ipsec-tools/racoon/racoonctl.8

   1 .\"     $NetBSD: racoonctl.8,v 1.13 2006/09/09 16:22:10 manu Exp $
   2 .\"
   3 .\" Id: racoonctl.8,v 1.6 2006/05/07 21:32:59 manubsd Exp
   4 .\"
   5 .\" Copyright (C) 2004 Emmanuel Dreyfus
   6 .\" All rights reserved.
   7 .\"
   8 .\" Redistribution and use in source and binary forms, with or without
   9 .\" modification, are permitted provided that the following conditions
  10 .\" are met:
  11 .\" 1. Redistributions of source code must retain the above copyright
  12 .\"    notice, this list of conditions and the following disclaimer.
  13 .\" 2. Redistributions in binary form must reproduce the above copyright
  14 .\"    notice, this list of conditions and the following disclaimer in the
  15 .\"    documentation and/or other materials provided with the distribution.
  16 .\" 3. Neither the name of the project nor the names of its contributors
  17 .\"    may be used to endorse or promote products derived from this software
  18 .\"    without specific prior written permission.
  19 .\"
  20 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30 .\" SUCH DAMAGE.
  31 .\"
  32 .Dd November 16, 2004
  33 .Dt RACOONCTL 8
  34 .Os
  35 .\"
  36 .Sh NAME
  37 .Nm racoonctl
  38 .Nd racoon administrative control tool
  39 .\"
  40 .Sh SYNOPSIS
  41 .Nm
  42 reload-config
  43 .Nm
  44 show-schedule
  45 .Nm
  46 .Op Fl l Op Fl l
  47 show-sa
  48 .Op isakmp|esp|ah|ipsec
  49 .Nm
  50 flush-sa
  51 .Op isakmp|esp|ah|ipsec
  52 .Nm
  53 delete-sa
  54 .Ar saopts
  55 .Nm
  56 establish-sa
  57 .Op Fl u Ar identity
  58 .Ar saopts
  59 .Nm
  60 vpn-connect
  61 .Op Fl u identity
  62 .Ar vpn_gateway
  63 .Nm
  64 vpn-disconnect
  65 .Ar vpn_gateway
  66 .Nm
  67 show-event
  68 .Op Fl l
  69 .Nm
  70 logout-user
  71 .Ar login
  72 .\"
  73 .Sh DESCRIPTION
  74 .Nm
  75 is used to control
  76 .Xr racoon 8
  77 operation, if ipsec-tools was configured with adminport support.
  78 Communication between
  79 .Nm
  80 and
  81 .Xr racoon 8
  82 is done through a UNIX socket.
  83 By changing the default mode and ownership
  84 of the socket, you can allow non-root users to alter
  85 .Xr racoon 8
  86 behavior, so do that with caution.
  87 .Pp
  88 The following commands are available:
  89 .Bl -tag -width Ds
  90 .It reload-config
  91 This should cause
  92 .Xr racoon 8
  93 to reload its configuration file.
  94 .It show-schedule
  95 Unknown command.
  96 .It show-sa Op isakmp|esp|ah|ipsec
  97 Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs,
  98 IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
  99 Use
 100 .Fl l
 101 to increase verbosity.
 102 .It flush-sa Op isakmp|esp|ah|ipsec
 103 is used to flush all SAs if no SA class is provided, or a class of SAs,
 104 either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
 105 .It Xo establish-sa
 106 .Oo Fl u Ar username
 107 .Oc Ar saopts
 108 .Xc
 109 Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
 110 The optional
 111 .Fl u Ar username
 112 can be used when establishing an ISAKMP SA while hybrid auth is in use.
 113 .Nm
 114 will prompt you for the password associated with
 115 .Ar username
 116 and these credentials will be used in the Xauth exchange.
 117 .Pp
 118 .Ar saopts
 119 has the following format:
 120 .Bl -tag -width Bl
 121 .It isakmp {inet|inet6} Ar src Ar dst
 122 .It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port
 123 {icmp|tcp|udp|any}
 124 .El
 125 .It Xo vpn-connect
 126 .Oo Fl u Ar username
 127 .Oc Ar vpn_gateway
 128 .Xc
 129 This is a particular case of the previous command.
 130 It will establish an ISAKMP SA with
 131 .Ar vpn_gateway .
 132 .It delete-sa Ar saopts
 133 Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
 134 .It vpn-disconnect Ar vpn_gateway
 135 This is a particular case of the previous command.
 136 It will kill all SAs associated with
 137 .Ar vpn_gateway .
 138 .It show-event Op Fl l
 139 Dump all events reported by
 140 .Xr racoon 8 ,
 141 then quit.
 142 The
 143 .Fl l
 144 flag causes
 145 .Nm
 146 to not stop once all the events have been read, but rather to loop
 147 awaiting and reporting new events.
 148 .It logout-user Ar login
 149 Delete all SA established on behalf of the Xauth user
 150 .Ar login .
 151 .El
 152 .Pp
 153 Command shortcuts are available:
 154 .Bl -tag -width XXX -compact -offset indent
 155 .It rc
 156 reload-config
 157 .It ss
 158 show-sa
 159 .It sc
 160 show-schedule
 161 .It fs
 162 flush-sa
 163 .It ds
 164 delete-sa
 165 .It es
 166 establish-sa
 167 .It vc
 168 vpn-connect
 169 .It vd
 170 vpn-disconnect
 171 .It se
 172 show-event
 173 .It lu
 174 logout-user
 175 .El
 176 .\"
 177 .Sh RETURN VALUES
 178 The command should exit with 0 on success, and non-zero on errors.
 179 .\"
 180 .Sh FILES
 181 .Bl -tag -width 30n -compact
 182 .It Pa /var/racoon/racoon.sock No or
 183 .It Pa /var/run/racoon.sock
 184 .Xr racoon 8
 185 control socket.
 186 .El
 187 .\"
 188 .Sh SEE ALSO
 189 .Xr ipsec 4 ,
 190 .Xr racoon 8
 191 .Sh HISTORY
 192 Once was
 193 .Ic kmpstat
 194 in the KAME project.
 195 It turned into
 196 .Nm
 197 but remained undocumented for a while.
 198 .An Emmanuel Dreyfus Aq manu@NetBSD.org
 199 wrote this man page.