ipsec-tools/racoon/racoonctl.8

   1 .\" $Id: racoonctl.8,v 1.2.4.2 2005/04/18 11:10:55 manubsd Exp $
   2 .\"
   3 .\" Copyright (C) 2004 Emmanuel Dreyfus
   4 .\" All rights reserved.
   5 .\"
   6 .\" Redistribution and use in source and binary forms, with or without
   7 .\" modification, are permitted provided that the following conditions
   8 .\" are met:
   9 .\" 1. Redistributions of source code must retain the above copyright
  10 .\"    notice, this list of conditions and the following disclaimer.
  11 .\" 2. Redistributions in binary form must reproduce the above copyright
  12 .\"    notice, this list of conditions and the following disclaimer in the
  13 .\"    documentation and/or other materials provided with the distribution.
  14 .\" 3. Neither the name of the project nor the names of its contributors
  15 .\"    may be used to endorse or promote products derived from this software
  16 .\"    without specific prior written permission.
  17 .\"
  18 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  21 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  28 .\" SUCH DAMAGE.
  29 .\"
  30 .Dd November 16, 2004
  31 .Dt RACOONCTL 8
  32 .Os
  33 .\"
  34 .Sh NAME
  35 .Nm racoonctl
  36 .Nd racoon administrative control tool
  37 .\"
  38 .Sh SYNOPSIS
  39 .Nm
  40 reload-config
  41 .Nm
  42 show-schedule
  43 .Nm
  44 .Op Fl l Op Fl l
  45 show-sa
  46 .Op isakmp|esp|ah|ipsec
  47 .Nm
  48 flush-sa
  49 .Op isakmp|esp|ah|ipsec
  50 .Nm
  51 delete-sa
  52 .Ar saopts
  53 .Nm
  54 establish-sa
  55 .Op Fl u Ar identity
  56 .Ar saopts
  57 .Nm
  58 vpn-connect
  59 .Op Fl u identity
  60 .Ar vpn_gateway
  61 .Nm
  62 vpn-disconnect
  63 .Ar vpn_gateway
  64 .Nm
  65 show-event
  66 .Op Fl l
  67 .\"
  68 .Sh DESCRIPTION
  69 .Nm
  70 is used to control
  71 .Xr racoon 8
  72 operation, if ipsec-tools was configured with adminport support.
  73 Communication between
  74 .Nm
  75 and
  76 .Xr racoon 8
  77 is done through a UNIX socket.
  78 By changing the default mode and ownership
  79 of the socket, you can allow non-root users to alter
  80 .Xr racoon 8
  81 behavior, so do that with caution.
  82 .Pp
  83 The following commands are available:
  84 .Bl -tag -width Ds
  85 .It reload-config
  86 This should cause
  87 .Xr racoon 8
  88 to reload its configuration file.
  89 This seems completely broken at the time this man page is written.
  90 .It show-schedule
  91 Unknown command.
  92 .It show-sa Op isakmp|esp|ah|ipsec
  93 Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs,
  94 IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
  95 Use
  96 .Fl l
  97 to increase verbosity.
  98 .It flush-sa Op isakmp|esp|ah|ipsec
  99 is used to flush all SAs if no SA class is provided, or a class of SAs,
 100 either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
 101 .It Xo establish-sa
 102 .Oo Fl u Ar username
 103 .Oc Ar saopts
 104 .Xc
 105 Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
 106 The optional
 107 .Fl u Ar username
 108 can be used when establishing an ISAKMP SA while hybrid auth is in use.
 109 .Nm
 110 will prompt you for the password associated with
 111 .Ar username
 112 and these credentials will be used in the Xauth exchange.
 113 .Pp
 114 .Ar saopts
 115 has the following format:
 116 .Bl -tag -width Bl
 117 .It isakmp {inet|inet6} Ar src Ar dst
 118 .It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port
 119 {icmp|tcp|udp|any}
 120 .El
 121 .It Xo vpn-connect
 122 .Oo Fl u Ar username
 123 .Oc Ar vpn_gateway
 124 .Xc
 125 This is a particular case of the previous command.
 126 It will establish an ISAKMP SA with
 127 .Ar vpn_gateway .
 128 .It delete-sa Ar saopts
 129 Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
 130 .It vpn-disconnect Ar vpn_gateway
 131 This is a particular case of the previous command.
 132 It will kill all SAs associated with
 133 .Ar vpn_gateway .
 134 .It show-event Op Fl l
 135 Dump all events reported by
 136 .Xr racoon 8 ,
 137 then quit.
 138 The
 139 .Fl l
 140 flag causes
 141 .Nm
 142 to not stop once all the events have been read, but rather to loop
 143 awaiting and reporting new events.
 144 .El
 145 .Pp
 146 Command shortcuts are available:
 147 .Bl -tag -width XXX -compact -offset indent
 148 .It rc
 149 reload-config
 150 .It ss
 151 show-sa
 152 .It sc
 153 show-schedule
 154 .It fs
 155 flush-sa
 156 .It ds
 157 delete-sa
 158 .It es
 159 establish-sa
 160 .It vc
 161 vpn-connect
 162 .It vd
 163 vpn-disconnect
 164 .It se
 165 show-event
 166 .El
 167 .\"
 168 .Sh RETURN VALUES
 169 The command should exit with 0 on success, and non-zero on errors.
 170 .\"
 171 .Sh FILES
 172 .Bl -tag -width 30n -compact
 173 .It Pa /var/racoon/racoon.sock No or
 174 .It Pa /var/run/racoon.sock
 175 .Xr racoon 8
 176 control socket.
 177 .El
 178 .\"
 179 .Sh SEE ALSO
 180 .Xr ipsec 4 ,
 181 .Xr racoon 8
 182 .Sh HISTORY
 183 Once was
 184 .Ic kmpstat
 185 in the KAME project.
 186 It turned into
 187 .Nm
 188 but remained undocumented for a while.
 189 .An Emmanuel Dreyfus Aq manu@NetBSD.org
 190 wrote this man page.