 8
! 34: .Os
! 35: .\"
! 36: .Sh NAME
! 37: .Nm racoonctl
! 38: .Nd racoon administrative control tool
! 39: .\"
! 40: .Sh SYNOPSIS
! 41: .Nm
! 42: .Op opts
! 43: reload-config
! 44: .Nm
! 45: .Op opts
! 46: show-schedule
! 47: .Nm
! 48: .Op opts
! 49: show-sa
! 50: .Op isakmp|esp|ah|ipsec
! 51: .Nm
! 52: .Op opts
! 53: get-sa-cert
! 54: .Op inet|inet6
! 55: .Ar src dst
! 56: .Nm
! 57: .Op opts
! 58: flush-sa
! 59: .Op isakmp|esp|ah|ipsec
! 60: .Nm
! 61: .Op opts
! 62: delete-sa
! 63: .Ar saopts
! 64: .Nm
! 65: .Op opts
! 66: establish-sa
! 67: .Op Fl w
! 68: .Op Fl n Ar remoteconf
! 69: .Op Fl u Ar identity
! 70: .Ar saopts
! 71: .Nm
! 72: .Op opts
! 73: vpn-connect
! 74: .Op Fl u Ar identity
! 75: .Ar vpn_gateway
! 76: .Nm
! 77: .Op opts
! 78: vpn-disconnect
! 79: .Ar vpn_gateway
! 80: .Nm
! 81: .Op opts
! 82: show-event
! 83: .Nm
! 84: .Op opts
! 85: logout-user
! 86: .Ar login
! 87: .\"
! 88: .Sh DESCRIPTION
! 89: .Nm
! 90: is used to control
! 91: .Xr racoon 8
! 92: operation, if ipsec-tools was configured with adminport support.
! 93: Communication between
! 94: .Nm
! 95: and
! 96: .Xr racoon 8
! 97: is done through a UNIX socket.
! 98: By changing the default mode and ownership
! 99: of the socket, you can allow non-root users to alter
! 100: .Xr racoon 8
! 101: behavior, so do that with caution.
! 102: .Pp
! 103: The following general options are available:
! 104: .Bl -tag -width Ds
! 105: .It Fl d
! 106: Debug mode.
! 107: Hexdump sent admin port commands.
! 108: .It Fl l
! 109: Increase verbosity.
! 110: Mainly for show-sa command.
! 111: .It Fl s Ar socket
! 112: Specify unix socket name used to connecting racoon.
! 113: .El
! 114: .\"
! 115: .Pp
! 116: The following commands are available:
! 117: .Bl -tag -width Ds
! 118: .It reload-config
! 119: This should cause
! 120: .Xr racoon 8
! 121: to reload its configuration file.
! 122: .It show-schedule
! 123: Unknown command.
! 124: .It show-sa Op isakmp|esp|ah|ipsec
! 125: Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs,
! 126: IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
! 127: Use
! 128: .Fl l
! 129: to increase verbosity.
! 130: .It get-sa-cert Oo inet|inet6 Oc Ar src dst
! 131: Output the raw certificate that was used to authenticate the phase 1
! 132: matching
! 133: .Ar src
! 134: and
! 135: .Ar dst .
! 136: .It flush-sa Op isakmp|esp|ah|ipsec
! 137: is used to flush all SAs if no SA class is provided, or a class of SAs,
! 138: either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
! 139: .It establish-sa Oo Fl w Oc Oo Fl n Ar remoteconf Oc Oo Fl u Ar username \
! 140: Oc Ar saopts
! 141: Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
! 142: The optional
! 143: .Fl u Ar username
! 144: can be used when establishing an ISAKMP SA while hybrid auth is in use.
! 145: The exact remote block to use can be specified with
! 146: .Fl n Ar remoteconf .
! 147: .Nm
! 148: will prompt you for the password associated with
! 149: .Ar username
! 150: and these credentials will be used in the Xauth exchange.
! 151: .Pp
! 152: Specifying
! 153: .Fl w
! 154: will make racoonctl wait until the SA is actually established or
! 155: an error occurs.
! 156: .Pp
! 157: .Ar saopts
! 158: has the following format:
! 159: .Bl -tag -width Bl
! 160: .It isakmp {inet|inet6} Ar src Ar dst
! 161: .It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port
! 162: {icmp|tcp|udp|gre|any}
! 163: .El
! 164: .It vpn-connect Oo Fl u Ar username Oc Ar vpn_gateway
! 165: This is a particular case of the previous command.
! 166: It will establish an ISAKMP SA with
! 167: .Ar vpn_gateway .
! 168: .It delete-sa Ar saopts
! 169: Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
! 170: .It vpn-disconnect Ar vpn_gateway
! 171: This is a particular case of the previous command.
! 172: It will kill all SAs associated with
! 173: .Ar vpn_gateway .
! 174: .It show-event
! 175: Listen for all events reported by
! 176: .Xr racoon 8 .
! 177: .It logout-user Ar login
! 178: Delete all SA established on behalf of the Xauth user
! 179: .Ar login .
! 180: .El
! 181: .Pp
! 182: Command shortcuts are available:
! 183: .Bl -tag -width XXX -compact -offset indent
! 184: .It rc
! 185: reload-config
! 186: .It ss
! 187: show-sa
! 188: .It sc
! 189: show-schedule
! 190: .It fs
! 191: flush-sa
! 192: .It ds
! 193: delete-sa
! 194: .It es
! 195: establish-sa
! 196: .It vc
! 197: vpn-connect
! 198: .It vd
! 199: vpn-disconnect
! 200: .It se
! 201: show-event
! 202: .It lu
! 203: logout-user
! 204: .El
! 205: .\"
! 206: .Sh RETURN VALUES
! 207: The command should exit with 0 on success, and non-zero on errors.
! 208: .\"
! 209: .Sh FILES
! 210: .Bl -tag -width 30n -compact
! 211: .It Pa /var/racoon/racoon.sock No or
! 212: .It Pa /var/run/racoon.sock
! 213: .Xr racoon 8
! 214: control socket.
! 215: .El
! 216: .\"
! 217: .Sh SEE ALSO
! 218: .Xr ipsec 4 ,
! 219: .Xr racoon 8
! 220: .Sh HISTORY
! 221: Once was
! 222: .Ic kmpstat
! 223: in the KAME project.
! 224: It turned into
! 225: .Nm
! 226: but remained undocumented for a while.
! 227: .An Emmanuel Dreyfus Aq manu@NetBSD.org
! 228: wrote this man page.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to racoonctl.8 CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon