Annotation of embedaddon/strongswan/src/charon-cmd/charon-cmd.8.in, revision 1.1
1.1 ! misho 1: .TH CHARON\-CMD 8 "2013-06-21" "@PACKAGE_VERSION@" "strongSwan"
! 2: .SH "NAME"
! 3: charon\-cmd \- Simple IKE client (IPsec VPN client)
! 4: .SH SYNOPSIS
! 5: .B charon\-cmd
! 6: .B \-\-host
! 7: .I hostname
! 8: .B \-\-identity
! 9: .I identity
! 10: .B [ options ]
! 11: .PP
! 12: .SH "DESCRIPTION"
! 13: .B charon\-cmd
! 14: is a program for setting up IPsec VPN connections using the Internet Key
! 15: Exchange protocol (IKE) in version 1 and 2. It supports a number of different
! 16: road-warrior scenarios.
! 17: .PP
! 18: Like the IKE daemon
! 19: .BR charon ,
! 20: .B charon\-cmd
! 21: has to be run as
! 22: .B root
! 23: (or more specifically as a user with
! 24: .B CAP_NET_ADMIN
! 25: capability).
! 26: .PP
! 27: Of the following options at least
! 28: .I \-\-host
! 29: and
! 30: .I \-\-identity
! 31: are required. Depending on the selected authentication
! 32: .I profile
! 33: credentials also have to be provided with their respective options.
! 34: .PP
! 35: Many of the
! 36: .BR charon -specific
! 37: configuration options in
! 38: .I strongswan.conf
! 39: also apply to
! 40: .BR charon\-cmd .
! 41: For instance, to configure customized logging to
! 42: .B stdout
! 43: the following snippet can be used:
! 44: .PP
! 45: .EX
! 46: charon-cmd {
! 47: filelog {
! 48: stdout {
! 49: default = 1
! 50: ike = 2
! 51: cfg = 2
! 52: }
! 53: }
! 54: }
! 55: .EE
! 56: .PP
! 57: .SH "OPTIONS"
! 58: .TP
! 59: .B "\-\-help"
! 60: Prints usage information and a short summary of the available options.
! 61: .TP
! 62: .B "\-\-version"
! 63: Prints the strongSwan version.
! 64: .TP
! 65: .BI "\-\-debug " level
! 66: Sets the default log level (defaults to 1).
! 67: .I level
! 68: is a number between -1 and 4.
! 69: Refer to
! 70: .I strongswan.conf
! 71: for options that allow a more fine-grained configuration of the logging
! 72: output.
! 73: .TP
! 74: .BI "\-\-host " hostname
! 75: DNS name or IP address to connect to.
! 76: .TP
! 77: .BI "\-\-identity " identity
! 78: Identity the client uses for the IKE exchange.
! 79: .TP
! 80: .BI "\-\-eap\-identity " identity
! 81: Identity the client uses for EAP authentication.
! 82: .TP
! 83: .BI "\-\-xauth\-username " username
! 84: Username the client uses for XAuth authentication.
! 85: .TP
! 86: .BI "\-\-remote\-identity " identity
! 87: Server identity to expect, defaults to
! 88: .IR hostname .
! 89: .TP
! 90: .BI "\-\-cert " path
! 91: Trusted certificate, either for authentication or trust chain validation.
! 92: To provide more than one certificate multiple
! 93: .B \-\-cert
! 94: options can be used.
! 95: .TP
! 96: .BI "\-\-rsa " path
! 97: RSA private key to use for authentication (if a password is required, it will
! 98: be requested on demand).
! 99: .TP
! 100: .BI "\-\-p12 " path
! 101: PKCS#12 file with private key and certificates to use for authentication and
! 102: trust chain validation (if a password is required it will be requested on
! 103: demand).
! 104: .TP
! 105: .RI "\fB\-\-agent\fR[=" socket ]
! 106: Use SSH agent for authentication. If
! 107: .I socket
! 108: is not specified it is read from the
! 109: .B SSH_AUTH_SOCK
! 110: environment variable.
! 111: .TP
! 112: .BI "\-\-local\-ts " subnet
! 113: Additional traffic selector to propose for our side, the requested virtual IP
! 114: address will always be proposed.
! 115: .TP
! 116: .BI "\-\-remote\-ts " subnet
! 117: Traffic selector to propose for remote side, defaults to 0.0.0.0/0.
! 118: .TP
! 119: .BI "\-\-ike\-proposal " proposal
! 120: IKE proposal to offer instead of default. For IKEv1, a single proposal consists
! 121: of one encryption algorithm, an integrity/PRF algorithm and a DH group. IKEv2
! 122: can propose multiple algorithms of the same kind. To specify multiple proposals,
! 123: repeat the option.
! 124: .TP
! 125: .BI "\-\-esp\-proposal " proposal
! 126: ESP proposal to offer instead of default. For IKEv1, a single proposal consists
! 127: of one encryption algorithm, an integrity algorithm and an optional DH group for
! 128: Perfect Forward Secrecy rekeying. IKEv2 can propose multiple algorithms of the
! 129: same kind. To specify multiple proposals, repeat the option.
! 130: .TP
! 131: .BI "\-\-ah\-proposal " proposal
! 132: AH proposal to offer instead of ESP. For IKEv1, a single proposal consists
! 133: of an integrity algorithm and an optional DH group for Perfect Forward Secrecy
! 134: rekeying. IKEv2 can propose multiple algorithms of the same kind. To specify
! 135: multiple proposals, repeat the option.
! 136: .TP
! 137: .BI "\-\-profile " name
! 138: Authentication profile to use, the list of supported profiles can be found
! 139: in the
! 140: .B Authentication Profiles
! 141: sections below. Defaults to
! 142: .B ikev2\-pub
! 143: if a private key was supplied, and to
! 144: .B ikev2\-eap
! 145: otherwise.
! 146: .PP
! 147: .SS "IKEv2 Authentication Profiles"
! 148: .TP
! 149: .B "ikev2\-pub"
! 150: IKEv2 with public key client and server authentication
! 151: .TP
! 152: .B "ikev2\-eap"
! 153: IKEv2 with EAP client authentication and public key server authentication
! 154: .TP
! 155: .B "ikev2\-pub\-eap"
! 156: IKEv2 with public key and EAP client authentication (RFC 4739) and public key
! 157: server authentication
! 158: .PP
! 159: .SS "IKEv1 Authentication Profiles"
! 160: The following authentication profiles use either Main Mode or Aggressive Mode,
! 161: the latter is denoted with a \fB\-am\fR suffix.
! 162: .TP
! 163: .BR "ikev1\-pub" ", " "ikev1\-pub\-am"
! 164: IKEv1 with public key client and server authentication
! 165: .TP
! 166: .BR "ikev1\-xauth" ", " "ikev1\-xauth\-am"
! 167: IKEv1 with public key client and server authentication, followed by client XAuth
! 168: authentication
! 169: .TP
! 170: .BR "ikev1\-xauth\-psk" ", " "ikev1\-xauth\-psk\-am"
! 171: IKEv1 with pre-shared key (PSK) client and server authentication, followed by
! 172: client XAuth authentication (INSECURE!)
! 173: .TP
! 174: .BR "ikev1\-hybrid" ", " "ikev1\-hybrid\-am"
! 175: IKEv1 with public key server authentication only, followed by client XAuth
! 176: authentication
! 177: .PP
! 178: .SH "SEE ALSO"
! 179: \fBstrongswan.conf\fR(5), \fBipsec\fR(8)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to charon-cmd.8.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / charon-cmd