[BACK]Return to racoonctl.8 CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / racoonctl.8
Revision 1.1: download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 22:39:10 2012 UTC (12 years, 4 months ago) by misho
CVS tags: MAIN, HEAD
Initial revision

    1: .\"	$NetBSD: racoonctl.8,v 1.22 2009/03/12 14:01:09 wiz Exp $
    2: .\"
    3: .\" Id: racoonctl.8,v 1.6 2006/05/07 21:32:59 manubsd Exp
    4: .\"
    5: .\" Copyright (C) 2004 Emmanuel Dreyfus
    6: .\" All rights reserved.
    7: .\"
    8: .\" Redistribution and use in source and binary forms, with or without
    9: .\" modification, are permitted provided that the following conditions
   10: .\" are met:
   11: .\" 1. Redistributions of source code must retain the above copyright
   12: .\"    notice, this list of conditions and the following disclaimer.
   13: .\" 2. Redistributions in binary form must reproduce the above copyright
   14: .\"    notice, this list of conditions and the following disclaimer in the
   15: .\"    documentation and/or other materials provided with the distribution.
   16: .\" 3. Neither the name of the project nor the names of its contributors
   17: .\"    may be used to endorse or promote products derived from this software
   18: .\"    without specific prior written permission.
   19: .\"
   20: .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23: .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30: .\" SUCH DAMAGE.
   31: .\"
   32: .Dd March 12, 2009
   33: .Dt RACOONCTL 8
   34: .Os
   35: .\"
   36: .Sh NAME
   37: .Nm racoonctl
   38: .Nd racoon administrative control tool
   39: .\"
   40: .Sh SYNOPSIS
   41: .Nm
   42: .Op opts
   43: reload-config
   44: .Nm
   45: .Op opts
   46: show-schedule
   47: .Nm
   48: .Op opts
   49: show-sa
   50: .Op isakmp|esp|ah|ipsec
   51: .Nm
   52: .Op opts
   53: get-sa-cert
   54: .Op inet|inet6
   55: .Ar src dst
   56: .Nm
   57: .Op opts
   58: flush-sa
   59: .Op isakmp|esp|ah|ipsec
   60: .Nm
   61: .Op opts
   62: delete-sa
   63: .Ar saopts
   64: .Nm
   65: .Op opts
   66: establish-sa
   67: .Op Fl w
   68: .Op Fl n Ar remoteconf
   69: .Op Fl u Ar identity
   70: .Ar saopts
   71: .Nm
   72: .Op opts
   73: vpn-connect
   74: .Op Fl u Ar identity
   75: .Ar vpn_gateway
   76: .Nm
   77: .Op opts
   78: vpn-disconnect
   79: .Ar vpn_gateway
   80: .Nm
   81: .Op opts
   82: show-event
   83: .Nm
   84: .Op opts
   85: logout-user
   86: .Ar login
   87: .\"
   88: .Sh DESCRIPTION
   89: .Nm
   90: is used to control
   91: .Xr racoon 8
   92: operation, if ipsec-tools was configured with adminport support.
   93: Communication between
   94: .Nm
   95: and
   96: .Xr racoon 8
   97: is done through a UNIX socket.
   98: By changing the default mode and ownership
   99: of the socket, you can allow non-root users to alter
  100: .Xr racoon 8
  101: behavior, so do that with caution.
  102: .Pp
  103: The following general options are available:
  104: .Bl -tag -width Ds
  105: .It Fl d
  106: Debug mode.
  107: Hexdump sent admin port commands.
  108: .It Fl l
  109: Increase verbosity.
  110: Mainly for show-sa command.
  111: .It Fl s Ar socket
  112: Specify unix socket name used to connecting racoon.
  113: .El
  114: .\"
  115: .Pp
  116: The following commands are available:
  117: .Bl -tag -width Ds
  118: .It reload-config
  119: This should cause
  120: .Xr racoon 8
  121: to reload its configuration file.
  122: .It show-schedule
  123: Unknown command.
  124: .It show-sa Op isakmp|esp|ah|ipsec
  125: Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs,
  126: IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
  127: Use
  128: .Fl l
  129: to increase verbosity.
  130: .It get-sa-cert Oo inet|inet6 Oc Ar src dst
  131: Output the raw certificate that was used to authenticate the phase 1
  132: matching
  133: .Ar src
  134: and
  135: .Ar dst .
  136: .It flush-sa Op isakmp|esp|ah|ipsec
  137: is used to flush all SAs if no SA class is provided, or a class of SAs,
  138: either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
  139: .It establish-sa Oo Fl w Oc Oo Fl n Ar remoteconf Oc Oo Fl u Ar username \
  140: Oc Ar saopts
  141: Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
  142: The optional
  143: .Fl u Ar username
  144: can be used when establishing an ISAKMP SA while hybrid auth is in use.
  145: The exact remote block to use can be specified with
  146: .Fl n Ar remoteconf .
  147: .Nm
  148: will prompt you for the password associated with
  149: .Ar username
  150: and these credentials will be used in the Xauth exchange.
  151: .Pp
  152: Specifying
  153: .Fl w
  154: will make racoonctl wait until the SA is actually established or
  155: an error occurs.
  156: .Pp
  157: .Ar saopts
  158: has the following format:
  159: .Bl -tag -width Bl
  160: .It isakmp {inet|inet6} Ar src Ar dst
  161: .It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port
  162: {icmp|tcp|udp|gre|any}
  163: .El
  164: .It vpn-connect Oo Fl u Ar username Oc Ar vpn_gateway
  165: This is a particular case of the previous command.
  166: It will establish an ISAKMP SA with
  167: .Ar vpn_gateway .
  168: .It delete-sa Ar saopts
  169: Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
  170: .It vpn-disconnect Ar vpn_gateway
  171: This is a particular case of the previous command.
  172: It will kill all SAs associated with
  173: .Ar vpn_gateway .
  174: .It show-event
  175: Listen for all events reported by
  176: .Xr racoon 8 .
  177: .It logout-user Ar login
  178: Delete all SA established on behalf of the Xauth user
  179: .Ar login .
  180: .El
  181: .Pp
  182: Command shortcuts are available:
  183: .Bl -tag -width XXX -compact -offset indent
  184: .It rc
  185: reload-config
  186: .It ss
  187: show-sa
  188: .It sc
  189: show-schedule
  190: .It fs
  191: flush-sa
  192: .It ds
  193: delete-sa
  194: .It es
  195: establish-sa
  196: .It vc
  197: vpn-connect
  198: .It vd
  199: vpn-disconnect
  200: .It se
  201: show-event
  202: .It lu
  203: logout-user
  204: .El
  205: .\"
  206: .Sh RETURN VALUES
  207: The command should exit with 0 on success, and non-zero on errors.
  208: .\"
  209: .Sh FILES
  210: .Bl -tag -width 30n -compact
  211: .It Pa /var/racoon/racoon.sock No or
  212: .It Pa /var/run/racoon.sock
  213: .Xr racoon 8
  214: control socket.
  215: .El
  216: .\"
  217: .Sh SEE ALSO
  218: .Xr ipsec 4 ,
  219: .Xr racoon 8
  220: .Sh HISTORY
  221: Once was
  222: .Ic kmpstat
  223: in the KAME project.
  224: It turned into
  225: .Nm
  226: but remained undocumented for a while.
  227: .An Emmanuel Dreyfus Aq manu@NetBSD.org
  228: wrote this man page.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>