Annotation of embedaddon/ipsec-tools/src/racoon/racoonctl.8, revision 1.1.1.1
1.1 misho 1: .\" $NetBSD: racoonctl.8,v 1.22 2009/03/12 14:01:09 wiz Exp $
2: .\"
3: .\" Id: racoonctl.8,v 1.6 2006/05/07 21:32:59 manubsd Exp
4: .\"
5: .\" Copyright (C) 2004 Emmanuel Dreyfus
6: .\" All rights reserved.
7: .\"
8: .\" Redistribution and use in source and binary forms, with or without
9: .\" modification, are permitted provided that the following conditions
10: .\" are met:
11: .\" 1. Redistributions of source code must retain the above copyright
12: .\" notice, this list of conditions and the following disclaimer.
13: .\" 2. Redistributions in binary form must reproduce the above copyright
14: .\" notice, this list of conditions and the following disclaimer in the
15: .\" documentation and/or other materials provided with the distribution.
16: .\" 3. Neither the name of the project nor the names of its contributors
17: .\" may be used to endorse or promote products derived from this software
18: .\" without specific prior written permission.
19: .\"
20: .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30: .\" SUCH DAMAGE.
31: .\"
32: .Dd March 12, 2009
33: .Dt RACOONCTL 8
34: .Os
35: .\"
36: .Sh NAME
37: .Nm racoonctl
38: .Nd racoon administrative control tool
39: .\"
40: .Sh SYNOPSIS
41: .Nm
42: .Op opts
43: reload-config
44: .Nm
45: .Op opts
46: show-schedule
47: .Nm
48: .Op opts
49: show-sa
50: .Op isakmp|esp|ah|ipsec
51: .Nm
52: .Op opts
53: get-sa-cert
54: .Op inet|inet6
55: .Ar src dst
56: .Nm
57: .Op opts
58: flush-sa
59: .Op isakmp|esp|ah|ipsec
60: .Nm
61: .Op opts
62: delete-sa
63: .Ar saopts
64: .Nm
65: .Op opts
66: establish-sa
67: .Op Fl w
68: .Op Fl n Ar remoteconf
69: .Op Fl u Ar identity
70: .Ar saopts
71: .Nm
72: .Op opts
73: vpn-connect
74: .Op Fl u Ar identity
75: .Ar vpn_gateway
76: .Nm
77: .Op opts
78: vpn-disconnect
79: .Ar vpn_gateway
80: .Nm
81: .Op opts
82: show-event
83: .Nm
84: .Op opts
85: logout-user
86: .Ar login
87: .\"
88: .Sh DESCRIPTION
89: .Nm
90: is used to control
91: .Xr racoon 8
92: operation, if ipsec-tools was configured with adminport support.
93: Communication between
94: .Nm
95: and
96: .Xr racoon 8
97: is done through a UNIX socket.
98: By changing the default mode and ownership
99: of the socket, you can allow non-root users to alter
100: .Xr racoon 8
101: behavior, so do that with caution.
102: .Pp
103: The following general options are available:
104: .Bl -tag -width Ds
105: .It Fl d
106: Debug mode.
107: Hexdump sent admin port commands.
108: .It Fl l
109: Increase verbosity.
110: Mainly for show-sa command.
111: .It Fl s Ar socket
112: Specify unix socket name used to connecting racoon.
113: .El
114: .\"
115: .Pp
116: The following commands are available:
117: .Bl -tag -width Ds
118: .It reload-config
119: This should cause
120: .Xr racoon 8
121: to reload its configuration file.
122: .It show-schedule
123: Unknown command.
124: .It show-sa Op isakmp|esp|ah|ipsec
125: Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs,
126: IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
127: Use
128: .Fl l
129: to increase verbosity.
130: .It get-sa-cert Oo inet|inet6 Oc Ar src dst
131: Output the raw certificate that was used to authenticate the phase 1
132: matching
133: .Ar src
134: and
135: .Ar dst .
136: .It flush-sa Op isakmp|esp|ah|ipsec
137: is used to flush all SAs if no SA class is provided, or a class of SAs,
138: either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
139: .It establish-sa Oo Fl w Oc Oo Fl n Ar remoteconf Oc Oo Fl u Ar username \
140: Oc Ar saopts
141: Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
142: The optional
143: .Fl u Ar username
144: can be used when establishing an ISAKMP SA while hybrid auth is in use.
145: The exact remote block to use can be specified with
146: .Fl n Ar remoteconf .
147: .Nm
148: will prompt you for the password associated with
149: .Ar username
150: and these credentials will be used in the Xauth exchange.
151: .Pp
152: Specifying
153: .Fl w
154: will make racoonctl wait until the SA is actually established or
155: an error occurs.
156: .Pp
157: .Ar saopts
158: has the following format:
159: .Bl -tag -width Bl
160: .It isakmp {inet|inet6} Ar src Ar dst
161: .It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port
162: {icmp|tcp|udp|gre|any}
163: .El
164: .It vpn-connect Oo Fl u Ar username Oc Ar vpn_gateway
165: This is a particular case of the previous command.
166: It will establish an ISAKMP SA with
167: .Ar vpn_gateway .
168: .It delete-sa Ar saopts
169: Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
170: .It vpn-disconnect Ar vpn_gateway
171: This is a particular case of the previous command.
172: It will kill all SAs associated with
173: .Ar vpn_gateway .
174: .It show-event
175: Listen for all events reported by
176: .Xr racoon 8 .
177: .It logout-user Ar login
178: Delete all SA established on behalf of the Xauth user
179: .Ar login .
180: .El
181: .Pp
182: Command shortcuts are available:
183: .Bl -tag -width XXX -compact -offset indent
184: .It rc
185: reload-config
186: .It ss
187: show-sa
188: .It sc
189: show-schedule
190: .It fs
191: flush-sa
192: .It ds
193: delete-sa
194: .It es
195: establish-sa
196: .It vc
197: vpn-connect
198: .It vd
199: vpn-disconnect
200: .It se
201: show-event
202: .It lu
203: logout-user
204: .El
205: .\"
206: .Sh RETURN VALUES
207: The command should exit with 0 on success, and non-zero on errors.
208: .\"
209: .Sh FILES
210: .Bl -tag -width 30n -compact
211: .It Pa /var/racoon/racoon.sock No or
212: .It Pa /var/run/racoon.sock
213: .Xr racoon 8
214: control socket.
215: .El
216: .\"
217: .Sh SEE ALSO
218: .Xr ipsec 4 ,
219: .Xr racoon 8
220: .Sh HISTORY
221: Once was
222: .Ic kmpstat
223: in the KAME project.
224: It turned into
225: .Nm
226: but remained undocumented for a while.
227: .An Emmanuel Dreyfus Aq manu@NetBSD.org
228: wrote this man page.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>