]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/racoonctl.8
b27b188a9938539fd1d488bb49035abb2c244938
[apple/ipsec.git] / ipsec-tools / racoon / racoonctl.8
1 .\" $NetBSD: racoonctl.8,v 1.13 2006/09/09 16:22:10 manu Exp $
2 .\"
3 .\" Id: racoonctl.8,v 1.6 2006/05/07 21:32:59 manubsd Exp
4 .\"
5 .\" Copyright (C) 2004 Emmanuel Dreyfus
6 .\" All rights reserved.
7 .\"
8 .\" Redistribution and use in source and binary forms, with or without
9 .\" modification, are permitted provided that the following conditions
10 .\" are met:
11 .\" 1. Redistributions of source code must retain the above copyright
12 .\" notice, this list of conditions and the following disclaimer.
13 .\" 2. Redistributions in binary form must reproduce the above copyright
14 .\" notice, this list of conditions and the following disclaimer in the
15 .\" documentation and/or other materials provided with the distribution.
16 .\" 3. Neither the name of the project nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
19 .\"
20 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 .\" SUCH DAMAGE.
31 .\"
32 .Dd November 16, 2004
33 .Dt RACOONCTL 8
34 .Os
35 .\"
36 .Sh NAME
37 .Nm racoonctl
38 .Nd racoon administrative control tool
39 .\"
40 .Sh SYNOPSIS
41 .Nm
42 reload-config
43 .Nm
44 show-schedule
45 .Nm
46 .Op Fl l Op Fl l
47 show-sa
48 .Op isakmp|esp|ah|ipsec
49 .Nm
50 flush-sa
51 .Op isakmp|esp|ah|ipsec
52 .Nm
53 delete-sa
54 .Ar saopts
55 .Nm
56 establish-sa
57 .Op Fl u Ar identity
58 .Ar saopts
59 .Nm
60 vpn-connect
61 .Op Fl u identity
62 .Ar vpn_gateway
63 .Nm
64 vpn-disconnect
65 .Ar vpn_gateway
66 .Nm
67 show-event
68 .Op Fl l
69 .Nm
70 logout-user
71 .Ar login
72 .\"
73 .Sh DESCRIPTION
74 .Nm
75 is used to control
76 .Xr racoon 8
77 operation, if ipsec-tools was configured with adminport support.
78 Communication between
79 .Nm
80 and
81 .Xr racoon 8
82 is done through a UNIX socket.
83 By changing the default mode and ownership
84 of the socket, you can allow non-root users to alter
85 .Xr racoon 8
86 behavior, so do that with caution.
87 .Pp
88 The following commands are available:
89 .Bl -tag -width Ds
90 .It reload-config
91 This should cause
92 .Xr racoon 8
93 to reload its configuration file.
94 .It show-schedule
95 Unknown command.
96 .It show-sa Op isakmp|esp|ah|ipsec
97 Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs,
98 IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
99 Use
100 .Fl l
101 to increase verbosity.
102 .It flush-sa Op isakmp|esp|ah|ipsec
103 is used to flush all SAs if no SA class is provided, or a class of SAs,
104 either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
105 .It Xo establish-sa
106 .Oo Fl u Ar username
107 .Oc Ar saopts
108 .Xc
109 Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
110 The optional
111 .Fl u Ar username
112 can be used when establishing an ISAKMP SA while hybrid auth is in use.
113 .Nm
114 will prompt you for the password associated with
115 .Ar username
116 and these credentials will be used in the Xauth exchange.
117 .Pp
118 .Ar saopts
119 has the following format:
120 .Bl -tag -width Bl
121 .It isakmp {inet|inet6} Ar src Ar dst
122 .It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port
123 {icmp|tcp|udp|any}
124 .El
125 .It Xo vpn-connect
126 .Oo Fl u Ar username
127 .Oc Ar vpn_gateway
128 .Xc
129 This is a particular case of the previous command.
130 It will establish an ISAKMP SA with
131 .Ar vpn_gateway .
132 .It delete-sa Ar saopts
133 Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
134 .It vpn-disconnect Ar vpn_gateway
135 This is a particular case of the previous command.
136 It will kill all SAs associated with
137 .Ar vpn_gateway .
138 .It show-event Op Fl l
139 Dump all events reported by
140 .Xr racoon 8 ,
141 then quit.
142 The
143 .Fl l
144 flag causes
145 .Nm
146 to not stop once all the events have been read, but rather to loop
147 awaiting and reporting new events.
148 .It logout-user Ar login
149 Delete all SA established on behalf of the Xauth user
150 .Ar login .
151 .El
152 .Pp
153 Command shortcuts are available:
154 .Bl -tag -width XXX -compact -offset indent
155 .It rc
156 reload-config
157 .It ss
158 show-sa
159 .It sc
160 show-schedule
161 .It fs
162 flush-sa
163 .It ds
164 delete-sa
165 .It es
166 establish-sa
167 .It vc
168 vpn-connect
169 .It vd
170 vpn-disconnect
171 .It se
172 show-event
173 .It lu
174 logout-user
175 .El
176 .\"
177 .Sh RETURN VALUES
178 The command should exit with 0 on success, and non-zero on errors.
179 .\"
180 .Sh FILES
181 .Bl -tag -width 30n -compact
182 .It Pa /var/racoon/racoon.sock No or
183 .It Pa /var/run/racoon.sock
184 .Xr racoon 8
185 control socket.
186 .El
187 .\"
188 .Sh SEE ALSO
189 .Xr ipsec 4 ,
190 .Xr racoon 8
191 .Sh HISTORY
192 Once was
193 .Ic kmpstat
194 in the KAME project.
195 It turned into
196 .Nm
197 but remained undocumented for a while.
198 .An Emmanuel Dreyfus Aq manu@NetBSD.org
199 wrote this man page.