]>
Commit | Line | Data |
---|---|---|
1 | .\" $NetBSD: racoonctl.8,v 1.13 2006/09/09 16:22:10 manu Exp $ | |
2 | .\" | |
3 | .\" Id: racoonctl.8,v 1.6 2006/05/07 21:32:59 manubsd Exp | |
4 | .\" | |
5 | .\" Copyright (C) 2004 Emmanuel Dreyfus | |
6 | .\" All rights reserved. | |
7 | .\" | |
8 | .\" Redistribution and use in source and binary forms, with or without | |
9 | .\" modification, are permitted provided that the following conditions | |
10 | .\" are met: | |
11 | .\" 1. Redistributions of source code must retain the above copyright | |
12 | .\" notice, this list of conditions and the following disclaimer. | |
13 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
14 | .\" notice, this list of conditions and the following disclaimer in the | |
15 | .\" documentation and/or other materials provided with the distribution. | |
16 | .\" 3. Neither the name of the project nor the names of its contributors | |
17 | .\" may be used to endorse or promote products derived from this software | |
18 | .\" without specific prior written permission. | |
19 | .\" | |
20 | .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | |
31 | .\" | |
32 | .Dd November 16, 2004 | |
33 | .Dt RACOONCTL 8 | |
34 | .Os | |
35 | .\" | |
36 | .Sh NAME | |
37 | .Nm racoonctl | |
38 | .Nd racoon administrative control tool | |
39 | .\" | |
40 | .Sh SYNOPSIS | |
41 | .Nm | |
42 | reload-config | |
43 | .Nm | |
44 | show-schedule | |
45 | .Nm | |
46 | .Op Fl l Op Fl l | |
47 | show-sa | |
48 | .Op isakmp|esp|ah|ipsec | |
49 | .Nm | |
50 | flush-sa | |
51 | .Op isakmp|esp|ah|ipsec | |
52 | .Nm | |
53 | delete-sa | |
54 | .Ar saopts | |
55 | .Nm | |
56 | establish-sa | |
57 | .Op Fl u Ar identity | |
58 | .Ar saopts | |
59 | .Nm | |
60 | vpn-connect | |
61 | .Op Fl u identity | |
62 | .Ar vpn_gateway | |
63 | .Nm | |
64 | vpn-disconnect | |
65 | .Ar vpn_gateway | |
66 | .Nm | |
67 | show-event | |
68 | .Op Fl l | |
69 | .Nm | |
70 | logout-user | |
71 | .Ar login | |
72 | .\" | |
73 | .Sh DESCRIPTION | |
74 | .Nm | |
75 | is used to control | |
76 | .Xr racoon 8 | |
77 | operation, if ipsec-tools was configured with adminport support. | |
78 | Communication between | |
79 | .Nm | |
80 | and | |
81 | .Xr racoon 8 | |
82 | is done through a UNIX socket. | |
83 | By changing the default mode and ownership | |
84 | of the socket, you can allow non-root users to alter | |
85 | .Xr racoon 8 | |
86 | behavior, so do that with caution. | |
87 | .Pp | |
88 | The following commands are available: | |
89 | .Bl -tag -width Ds | |
90 | .It reload-config | |
91 | This should cause | |
92 | .Xr racoon 8 | |
93 | to reload its configuration file. | |
94 | .It show-schedule | |
95 | Unknown command. | |
96 | .It show-sa Op isakmp|esp|ah|ipsec | |
97 | Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, | |
98 | IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. | |
99 | Use | |
100 | .Fl l | |
101 | to increase verbosity. | |
102 | .It flush-sa Op isakmp|esp|ah|ipsec | |
103 | is used to flush all SAs if no SA class is provided, or a class of SAs, | |
104 | either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. | |
105 | .It Xo establish-sa | |
106 | .Oo Fl u Ar username | |
107 | .Oc Ar saopts | |
108 | .Xc | |
109 | Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. | |
110 | The optional | |
111 | .Fl u Ar username | |
112 | can be used when establishing an ISAKMP SA while hybrid auth is in use. | |
113 | .Nm | |
114 | will prompt you for the password associated with | |
115 | .Ar username | |
116 | and these credentials will be used in the Xauth exchange. | |
117 | .Pp | |
118 | .Ar saopts | |
119 | has the following format: | |
120 | .Bl -tag -width Bl | |
121 | .It isakmp {inet|inet6} Ar src Ar dst | |
122 | .It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port | |
123 | {icmp|tcp|udp|any} | |
124 | .El | |
125 | .It Xo vpn-connect | |
126 | .Oo Fl u Ar username | |
127 | .Oc Ar vpn_gateway | |
128 | .Xc | |
129 | This is a particular case of the previous command. | |
130 | It will establish an ISAKMP SA with | |
131 | .Ar vpn_gateway . | |
132 | .It delete-sa Ar saopts | |
133 | Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. | |
134 | .It vpn-disconnect Ar vpn_gateway | |
135 | This is a particular case of the previous command. | |
136 | It will kill all SAs associated with | |
137 | .Ar vpn_gateway . | |
138 | .It show-event Op Fl l | |
139 | Dump all events reported by | |
140 | .Xr racoon 8 , | |
141 | then quit. | |
142 | The | |
143 | .Fl l | |
144 | flag causes | |
145 | .Nm | |
146 | to not stop once all the events have been read, but rather to loop | |
147 | awaiting and reporting new events. | |
148 | .It logout-user Ar login | |
149 | Delete all SA established on behalf of the Xauth user | |
150 | .Ar login . | |
151 | .El | |
152 | .Pp | |
153 | Command shortcuts are available: | |
154 | .Bl -tag -width XXX -compact -offset indent | |
155 | .It rc | |
156 | reload-config | |
157 | .It ss | |
158 | show-sa | |
159 | .It sc | |
160 | show-schedule | |
161 | .It fs | |
162 | flush-sa | |
163 | .It ds | |
164 | delete-sa | |
165 | .It es | |
166 | establish-sa | |
167 | .It vc | |
168 | vpn-connect | |
169 | .It vd | |
170 | vpn-disconnect | |
171 | .It se | |
172 | show-event | |
173 | .It lu | |
174 | logout-user | |
175 | .El | |
176 | .\" | |
177 | .Sh RETURN VALUES | |
178 | The command should exit with 0 on success, and non-zero on errors. | |
179 | .\" | |
180 | .Sh FILES | |
181 | .Bl -tag -width 30n -compact | |
182 | .It Pa /var/racoon/racoon.sock No or | |
183 | .It Pa /var/run/racoon.sock | |
184 | .Xr racoon 8 | |
185 | control socket. | |
186 | .El | |
187 | .\" | |
188 | .Sh SEE ALSO | |
189 | .Xr ipsec 4 , | |
190 | .Xr racoon 8 | |
191 | .Sh HISTORY | |
192 | Once was | |
193 | .Ic kmpstat | |
194 | in the KAME project. | |
195 | It turned into | |
196 | .Nm | |
197 | but remained undocumented for a while. | |
198 | .An Emmanuel Dreyfus Aq manu@NetBSD.org | |
199 | wrote this man page. |