]> git.saurik.com Git - apple/ipsec.git/blame_incremental - ipsec-tools/racoon/racoonctl.8
ipsec-92.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / racoonctl.8
... / ...
CommitLineData
1.\" $NetBSD: racoonctl.8,v 1.13 2006/09/09 16:22:10 manu Exp $
2.\"
3.\" Id: racoonctl.8,v 1.6 2006/05/07 21:32:59 manubsd Exp
4.\"
5.\" Copyright (C) 2004 Emmanuel Dreyfus
6.\" All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\" 1. Redistributions of source code must retain the above copyright
12.\" notice, this list of conditions and the following disclaimer.
13.\" 2. Redistributions in binary form must reproduce the above copyright
14.\" notice, this list of conditions and the following disclaimer in the
15.\" documentation and/or other materials provided with the distribution.
16.\" 3. Neither the name of the project nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.Dd November 16, 2004
33.Dt RACOONCTL 8
34.Os
35.\"
36.Sh NAME
37.Nm racoonctl
38.Nd racoon administrative control tool
39.\"
40.Sh SYNOPSIS
41.Nm
42reload-config
43.Nm
44show-schedule
45.Nm
46.Op Fl l Op Fl l
47show-sa
48.Op isakmp|esp|ah|ipsec
49.Nm
50flush-sa
51.Op isakmp|esp|ah|ipsec
52.Nm
53delete-sa
54.Ar saopts
55.Nm
56establish-sa
57.Op Fl u Ar identity
58.Ar saopts
59.Nm
60vpn-connect
61.Op Fl u identity
62.Ar vpn_gateway
63.Nm
64vpn-disconnect
65.Ar vpn_gateway
66.Nm
67show-event
68.Op Fl l
69.Nm
70logout-user
71.Ar login
72.\"
73.Sh DESCRIPTION
74.Nm
75is used to control
76.Xr racoon 8
77operation, if ipsec-tools was configured with adminport support.
78Communication between
79.Nm
80and
81.Xr racoon 8
82is done through a UNIX socket.
83By changing the default mode and ownership
84of the socket, you can allow non-root users to alter
85.Xr racoon 8
86behavior, so do that with caution.
87.Pp
88The following commands are available:
89.Bl -tag -width Ds
90.It reload-config
91This should cause
92.Xr racoon 8
93to reload its configuration file.
94.It show-schedule
95Unknown command.
96.It show-sa Op isakmp|esp|ah|ipsec
97Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs,
98IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
99Use
100.Fl l
101to increase verbosity.
102.It flush-sa Op isakmp|esp|ah|ipsec
103is used to flush all SAs if no SA class is provided, or a class of SAs,
104either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
105.It Xo establish-sa
106.Oo Fl u Ar username
107.Oc Ar saopts
108.Xc
109Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
110The optional
111.Fl u Ar username
112can be used when establishing an ISAKMP SA while hybrid auth is in use.
113.Nm
114will prompt you for the password associated with
115.Ar username
116and these credentials will be used in the Xauth exchange.
117.Pp
118.Ar saopts
119has the following format:
120.Bl -tag -width Bl
121.It isakmp {inet|inet6} Ar src Ar dst
122.It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port
123{icmp|tcp|udp|any}
124.El
125.It Xo vpn-connect
126.Oo Fl u Ar username
127.Oc Ar vpn_gateway
128.Xc
129This is a particular case of the previous command.
130It will establish an ISAKMP SA with
131.Ar vpn_gateway .
132.It delete-sa Ar saopts
133Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
134.It vpn-disconnect Ar vpn_gateway
135This is a particular case of the previous command.
136It will kill all SAs associated with
137.Ar vpn_gateway .
138.It show-event Op Fl l
139Dump all events reported by
140.Xr racoon 8 ,
141then quit.
142The
143.Fl l
144flag causes
145.Nm
146to not stop once all the events have been read, but rather to loop
147awaiting and reporting new events.
148.It logout-user Ar login
149Delete all SA established on behalf of the Xauth user
150.Ar login .
151.El
152.Pp
153Command shortcuts are available:
154.Bl -tag -width XXX -compact -offset indent
155.It rc
156reload-config
157.It ss
158show-sa
159.It sc
160show-schedule
161.It fs
162flush-sa
163.It ds
164delete-sa
165.It es
166establish-sa
167.It vc
168vpn-connect
169.It vd
170vpn-disconnect
171.It se
172show-event
173.It lu
174logout-user
175.El
176.\"
177.Sh RETURN VALUES
178The command should exit with 0 on success, and non-zero on errors.
179.\"
180.Sh FILES
181.Bl -tag -width 30n -compact
182.It Pa /var/racoon/racoon.sock No or
183.It Pa /var/run/racoon.sock
184.Xr racoon 8
185control socket.
186.El
187.\"
188.Sh SEE ALSO
189.Xr ipsec 4 ,
190.Xr racoon 8
191.Sh HISTORY
192Once was
193.Ic kmpstat
194in the KAME project.
195It turned into
196.Nm
197but remained undocumented for a while.
198.An Emmanuel Dreyfus Aq manu@NetBSD.org
199wrote this man page.